Security :: Pass User Between Two Different Apps/websites/projects?
Feb 3, 2010
We have two different websites that run two seperate web sites (a backend and a front end) for our peice of software. The way we do our authentication is to put the user id into the session when the user logs in, all the pages on the site inherit from one base page if this base page cannot find this value in session it kicks the user out to the login screen.
What we want to be able to do is have a link on the front end after the user logs in and when they click on it it takes them(redirects them) to the back end. However I cannot think about how to do this in a secure and sensible way. I did think of putting the users username and password dynamically generated into the hyperlink that takes them from the front end to the back end. Would this be advisable. It will be clear text but then again we done use ssl in any case just plain forms authentication. I mean I will hash the values anyway but still be sending them. I suppose is there a way to share a session across two app domain without too much dificulty?
View 2 Replies
Similar Messages:
Oct 5, 2010
I have spent hours on the forum trying to find this answer. I have a requirement on a project. There is an internal (intranet employees only) site which has much more control over the data etc. and i have an external site (to allow customers to enter usage data). I am using forms auth and hitting a common sql server 2008 db with the standard aspnet schema. I have an internal web server and an external web server both windows 2003. The problem that i am having is that if you are logged into the external site and then open a new ie window and enter into the internal site, even as a different user it logs you out of the external and vice versa. I don't have access to update the machine config.
I started out as a single app in the db but now have seperated into 2 apps and i am able to log in as an external admin and see only the external users and vice versa. Creating a seperate security only db for the external app is not an option because i have a I have the application name listed in the web.config for both internal and external which matches the app name in the aspnet_applications table.
external app
[Code]....
[Code]....
View 2 Replies
Feb 23, 2010
i'm facing a problem with transfering data between two web applicatins on two different servers. For example on page A
I have a login box with LoginName textbox and Password textbox and Login button. What I am trying to achieve is that when i press Login button I will transfer data from Login and Password textboxes to page B and .net code on page B will try to validate the logging user. I was trying code like this but it won't works on page A
[Code]....
and on page B in Page_Load event
[Code]....
I was thinking of using Web Service between these apps, however i am not certain that it will works.
View 12 Replies
Sep 7, 2010
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?
View 5 Replies
Oct 9, 2010
i want to use MVC 2 actions to pass JSON data to a 3rd party application via a URL.The URL will be in the form of http://www.abc.com/controller/action..I am using JSonResultHow can i test the output of this URL to ensure the JSON is properly formed..
View 2 Replies
Sep 15, 2010
I use a class method that looks something like this to check for user and pass at login:
[Code]....
and I just wanted to ask, if there is a shorter/faster way (the user table is on an SQL Server? Also is this way secure?Note: I set the collation for the password field on the SQL Server to be case sensitive so I don't have to account for it in the code.
View 7 Replies
Jun 17, 2010
got [URL] - two separate apps in IIS.
Want the forms based auth to persist (they use the same database for membership)
I tried to simply add a "." before the domain name in the forms tags (see below for example) - but this didn't work - it acutally prevented me from logging in at all. how i can persist the login? Does the admin need the same values for "name", "path" and "domain" as the main site?
[code]....
View 1 Replies
Jan 31, 2011
I just moved to a new PC and installed VS 2010. I copied all of my websites over from the old machine and now when I open the old websites on the new machine, they do not show up in my recent projects list on the start page. New websites that I make do show up there but the old ones do not. This is very inconvenient. Is there a way to make old projects that I open show up in the list?
This brings up another question. Is there a way to make a shortcut that will open VS2010 up with a website already loaded so that I don't have to go through the file open dialog every time?
View 3 Replies
Jul 29, 2010
I've seen some teams that start breaking into multiple projects from the beginning and others build behemoth single projects. The large project teams say that one massive project is easier to maintain than multiple smaller projects.
