Security :: Use Windows Authentication But Only In Intranet?

Jan 9, 2010

We also have sales rep that take call and use the same website to take the orders.

My boss wants me to allow the SR to only be able to take orders if they are in the network itself. When I ask why he tells me "just because".

I'm sure there's a way but I can't see it at the moment. How do I go by doing that? Also keep in mind that if the SR is outside the intranet, he can't be allowed to enter his active directory login/password (so the login window must not even show).

View 3 Replies


Similar Messages:

Security :: Intranet Web Application Using Windows Authentication?

Jan 7, 2010

I've a project using windows authentication and it will be used in intranet. The client itself already have a web application in their intranet and they built it with Java (they used windows authentication too). The problem occur when they want my web application only appear within their application content section.

What should I do? I did think about using iframe but some people said it's evil. And if I'm going to use iframe, is it save? My web application will use a few pop up window/modal window and ajax.

View 5 Replies

Security :: 3.5 - Set Up An Intranet Site With Windows Authentication

Jul 26, 2010

i m trying to set up an Intranet site with Windows Authentication. I have configured the web.config as shown below.

<authentication mode="Windows">
<roleManager enabled="true" />

I wanted to do authorization by roles so

<authorization>
<deny users ="?"/>
<allow roles="D820MySite_Developers, D820MySite_Admins"/>
</authorization>

I'm in the D820MySite_Developers group. When I attempt to login, it wants my password. I thought that with Windows Authentication it should not prompt for the password. If is use <allow user="*"/> it does not.

1. Is this the correct behavior?

2. My aspnetdb does not appear in the App_Data folder. Should it and is this causing the problem. If it should be there, how do I get it there?

3. I was under the impression that by using Windows Authentication, I can prevent users from accessing pages by folder. Is this provided by IIS or is this provided by Windows (using Windows Explorer)?

View 3 Replies

Security :: Windows Authentication On An Intranet Site

Mar 23, 2010

I'm trying to set up Windows authentication on an intranet site. I have this code in the web.config:

<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="domainuser, domainuser2" />
<deny users="*" />
</authorization>
</system.web>

I can log in with my own credentials, but I have virtually all the rights in AD. User2 can not log in. The website is set to use Windows authentication in IIS manager. And I've tried setting permissions in IIS manager and NTFS permissions for the folde

View 3 Replies

Security :: Intranet Website Using Windows Authentication And IIS Restart

Dec 6, 2010

We are having an issue with the windows authentication and IIS restart for asp.net application Our environment is an intranet site (an asp.net application ) that uses windows authentication, uses integrated security application pool, physical path credentials are set for a service account, who is admin for sql server, IIS etc. web.config - Connection string has Integrated Security = true, authentication = Windows, and authorization - deny *, allow = security group. Anytime we start - stop service (or restart) (IIS); and hit the website thru some other machine IE, it fails to show the website (401.2), and any subsequent hit to the website doesn't go thru.

However when we start the service, and hit the website on server's (where website is deployed) browser first time then everything works fine for subsequent hits from anywhere as long as authenticated on corp net and member of security group configured in web.config. This behavior however goes away if we uncheck the configuration "Enable Kernel-mode Authentication" on the asp.net application. ( but then Firefox browser stops working with this configuration!!) Why such behavior? In the documentation it states its recommended to keep it enabled. What is recommended way of publishing a website with windows authentication enabled? Any side effects of "Enable Kernel-mode Authentication" being unchecked ( other than what we found for firefox not working) Environment : IIS 7.5 windows 2008 Server R2, VS2008, SQL Server 2008, ASP.NET 2.0

View 5 Replies

Security :: Password Prompt For ASP Website Hosted On Intranet Using Windows Authentication

Jul 8, 2010

We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:

Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.

View 1 Replies

Security :: Have "Role Management" For An Intranet Website With Windows Authentication?

Apr 16, 2010

To work with the ASP.NET 2.0 Membership and Role, we will use Forms authentication for the public Internet.
On the other hand, we use Windows authentication for Intranet applications. uestion: In a website with Windows authentication, can I still have some kind ofole management for different
groups of the Intranet users? If yes, how?

View 2 Replies

Windows Authentication Of Intranet Website And Reappearing Windows Login Box

Mar 24, 2011

I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:

<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>

The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.

