I am building a web application that is limited to one database, thus I cannot use the handy ASP.NET config tool. I am attempting to use SqlClient to authenticate users from a user table I added to my database. Here is the code I have thus far:
[Code]....
[Code]....
I have a requirement to develop an application in Excel VBA to talk to an MSSQL database.The client wants a login facility for a number of named users - I am going to setup these users in the aspnet tables in my database (aspnet_users, aspnet_membership etc).There is no facility in VBA to do automatic verification of a users credentials like there is in ASP.Net so I have developed a simple login form for the user to enter their username and password and send these to a stored procedure in the database. I am looking for a stored procedure that implements the ASP.Net hashing routine to convert the user supplied password into the same format as the database stored password so I can compare and return a true or false.
View 1 RepliesHow to verify users login credentials using users login credentials of user's gmail account (like in stackoverflow on clicking gmail it takes to gmail login page and gmail verifies the user)
View 1 RepliesFor our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access.
So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table:
[Code]....
The problem is the password value, does anyone know how the password it is hashed?
I am useing sql and vwd.
i created the db on sql and used database explorer to connect it to vwd.
it keeps failing at step 5 (con.open())
i think i listed all relevant code, but if i missed something let me know and ill post it.
what am i missing.
[code]....
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 RepliesIn my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
i'm wondering is there a way that i can add my configuration User to a specific role ?
so i have this in my web.config file
<forms loginUrl="/Account/Login.aspx">
I have an ASP.net 2.0 application on an IIS6 server with a second server running SQL.
The problem I have is that I can't use Integrated Windows Authentication to authenticate against the SQL server, instead the IIS passes its machine name (DOMAINMachineName$) to the SQL server. Of course I can add the necessary permissions to the machine name account on SQL, but I want to use the local user credentials in Integrated Windows Authentication to authenticate against SQL.
I have tried to find some reading/articles online but apart from a basic understanding I can't find the details I need to implement into my application. All I have found is that IIS doesn't pass the credentials onto a remote machine when using Integrated Windows Authentication, and Kerberos should be used instead. I have no experience of Kerberos or how to use it in ASP.net so I am hoping it can be done using Integrated Windows Authentication or be pointed to some good easy to understand articles on using/implementing Kerberos.
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
View 1 Replies[Code]....
View 4 RepliesI looked at this site: [URL]
But does not check for all the cards, in addition, my credit card and write the force that does not exist.
How do you use to verify credit cards, which is the best?
I posted this previously but it ended up in Languages/C# rather than here. I'm not sure if I chose the wrong forum or the admin moved it. I wanted it in here so I'm re-posting it:
I have an APK file (android application archive, same as JAR file format) that I need to determine whether or not is signed, and if so, extract the certificate info.
The JDK provides a command line tool to do this:
jarsigner -verbose -certs -verify file.apk
I'm trying to determine if there's a way using the Security classes to accomplish the same thing in C# code.
I've researched the System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. error.
So far all the suggestions indicate either a custom assembly that needs a permission change (I don't have any custom assemblies) or requires a setting change on the server (I'm not the admin). This is for a ReportViewer app using RDLC files. So my questions are: Are there any other things to try troubleshooting?
I'm a complete newb at attempting to understand (I don't) what I've read on this subject regarding the server admin part. What do I need to tell the server admin to check out and/or change? I've looked at the commonly referenced post on wss_mediumtrust.config (I have no idea what that is). Post link. But with no clue on what the post is talking about I don't know what to ask the admin for.
I have to post my request to the web page [URL] and this require 3 credentials namely account id ,username and password and i have to pass the some data for the fields in the page
View 3 RepliesI am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.
View 3 Replieshave been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
View 3 RepliesIs there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
View 2 RepliesIf a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
View 2 RepliesI have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
View 9 RepliesPrincipalContext.validatecredentials(username, password);
Takes more time and high cpu usage to validate.
Is there any alternative way to validate credentials or any way to reduce the load and time?
We have an IIS/ASP web page from a vendor that we have just dropped onto a webserver within our company. The ASP pages do not come with any sort of authentication built in, so I am trying to configure the site to prompt for credentials before being accessible. I would like the site to prompt for the credentials in all cases (ie. I don't want Internet Explorer to pass through the credentials of the logged in user). I want authorization to this site to be allowed only to members of a certain security group with Active Directory.
Is there a way to do this? I'm not really an IIS guy, nor an ASP developer, so I'm kind of feeling my way through the dark here.
Based on some searching, I have tried adding the following to the web.config file:
[Code]....
I have also installed the IIS URL authorization role service, and have tried playing around with the authentication settings within IIS, to no avail.
I am using IIS7 on Server 2008.