View 4 Replies
Nov 1, 2010
I need to create a sample project (for educational purposes) and I'm faced with the choice between Web Site Projects or Web Application Projects. This feels similar to the choice between C# and VB. My question isn't about the differences between these 2 choices, but rather which is more popular (relevant, recognizable) to the general ASP.NET community.Has anyone seen any statistics in terms of adoption/usage of these 2 different project types? What project type should I use to reach the widest audience?Update: I created a poll on this subject - http://poll.fm/2e6cy
View 4 Replies
Jun 7, 2010
I have a multi-tiered application. I would like to publish the class libraries to UI developers to let them add to their web or windows projects to add all the functionality.
I would like to restrict access so only a certain project can be referenced. The reason is so that they do not refer to the data access layer directly and start making calls that would bypass the business logic built into the business tier.
UI->>Business Logic->>Data Access
So in other words, BL and DA are deployed as compiled assemblies. BL references DA. UI will reference BL, but I would like to strictly prevent any other project from referencing DA directly.
View 1 Replies
Feb 2, 2011
Is there a way to share user controls between various projects ?
I have created user controls like login control, menu control, header control, lost password control and etc and they are all connected to sql database for data.
I would like to share these between various web site projects, it means I have same functionality and the only modifications I can do is within CSS styles.
Do I need to copy modules or is there a way to keep them as shared classes/modules and call what I need every time I need it?
View 1 Replies
Jan 10, 2010
I'm not sure how much of a novice-level question this is. But it seems a fairly basic and common task. So here goes...
I am building a web application that will require some pages, but not all, to use a SSL (https:). How do I designate a particular page to be one or the other? Or do I need to create two separate projects and just have them pass the user back and forth as needed?
I am using Visual Studio 2008, with the Web Site Administration Tool handling users and roles. However I will also be handling very secure data such as social security numbers and the like.
View 1 Replies
Nov 5, 2010
How do you compare the security of websites built in ASP.NET with other websites bulit in other technologies such as Ruby on Rails, PHP..?
View 3 Replies
May 27, 2010
Initially, in my solution I had one project, and had set up all that is required for asp.net security, and that includes users and roles and access rules, etc. All of that was and still is working fine.
Now I added another project to my solution, and my first project points to pages in the second project.
The problem is that it seems like the users and roles are not being transferred accross projects. Not sure if I am explaining my problem correctly...if not, feel free to ask...
Its my first time trying to manage users and roles accross projects within a solution.
View 1 Replies
Jul 28, 2010
I need to be able to create and manage users and what sites they can access in IIS. For instance, I dont want user A touching user B's site.
I do not want to enable users to log in to the webserver via remote desktop.
View 5 Replies
Jun 1, 2010
I have 2 web sites both located physically on the same web server, I'll call them siteA and siteB. These sites are accessed by internal users on our intranet as well as external users on the internet.
SiteA is is setup on IIS6 using basic authentication which we connect to an active directory. The web config is set to use Windows authentication mode. The url to site a is etoolbox.xxx.yyy
SiteB is the same setup. The url to siteB is rdow.xxx.yyy
What I want is once the user is authenticated against the active directory when the login to SITEA for them to be able to click the url in siteA which opens SiteB in a separate browser window and automatically takes them to the welcome page without being prompted for credentials again.
Currently when clicking on the url to go to siteB I am being prompted again for my credentials.
Is there any way for both external and internal users to only be prompted once for their active directory credentials and then be able to go to whatever site they want to without be prompted for credentials again? Is this something I have to code for or is it handled automatically by IIS?
View 3 Replies
Feb 10, 2010
i have 2 websites, website1 has window.open link to the website2, authentication is forms (and windows but in web.config is set to forms) for both websites, when i click on the link and debug Request.IsAuthenticated should be true or false? both applications are running on the same machine
View 2 Replies
Aug 3, 2010
I have created an xml file. and I want only some websites that I have chosen to reach this file and view the datas of this xml file on their sites.
