Security :: IIS6 User Credentials Not Passed To SQL Server?

Jan 20, 2010

I have an ASP.net 2.0 application on an IIS6 server with a second server running SQL.

The problem I have is that I can't use Integrated Windows Authentication to authenticate against the SQL server, instead the IIS passes its machine name (DOMAINMachineName$) to the SQL server. Of course I can add the necessary permissions to the machine name account on SQL, but I want to use the local user credentials in Integrated Windows Authentication to authenticate against SQL.

I have tried to find some reading/articles online but apart from a basic understanding I can't find the details I need to implement into my application. All I have found is that IIS doesn't pass the credentials onto a remote machine when using Integrated Windows Authentication, and Kerberos should be used instead. I have no experience of Kerberos or how to use it in ASP.net so I am hoping it can be done using Integrated Windows Authentication or be pointed to some good easy to understand articles on using/implementing Kerberos.

View 6 Replies


Similar Messages:

Security - Secure Way To Validate The User's Credentials Against AD?

Mar 1, 2010

In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?

View 3 Replies

Security :: How To Use SqlClient To Verify User Credentials

Dec 3, 2010

I am building a web application that is limited to one database, thus I cannot use the handy ASP.NET config tool. I am attempting to use SqlClient to authenticate users from a user table I added to my database. Here is the code I have thus far:

[Code]....

[Code]....

View 5 Replies

Security :: Creating New User Changes Logged In Credentials

Nov 23, 2010

In my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....

View 1 Replies

Security :: LDAP Throws Invalid Credentials With Valid Credentials Supplied?

Feb 1, 2011

I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:

I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.

Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.

Here's the code, with the usernames and passwords redacted, of course...

[Code]....

View 1 Replies

Security :: Get The System To Actually Prompt The User To Login With Credentials?

Feb 5, 2010

I am the web developer at a medical clinic. I have 2 scenarios going on:

First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:

Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes

The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.

Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?

View 15 Replies

Security :: How To Add Configured Credentials User To A Specific Group

Oct 8, 2010

i'm wondering is there a way that i can add my configuration User to a specific role ?

so i have this in my web.config file

<forms loginUrl="/Account/Login.aspx">

View 1 Replies

Security :: Passing User Credentials To WCV Service Hosted In IIS?

Mar 3, 2010

I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?

View 1 Replies

Security :: Haw To Provide On Credentials Page A User Name And Password If Use Windows Authentication

Dec 20, 2010

[Code]....

View 4 Replies

Specific User Credentials To A .svc So Can Be Used To Open A Server

Mar 15, 2010

I need to pass specific user credentials to a .svc so it can be used to open a server. The code in my .svc is as follows

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string OpenServer()
{
RFCOMAPILib.FaxServer objFaxServer;
NameValueCollection appSettings = ConfigurationManager.AppSettings;
sFAXServerName = appSettings["FAXServer"];
objFaxServer.OpenServer();
}

View 1 Replies

Save User Credentials On Server For Running Queries In Background?

Apr 1, 2011

We have an ASP.NET / Silveright web application. The silverlight client displays user specific data in a graphical form - it requests the data from the server: Problem: Getting this data is expensive, due to the underlying database queries that the server has to perform - so the client has to wait... Optimisation Idea: We run the database queries at regular intervals on the server, writing the results to a 'userdata' table in a database 'close' to where the ASP.NET server runs. The process of running the queries and writing the data to the tables is performed by a 'data collection' service, which is separated from the ASP.NET server.

When the client requests data the server retrieves it from a 'userdata' table. This should be nice and quick - we probably have the 'userdata' tables on the same machine as the ASP.NET server. We also have the added benefit that the client sees data even if the underlying database is offline. Of course the data is not live - but all data is potentially old as soon as it reaches the client. So now my Problem: The 'data collection' service needs the user credentials in order to perform these database queries (because each user gets different results for the same query).

How can I store user credentials in a database, in an acceptable 'secure' way? Such that the 'data collection' can impersonate a user to perform the database queries. Our initial scenario is based upon using windows integrated login to the database.

View 1 Replies

Security :: IIS6 And Intergrated Windows Authentication

Jul 31, 2010

I am having an issue with IIS6 and intergrated windows authentication that is driving me nuts, and I am hoping one of you guys can point me in the right direction.

I have written an ASP.net 3.5 application, and have installed it on a Windows 2003 R2 SP2. I have turned on intergrated windows authentication on, turned off anonymous access. using local host on the server itself I have no problems, it works, picks up the NTlogin.

However when I go to a clients machine (logged in as one of the users of the domain) and try to access the website
http://10.1.1.22/ I get asked for a username and password. If i enter a valid user name and password then I have no probelms. The NTlogin is picked up, application works.

