Security :: Pass Membership Identity Object Across Domain?
Aug 20, 2010
I am trying to figure a way to SSO with ASP.NET membership and role model.
I can implement custom membership provider which consume web services hosting on a server.
With encryption of data. No problem.
But my question is, If I sign on a website with my provider, got my identity object on that application,
could I pass it to another website on another domain which use the same provider and by doing so, do not need to login again?
View 2 Replies
Similar Messages:
Mar 4, 2011
I have an asp.net application which was working fine with the AppPool Identity set to Netwrok Service or Local System or Local Service. But If I change the app pool identity to a domain account (I am using my account itself) I am unable to access the application from any other machine except the web server.I am using Windows Integrated Authentication.I tried resetting IIS, Restart W3SVC, aspnet_regiis -ga . But no luck.
View 5 Replies
Dec 13, 2010
I have a shared module in an asp.net web app which gets various information about a group or user. Since the Iuser account on the web does not have enough rights to query the AD, I need to supply an appropriate userid and passcode for the directoryentry in the shared code. Since my credentials so the have the appropriate rights to query the AD I like to impersonate myself(user.identity). This works fine for a webpage, but I can't pass the user.identity object to shared code. I get an error. Is there a way to pass the user.identity object to a shared function in another module?
View 1 Replies
Oct 1, 2010
i'm using asp.net membership for logins/registeration. i have a bookings table with few fields, lets say first_name, last_name, product_name and userID.when the user submits 'buy' i want to get the userID from the membership user tablem that way i know whose made the booking. i'll have these two tables (bookings & user tables) linkedbut how do i get userID from the user table to pass to bookings table? i checked the membership class and it gives options like-Membership.GetUser(), Membership.GetUserNameByEmail(), Membership.GetAllUsers() etcothing for getting user id. user id is stored like this: c1c91682-449f-45dd-b20e-3dac5315bba4
View 2 Replies
Jan 29, 2010
Writing a custom membership / role provider and have to validate user with extra parameter to Membership.Validate. So, instead of Membership.Validate(username, password) I need Membership.Validate(username, password, client).
Is this possible with the existing MembershipProvider? I would have liked to pass a new MembershipUser to the Validate method but didn't see anything that would work for that.
View 1 Replies
Jan 10, 2011
I have an application that has been running for about 1.5 years. Suddenly, I got a bug report that the support team are receiving an InvalidCastException in the User ManagerUnable to cast object of type 'System.Guid' to type 'System.String'. The line this appears to be happening on is:
string queryStringID = Session["EditID"].ToString();
Guid providerUserKey =
new
Guid(queryStringID)
MembershipUser user =
Membership.GetUser(providerUserKey);
<--- here
This is a rather strange error as the value of the queryStringID is in fact a Guid generated by the Membership.GetUser(UserName).ProviderUserKey on the previous page. It doesn't seem to make any sense at all. I'm using the built-in SqlMembershipProvider with no changes. It's as if it isn't picking up that it should be using the overloaded function Membership.GetUser(object providerUserKey)Anyone else ever seen anything like this? I wouldn't normally post here unless I was absolutely stuck but I can't seem to find any relevant information by Googleing this one. Also, it's just started doing this. There was never an issue before. Very strange
View 5 Replies
Dec 23, 2010
this works fine on my local site but as soon as i upload the site to my live server i get stem.NullReferenceException: Object reference not set to an instance of an object
on the first line of this:
if (!Page.User.Identity.IsAuthenticated)
{
pnlSignIn.Visible = true;
pnlSignOut.Visible = false;
}
View 1 Replies
Jan 2, 2010
this problem is baffling me. I have a custom class that all my pages inherit from
Public Class Page : Inherits Page
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Display Admin Controls (Buttons) '
[code]...
View 2 Replies
Aug 27, 2010
I have the following scenario. An user uses the desktop application to call our WCF Service which has windows authentication. The WCF Service calls the Office Communication Server (OCS) in order to do some custom work.
When the WCF Service calls OCS we have to pass an instance of NetWorkCredential into the call. I want to pass in the original calling users NetworkCredential object into the OCS call rather than constructing it using a custom username and password. How do I get access to the calling users NetworkCredential object from the WCF service and pass it to the OCS call?
View 1 Replies
Sep 28, 2010
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 Replies
Nov 18, 2010
I've created custom membership provider and it is more convenient for me to operate on MembershipUser.ProviderUserKey rather than UserName. So, to retrieve ProviderUserKey I perform such code:
if (User.Identity.IsAuthenticated)
{
int UserID = (int)Membership.GetUser(User.Identity.Name).ProviderUserKey;
}
However, when GetUser() method is executed, user data must be retrieved from database and this is bugging me. This is unnecessery waste of server time, no matter how short this time is, I would like to avoid it. Is there any other way to get ProviderUserKey in a more convenient way, like in User.Identity.Name case? I would like to hear your ideas. How do you solve this problem on your webpages?.
View 2 Replies
Jul 23, 2010
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
View 3 Replies
Jan 27, 2011
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
View 2 Replies
Apr 12, 2010
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Aug 9, 2010
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
View 1 Replies
Sep 21, 2010
I have an ASPX page in my Application. ASPX pages from other applications in different domaincan call this page. But how do I return a value to the calling ASPX page in a different application?How an ASPX page can return a value to calling page in a different app?
View 1 Replies
Oct 23, 2010
In MVC3 Beta version i have action result same like
public ActionResult Save(Dictionary<string, string> dicObject)
I want to pass JSON Object in POST Method from javascript and need to get as dictionary object
How can i do this? can you write example if possible?
View 5 Replies
Sep 2, 2010
There are two applications "Sender", "Receiver"."Receiver" is a asp.net page, running in a serverSender" is not an asp.net page and running in some other server."Sender" is passing a string (eg. userName) through http header."Receiver" is reading the string from http header as followsRequest.Header["userName"].How to pass values through http header? Can I have some samples?
View 5 Replies
Jan 21, 2011
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
this tells me to add a domin attribute like below
<forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/>
but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
View 3 Replies
Mar 3, 2010
i am trying to pass data between forms.
Public selected_Month As String
Public Property Month() As String
Get
Return selected_Month
End Get
Set(ByVal value As String)
selected_Month = value
End Set
End Property
form1: where i am assigning a value
Dim my_Class As New Class1
my_Class.Month = ddl_Month.Text.ToString()
form2: where i am geting a value
Dim my_Class2 As New Class1
MessageBox.Show(my_Class2.Month.ToString())
when i run this code, i am getting error like Object reference not set to an instance of an object.
View 6 Replies
Jul 30, 2010
I want to know if this kind of authentication is possible.
We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.
The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.
Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.
Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.
View 1 Replies
Oct 7, 2010
what is the use formsAuthentication.user.identity
is it one of the property of page
View 1 Replies
May 17, 2010
actually i got confused in session object,view state,application domain, can u tell me where i have to use these object. can u define some sort of condition in which session object must used & view state must used & diffrence of thses object where we can only use session & where i we can only use view state
View 2 Replies
Jun 1, 2010
In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:
[Code]....
View 1 Replies