How can I do that? How can I give permission to some sites for and xml file?
View 5 Replies
Oct 7, 2010
I am using Form Based Authentication in my application. I am using standard method to create FormsAuthentication cookie using
FormsAuthentication.SetAuthCookie('username', boolRememberMe)
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1,
username, DateTime.Now, DateTime.Now.AddMinutes(60),
remember, UserObject.Entity.UserName);
When clicked on particular URL, i need to pass whether user has checked REMEMBER ME CHECKBOX while logging in. How can I determine this using FOrmsAuthentication mechanism?
View 3 Replies
Oct 15, 2010
the account we use to copy/publish websites to our web server is not allowing us access to push websites. I've added this account to the permissions in the links listed in the below link, but i don't have success when trying to push remotely. When the account is in the local admins account, everything works flawlessly, but we are not allowed to have it in there. http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/31be047e-4716-4974-b8a1-be0111b50199 I've googled and searched a lot for this particular error, but am not finding an answer that helps. We get this error, 'Unable to create the Web 'http://edea01/test/planning'. You are not authorized to perform the current operation', and the above link is the scenario that matches mine the most. I don't do develompment work, but am asked to figure out this connection problem.
View 3 Replies
Jul 5, 2010
I have a scenario with three applications:
1) Portal: where user executes login
2) Site1: after login at "Portal" user is able to use Site1
3) Site2: after login at "Portal" user is able to use Site2
I just need to execute a validation in Site1 and Site2, to validate if they (users) did login at Portal1.
Something like (in site1 main page page_load).
{
if (notFromPortal)
{
//redirect to Denied.apx
}
}
How can I do this in a simple way? With cookies? Does somebody have a url with sample?
My security requirements are almost zero. I just wanna prevent that user put a url from Site2 in browser and see a Site2 page.
View 1 Replies
Dec 10, 2010
I have a piece of code that is just HTML. It was previously created as a user control. Within the application i'm working with there are two seperate websites that are interlinked to make one website. There is a documents section where users do not need to login and a data section where users need to login. The design was implemented long before I was hired. My problem is I want to use the code from the documents website with the data website but I can't seem to register the control. I only one this piece of code in one place so when it is updated it doesn't have to be in multiple places. I tried setting "src=http://website/doc/doc.ascx" but this errors out saying
<%@ Register Src="http://website/doc/doc.ascx" TagName="docs" TagPrefix="temp" %>
Parser Error Message: The file '/documents/http://website/doc/doc.ascx' does not exist.
It adds the directory as part of the src. How can I have it point to this location http://website/doc/doc.ascx ?
View 7 Replies
Apr 14, 2010
I am currently working on a project which involves three different websites with a lot of common functionality. At the moment the common functionality is placed in a different website full of user controls.
The problem is sharing the user controls across the multiple websites. Looking around on SO and other websites, the only solution seems the be using virtual directories. As this is a workable solution (we us this at the moment) it doesn't seem as a "clean" solution.
Which "best practices" exist on sharing common functionality (including the GUI/HTML) between different site?
Is it (for example) possible to create a single Web Application project and deploy subdirectories (each with their own web.config) to different production environments?
View 3 Replies
Dec 21, 2010
Basically what I am trying to do is have my webpage project folder located directly on my local machine (ex. Local #1). Our database is located on a server (ex. Server #1) . I am building my web applications on my local machine and then trying to debug them in Visual Studio 2008. Only every single time I click to debug my project I get a "Security Exception" error that looks something like the following...
"Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."
I'm somewhat leaning towards the fact that I need to connect to the database to pull information from it and I don't have the proper permissions is the reason why this is happening but I've also read that it can be something that deals with improper configuration of my Web.Config file (i.e. I do not have something enabled).
Note #1: A co-worker of mine is having the same problem if he tries to put the project locally and then debug it. He has full administrative access to the DB and everything else.
View 6 Replies