But my issue is why does it come up with a username and password at all? shouldn't it just know this user is already in the domain, just go straight through to iis? how can i get rid of this? I have read multiple forums about server delegation etc... metabase.xml... nothing seems to work

View 4 Replies

Security :: DefaultCredentials Working On IIS6 But Not IIS7?

Dec 14, 2010

We are migrating an existing asp.net application from Windows Server 2003 with IIS6 to windows server 2008 with IIS7.

we use System.Net.CredentialCache.DefaultCredentials to pass the user credential to a web service. It is working fine with the old environment but with the new one we got "The request failed with HTTP status 401: Unauthorized." error.

How can I fix this problem with IIS7?

View 1 Replies

Security :: Login Control Redirect On Iis6?

Jan 27, 2010

When I run a site I built in Visual Web Developer, the default page is a login page with the asp.net login control, that redirects to another page. Works fine in the built in dev server. When I deploy to iis 6 and login, it doesnt redirect or anything. It just keeps saying the login was unsuccessful. I don't think its even checking the aspnetdb in the app data folder under iis. Both the dev page and the real page show under intranet in ie8, so I wouldn't think its treating the sites with different security settings. Doesnt the asp.net login control use javascript?

View 5 Replies

Security :: How To Set 3 Credentials For Login

Jun 22, 2010

I have to post my request to the web page [URL] and this require 3 credentials namely account id ,username and password and i have to pass the some data for the fields in the page

View 3 Replies

Security :: Credentials On A Web Page?

Feb 4, 2010

I am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.

View 3 Replies

Can Values Or Parameters Be Passed Into User Control

Mar 10, 2011

I haven't used these in awhile. I was just wondering is it possible to pass values or parameters to a user control from the aspx page. Say you register a control and then use it using something like

<uc1:SampleUserControl id="SampleUserControl1" runat="server"></uc1:SampleUserControl>

style syntax. Can you pass parameters in there?

View 2 Replies

Security :: Username And Password Are Being Passed In The Query String

Dec 9, 2010

Need to recognize that the username and password are being passed in the query string before generating the out put of aspx page.

Actually i wanna block unauthorized acces of my aspx page. That's why i set login.

My Login.aspx code is :

[Code]....

So URL

http://myyyysite.com/page.aspx?username=hhhhh&password=ppppp

Asp will need to recognize that the username and password are being passed in the query string before generating ouput of page

View 5 Replies

Security :: How To Provide Credentials To A Web Service

Apr 12, 2010

have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed

View 3 Replies

Security :: Specify Credentials To Test A Web Page ?

Feb 8, 2010

Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.

View 2 Replies

Security :: Forms Authentication And IIS6 Default Application Mapping?

Apr 1, 2010

We're developping an application that uses forms authentication and URL rewriting (www.urlrewriter.net). In order to make extension-less URL rewriting possible we had to add a default application mapping for the asp.net aspnet_isapi.dll.

The problem we're experiencing now is that when the website is accessed by http://www.myapp.com/ then the aspnet_isapi.dll gets the request and forms authentication forwards it to our login site, so the user gets redirected to http://www.myapp.com/login.aspx?ReturnUrl=%2f instead of having default.aspx displayed (which is allowed to anyone).

Here's the part of web.config dealing with forms auth:

<system.web>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
<authentication mode="Forms" >
<forms slidingExpiration="true" cookieless="UseCookies" defaultUrl="default.aspx" loginUrl="default.aspx" name="gzfb_site_test" timeout="525600"></forms>
</authentication>
</system.web>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

I did quite some research on this problem but didn't find any solution. Is this scenario possible at all, or does default application mapping and forms auth using <deny users="?"/> interfere by design?

P.S. the problems only manifest when running on IIS 6, the ASP.net Development Server handles it without any problems

View 2 Replies

Security :: How To Encrypt The Query String When Passed To Another Pages And Decrypt

Nov 23, 2010

I have a HyperLink column in a gridview that when clicked should navigate the user to another page. I pass parameters to the page using a querystring. i want to encrypte the querystring when it passed to another page

View 1 Replies

Getting User Credentials Windows Authentication?

Mar 22, 2010

If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?

View 2 Replies

Security :: Windows Authentication And Still Asking For Login Credentials?

Jul 20, 2010

I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.

View 9 Replies

Security :: Validate Credentials Takes More Time?

Aug 11, 2010

PrincipalContext.validatecredentials(username, password);

Takes more time and high cpu usage to validate.

Is there any alternative way to validate credentials or any way to reduce the load and time?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved