I would like to add this feature to my web application, for the end users to chose the type of the authentication either (windows) or (Forms), and add it in the admin setting. This can be done by changing the authentication type programmatically in the code. how can I do this? Note: The user can use one type at time only.
View 1 Repliesi 'm working on AIRLINE RESERVATION PORTAL and it's ok how to do this ?
the user most select the number of passenger and passenger's type (Adult,Child,Infant) for example he select 2-adult,3child,1-Infant
and go next , in the next page i have to generate three type of multi application form for each passenger type
2 adult application form
3 Child application form
1 Infant application form
depend on last selected vales , to save the applications in database
I have been seeking the best way, or at least a good way, to handle Client Access for a Multi-Tenant/SaaS-type web app designed with MVC 2.There are no tricks as far as client customizations needed here. So every company will have the same experience on the app. I just need to understand how I can isolate the experience so that a logged in user only sees data relevant to his company. My tactic is that my database houses a "tenantID" column for each row so I can easily isolate the rows that way. I am wondering if the default provider using the ASPNETDB.mdf can be modified to route users to their assigned company data. I have seen examples using route paths ({tenant}/{controller}/{action}/{id}) but even those threads express doubts. So if anyone has a good method that they are comfortable with, I am all ears (or eyes).
View 5 RepliesWe have a simple ASP.NET app that uses the ASP.NET SqlMembershipProvider and all is great.
We want to create a second app on the same server, also use the SqlMembershipProvider, but a different "applicationName" so that the user accounts between the two apps are kept separate.
It looks like this would be possible by making the two different app domains (ie they each have their own web.config), but I'm hoping to just put them in different directories so I don't have 3 web.configs (one for each app, and the main one) that all have to be kept synchronized. So what I'm after is:
/web.config
/APP1 (uses membership provider in /web.config, with userlist A)
/APP2 (uses membership provider in /web.config, with userlist B)
It looks simple to define multiple membership providers that use a different 'applicationName' value.
But how do you tell the system.web.authentication node which membership provider to use?
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
We are looking to integrate Memcached into our infrastructure, but have a security concern before we do. We run several platforms including ASP.NET and ColdFusion and have many app developers working many little applications across the different platforms. The concern is this: App A places item "dog" into cache.
App B reads item "dog" (or worse: App B updates item "dog")
After this happens, App A either retrieves bad information, or has already had its information viewed, aka "stolen". What we would like to do is make it so that each app can only interact with its own sandbox, and may not interfere with or read other application's data.
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I am running Windows Server 2008, ASP.NET 3.5, IIS7 i wonder if it's IIS7 problem, or .NET Framework or even security updates problem suddenly all websites do not work, and from event viewer there're two errors
Exception: System.TypeLoadException
Message: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
StackTrace: at System.Web.Hosting.IIS7WorkerRequest.Dispose()
at System.Web.Hosting.PipelineRuntime.DisposeHandlerPrivate(HttpContext context)
at System.Web.HttpRuntime.FinishRequestNotification(IIS7WorkerRequest wr, HttpContext context, RequestNotificationStatus& status)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Faulting application w3wp.exe, version 7.0.6002.18005, time stamp 0x49e023cf, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd
it's on SP2 already
I have seen some articles about different types of authentication in online. But i have not used any thing particular.I build a web application that user can register and login an after that.In that application when the user comes to loginpage and enter the user name and password and on click of the login button,the validation is done against the data in DataBase. So i am not getting the any idea of form level authentication with the user details in the webconfig file. For what type of applications we use this type of authentication. Can anybody help to get an idea about this authentication.
View 3 RepliesHas Passport authentication been removed from ASP.NET 4? It doesn't appear in the documentation anymore, I can't find the site to download it... It seems like Windows Live ID is replacing it, is it correct?
View 2 RepliesHere's the situation, I've got a console application that needs to run once a day and make a few requests to pages that require authentication to view. The pages are hosted in a really basic ASP.Net Web Application.
So, I know that in order for the requests to go through successfully I have to authenticate with the server. So I've hooked up the console application to the ASP.Net Membership Provider I'm using for the web app and it successfully determines if a set of a credentials are valid. However, after calling Membership.ValidateUser() any requests I make just get the login screen. After doing some reading it seems that this is because I'm missing the important cookie information that persists my login or what-have-you.
I'm using a basic WebClient to make the requests and then reading/discarding the result.
So the meat of the question is this: Is there a simple way to validate the login information and hold on to it so that I can make the requests successfully, or is this the exact same case as the other two questions I found that require the WebClient to make a "manual" login request to the login.aspx page and try to hold on to the cookie from there?
The questions I'm referencing are:
Authenticating ASP.NET MVC user from a WPF application and Login to website and use cookie to get source for another page
I have authentication in my web application. I want the application to be logged in with the same credentials as of system logged in. Am able to compare the username easily, but don't know how i can compare the textbox content with logged in windows password. Am using .NET 3.5.
View 4 RepliesI am developing a web application which requires user to login. There will be N number of users using website concurrently. We have a MySQL database which will store user information like Name, User ID, Password etc. I am not able to understand on how to check username and password once they enter data using Login form which will be present in DB.
View 4 RepliesI've a project using windows authentication and it will be used in intranet. The client itself already have a web application in their intranet and they built it with Java (they used windows authentication too). The problem occur when they want my web application only appear within their application content section.
What should I do? I did think about using iframe but some people said it's evil. And if I'm going to use iframe, is it save? My web application will use a few pop up window/modal window and ajax.
I am using Windows Integrated Authentication with impersonation for all my web applications (on IIS 7 and 7.5), and everything is perfect.
Now I would like to enhance the authentication procedures bypassing the login prompt from IIS, and supplying a custom page to collect the Username + Password inputs from Users, but still mantaining the Windows Authentication support (I rely on the WindowsPrincipal in my application for many core activities).
I just would like to replace the IIS popup with my custom authentication page.
First of all I have tried to mix the WIA with Forms Authentication, but - even if I succeed in authenticating users against the Active Directory - the result is not what I was looking for, because I want to mantain Windows Authentication and not migrating the mechanism to Forms Authentication (even if implemented with the AD provider).
The first step I am trying is to use the "LogonUser" function to create the correct WindowsPrincipal and then the "Impersonate" method, but after this step I have no idea about how to persist the authentication data andor to pass the User information to the Windows Authentication. As a result, when I execute the first redirection to another page the information about the user manually logged are lost.
I have a web application that is using siteminder for authentication.
I want to redirect to application that is siteminder enabled. This application might be using site minder forms authentication.
What parameters i need to pass to that application? And what details i will need of that application.
I've encountered a problem with intranet ASP.NET Application using AD Form Authentcation. The login and authorization is built using this KB http://support.microsoft.com/kb/316748. It works fine on DEV but not in UAT and PROD.
Basically, the problem is:1. In DEV, users see login page and they enter domain user name and password and login process happens with no issue.
2. But in PROD and UAT, the same application when the users see the login page (first time) and they submit the login form no response. The login button does nothing. The user closes the browser and come back to login page and it works second time. Strange, this doesn't happen in DEV.
3. Further, on DEV by changing the LDAP path to PROD or UAT, the users can still login the first time. It's only the PROd and UAT that seems to be a problem. Not sure whether it's IIS setting or domain policy or something else.....
Not sure what's causing this issue. The only difference that I can see between DEV and UAT/PROD is:
1. DEV has no load balance but UAT and PROD has.
2. In DEV application is installed under Default Website and on PROD/UAT it's under new website.
The IIS settings has been setup as per given KB. I
I'm having trouble with accessing my webservice.
I've got a webapplication and inside this webapplication I have a webservice. An external program is going to use this webservice in the future, but for now that is not the problem. this webservice is also called from inside the webapplication. this is where the problem starts.
I keep getting this error:
The remote server returned an error: (401) Unauthorized.
I tried with imporsonate= true, but it didn't work
[Code]....
the webservice is called like this:
[Code]....
I hope some one can point me into the right direction.
I'm using iis 7.5asp.net 3.5
I'm trying to use ASP.NET WCF Authentication Service from a Winforms Application.
I am referring to this article as a tutorial.
for silverlight clients, the WCF Auth service works well.
but for Winforms Apps,
[Code]....the AuthenticationServiceClient.IsLoggedIn() always returns false even after login.
what is the cause of this and is there another approach I should take when I leverage ASP.NET authentication from Winforms?
I have one webserver alone in the network and all the users authenticate in another server. I'm trying to implement windows authentication in a application in the webserver, but every time that the page loads a login window appears exactly that the windows client was authenticated in the order server. Is It necessary both server stay in the same domain? Is there another way? Finally, I need to get the user id in the windows client, but webserver and domain server don't communicated between itself.
View 1 RepliesI have Asp.net web application with two web.config files and one will be Forms Authentication mode and other will be Windows authentication mode.When i provide username and password in my login page (for both authentications login page will be same)based on the username(from database or local domain ).. switching has to happen between these two web.config files User Aurthentication is done using WebService.
View 4 RepliesI have more then 75 web application live on multiple surver and now I want to have single login(form authentication) for all. Anonymous user can access all the network but once login, they can manipulate info across network without login again and again.
View 1 RepliesWhile running an app from the server where it is deployed the website works fine, however when trying to access it from a different machine(placed in same network), using the same credentials, it shows that I am not an authenticated user.
[code]....
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
We're developping an application that uses forms authentication and URL rewriting (www.urlrewriter.net). In order to make extension-less URL rewriting possible we had to add a default application mapping for the asp.net aspnet_isapi.dll.
The problem we're experiencing now is that when the website is accessed by http://www.myapp.com/ then the aspnet_isapi.dll gets the request and forms authentication forwards it to our login site, so the user gets redirected to http://www.myapp.com/login.aspx?ReturnUrl=%2f instead of having default.aspx displayed (which is allowed to anyone).
Here's the part of web.config dealing with forms auth:
<system.web>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
<authentication mode="Forms" >
<forms slidingExpiration="true" cookieless="UseCookies" defaultUrl="default.aspx" loginUrl="default.aspx" name="gzfb_site_test" timeout="525600"></forms>
</authentication>
</system.web>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I did quite some research on this problem but didn't find any solution. Is this scenario possible at all, or does default application mapping and forms auth using <deny users="?"/> interfere by design?
P.S. the problems only manifest when running on IIS 6, the ASP.net Development Server handles it without any problems