Security :: IIS6 User Credentials Not Passed To SQL Server?
Jan 20, 2010
I have an ASP.net 2.0 application on an IIS6 server with a second server running SQL.
The problem I have is that I can't use Integrated Windows Authentication to authenticate against the SQL server, instead the IIS passes its machine name (DOMAINMachineName$) to the SQL server. Of course I can add the necessary permissions to the machine name account on SQL, but I want to use the local user credentials in Integrated Windows Authentication to authenticate against SQL.
I have tried to find some reading/articles online but apart from a basic understanding I can't find the details I need to implement into my application. All I have found is that IIS doesn't pass the credentials onto a remote machine when using Integrated Windows Authentication, and Kerberos should be used instead. I have no experience of Kerberos or how to use it in ASP.net so I am hoping it can be done using Integrated Windows Authentication or be pointed to some good easy to understand articles on using/implementing Kerberos.
View 6 Replies
Similar Messages:
Mar 1, 2010
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 Replies
Dec 3, 2010
I am building a web application that is limited to one database, thus I cannot use the handy ASP.NET config tool. I am attempting to use SqlClient to authenticate users from a user table I added to my database. Here is the code I have thus far:
[Code]....
[Code]....
View 5 Replies
Nov 23, 2010
In my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....
View 1 Replies
Feb 1, 2011
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
View 1 Replies
Feb 5, 2010
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
View 15 Replies
Oct 8, 2010
i'm wondering is there a way that i can add my configuration User to a specific role ?
so i have this in my web.config file
<forms loginUrl="/Account/Login.aspx">
View 1 Replies
Mar 3, 2010
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
View 1 Replies
Dec 20, 2010
[Code]....
View 4 Replies
Mar 15, 2010
I need to pass specific user credentials to a .svc so it can be used to open a server. The code in my .svc is as follows
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string OpenServer()
{
RFCOMAPILib.FaxServer objFaxServer;
NameValueCollection appSettings = ConfigurationManager.AppSettings;
sFAXServerName = appSettings["FAXServer"];
objFaxServer.OpenServer();
}
View 1 Replies
Apr 1, 2011
We have an ASP.NET / Silveright web application. The silverlight client displays user specific data in a graphical form - it requests the data from the server: Problem: Getting this data is expensive, due to the underlying database queries that the server has to perform - so the client has to wait... Optimisation Idea: We run the database queries at regular intervals on the server, writing the results to a 'userdata' table in a database 'close' to where the ASP.NET server runs. The process of running the queries and writing the data to the tables is performed by a 'data collection' service, which is separated from the ASP.NET server.
When the client requests data the server retrieves it from a 'userdata' table. This should be nice and quick - we probably have the 'userdata' tables on the same machine as the ASP.NET server. We also have the added benefit that the client sees data even if the underlying database is offline. Of course the data is not live - but all data is potentially old as soon as it reaches the client. So now my Problem: The 'data collection' service needs the user credentials in order to perform these database queries (because each user gets different results for the same query).
How can I store user credentials in a database, in an acceptable 'secure' way? Such that the 'data collection' can impersonate a user to perform the database queries. Our initial scenario is based upon using windows integrated login to the database.
View 1 Replies
Jul 31, 2010
I am having an issue with IIS6 and intergrated windows authentication that is driving me nuts, and I am hoping one of you guys can point me in the right direction.
I have written an ASP.net 3.5 application, and have installed it on a Windows 2003 R2 SP2. I have turned on intergrated windows authentication on, turned off anonymous access. using local host on the server itself I have no problems, it works, picks up the NTlogin.
However when I go to a clients machine (logged in as one of the users of the domain) and try to access the website
http://10.1.1.22/ I get asked for a username and password. If i enter a valid user name and password then I have no probelms. The NTlogin is picked up, application works.
But my issue is why does it come up with a username and password at all? shouldn't it just know this user is already in the domain, just go straight through to iis? how can i get rid of this? I have read multiple forums about server delegation etc... metabase.xml... nothing seems to work
View 4 Replies
Dec 14, 2010
We are migrating an existing asp.net application from Windows Server 2003 with IIS6 to windows server 2008 with IIS7.
we use System.Net.CredentialCache.DefaultCredentials to pass the user credential to a web service. It is working fine with the old environment but with the new one we got "The request failed with HTTP status 401: Unauthorized." error.
How can I fix this problem with IIS7?
View 1 Replies
Jan 27, 2010
When I run a site I built in Visual Web Developer, the default page is a login page with the asp.net login control, that redirects to another page. Works fine in the built in dev server. When I deploy to iis 6 and login, it doesnt redirect or anything. It just keeps saying the login was unsuccessful. I don't think its even checking the aspnetdb in the app data folder under iis. Both the dev page and the real page show under intranet in ie8, so I wouldn't think its treating the sites with different security settings. Doesnt the asp.net login control use javascript?
View 5 Replies
Jun 22, 2010
I have to post my request to the web page [URL] and this require 3 credentials namely account id ,username and password and i have to pass the some data for the fields in the page
View 3 Replies
Feb 4, 2010
I am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.
View 3 Replies
Mar 10, 2011
I haven't used these in awhile. I was just wondering is it possible to pass values or parameters to a user control from the aspx page. Say you register a control and then use it using something like
<uc1:SampleUserControl id="SampleUserControl1" runat="server"></uc1:SampleUserControl>
style syntax. Can you pass parameters in there?
View 2 Replies
Dec 9, 2010
Need to recognize that the username and password are being passed in the query string before generating the out put of aspx page.
Actually i wanna block unauthorized acces of my aspx page. That's why i set login.
My Login.aspx code is :
[Code]....
So URL
http://myyyysite.com/page.aspx?username=hhhhh&password=ppppp
Asp will need to recognize that the username and password are being passed in the query string before generating ouput of page
View 5 Replies
Apr 12, 2010
have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
View 3 Replies
Feb 8, 2010
Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
View 2 Replies
Apr 1, 2010
We're developping an application that uses forms authentication and URL rewriting (www.urlrewriter.net). In order to make extension-less URL rewriting possible we had to add a default application mapping for the asp.net aspnet_isapi.dll.
The problem we're experiencing now is that when the website is accessed by http://www.myapp.com/ then the aspnet_isapi.dll gets the request and forms authentication forwards it to our login site, so the user gets redirected to http://www.myapp.com/login.aspx?ReturnUrl=%2f instead of having default.aspx displayed (which is allowed to anyone).
Here's the part of web.config dealing with forms auth:
<system.web>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
<authentication mode="Forms" >
<forms slidingExpiration="true" cookieless="UseCookies" defaultUrl="default.aspx" loginUrl="default.aspx" name="gzfb_site_test" timeout="525600"></forms>
</authentication>
</system.web>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I did quite some research on this problem but didn't find any solution. Is this scenario possible at all, or does default application mapping and forms auth using <deny users="?"/> interfere by design?
P.S. the problems only manifest when running on IIS 6, the ASP.net Development Server handles it without any problems
View 2 Replies
Nov 23, 2010
I have a HyperLink column in a gridview that when clicked should navigate the user to another page. I pass parameters to the page using a querystring. i want to encrypte the querystring when it passed to another page
View 1 Replies
Mar 22, 2010
If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
View 2 Replies
Jul 20, 2010
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
View 9 Replies
Aug 11, 2010
PrincipalContext.validatecredentials(username, password);
Takes more time and high cpu usage to validate.
Is there any alternative way to validate credentials or any way to reduce the load and time?
View 2 Replies