View 3 Replies

Silent Windows Authentication - Intranet Zone

Jun 28, 2010

Do any of you guys have experience using Active Directory and the Intranet Zone to silent authentication with a local web site? I've done it in the past with 1.1 and 2.0 .NET, but this 3.5 site I have written doesn't seem to be working for some reason.In the past, how I have done it is:

In web.config, set:

<authentication mode="Windows"/>

In IIS 6, under directory security, check Integrated Windows authentication and Digets authentication for Windows domain servers, and set the realm to my domain, and uncheck Enable Anonymous access.The I add the Host Header for the site to the corporate Intranet Zone in Internet Explorer under trusted sites using Active Directory.And that's basically it. I've done it on plenty of intranet sites before, but with this 3.5 application I am still being propped to login. Anybody see any steps I missed?

View 12 Replies

Forms Authentication - Connect To Database With Logged In Windows User In Intranet Web Application?

Dec 18, 2010

we are migrating existing windows form application to asp.net(3.5) intranet portal, there is a requirement whereby database connection should be made by the logged in windows user. Is it possible to achieve this functionality?

View 1 Replies

DataSource Controls :: Windows Authentication - Connect To Database From A Machine Inside Intranet / Login Failed

Jul 18, 2010

I am getting this error when trying to connect a database from another computer in my home network:

System.Data.SqlClient.SqlException : Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

this database is using windows authentication. sqlserver 2008.

What is the connectionstring that I need to use in order to get the database?

View 1 Replies

Security :: Use AD Authentication With Our Intranet Site To Control?

Feb 24, 2011

We would like to use AD authentication with our Intranet site to control what pages different users can access. I'm very new to ASP.net and would be interested in links to a how to description. We are using Visual Studio 2008.

View 1 Replies

Security :: By-pass Authentication For Intranet Connections?

Feb 26, 2010

The company I work for has a web app running on IIS that has been strictly internal (uses a port other than 80 not accessible to the internet). Recently we started using mobile devices and need to access it over the internet. So I simply made it part of our company web site and secured that portion using forms authentication. The problem is that it is also our home page in the office and it is a pain to be logging in several times a day. In fact some of the staff are irate they have to login in at all when at their workstations. Is there a way to by-pass authentication when the referrer is http://servername/ and still enforce it when accessed via http://www.domainname.com?

View 1 Replies

Security :: Intranet Site Authentication Against Active Directory?

Oct 2, 2010

I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.

I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.

My environment is visual studio 2008 in C#, .net 3.5 if that matters.

View 1 Replies

Security :: What's The Difference Between Basic Authentication And Integrated Windows Authentication In IIS

Jan 4, 2011

What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?

View 3 Replies

Security :: Enable Windows Authentication And Disable The Anonymous Authentication In IIS?

Mar 10, 2010

I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.

View 1 Replies

Security :: Avoid Windows Login Userid And Password Window When Use Windows Authentication Mode For Website

Dec 30, 2010

I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...

View 1 Replies

Security :: Changing From Forms Authentication To Windows Authentication?

Sep 3, 2010

What do I need to do in order to change an application from Forms Authentication to windows authentication?

View 2 Replies

Security :: Setting Up Windows Authentication In Windows 2008 RC2?

Sep 8, 2010

We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution

View 3 Replies

Security :: Getting Windows Username Using Windows Authentication?

Sep 3, 2010

I am developing one intranet website. Being an intranet application, one of the requirement is to have a single sign on feature.

It means that the windows PC username (i.e the "ctrl + alt + delete" username) is going to be the username for the system.

How do i fetch that username?

I tried the following two ways which are working in debug mode but not on live site.

System.Security.Principal.IPrincipal user = System.Web.HttpContext.Current.User;
Response.Write(user.Identity.Name);
&
Response.Write(Request.ServerVariables["AUTH_USER"].ToString());

Both the above method works when i run the page from visual studio.

However when i run the page from IIS or any other server, it gives me a blank value

View 12 Replies

Security :: Webservice Security And Windows Authentication - Invoke SSIS Packages From Web Service

Dec 15, 2010

I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.

View 1 Replies

Security :: Windows Authentication - Get Role Security In Web Config File To Coincide With Controls

Apr 6, 2010

We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?

View 5 Replies

Security :: 4 Security Via Windows Authentication - Restrict Access To Safe / UCantSeeMe.aspx

Aug 18, 2010

I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?

View 1 Replies

Security :: Windows Authentication In C#

Nov 22, 2010

I am trying to get the windows authentication for intranet design Codes return userid of my system but when I try the same fron other system, there too they return only my system's Id.

View 4 Replies

Security :: Authentication Using IIS's Windows Identity?

Jul 30, 2010

I want to know if this kind of authentication is possible.

We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.

The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.

Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.

Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved