Security :: WCF Data Service Can Use As Forms Auth ASP Auth Source?
Sep 26, 2010
if it is possible to use a WCF Dataservice as the MemberShipProvider for a forms auth application. I have written code for a provider (below), but I do not know what to do as far as a connection string, or any other web.config properties.
Please Help!!! Here is the code for my provider, anytime it says Odbc that is because I based this off of the custom Odbc provider on the msdn site. The only ACTUAL references to any odbc connection are in the comments:
[Code]....
View 1 Replies
Similar Messages:
Feb 23, 2011
Been scratching my head on this one today quite a bit. Time to ask the guru's.Implementing your basic Forms Auth for a 2.0 web app in conjunction with SQL Membership Provider and Role Provider. Web.Config from virtual directory root
[Code]....
All other subdirectories do not contain web.config files but rather wanted them to just work off inheritence from the root web.config. Upon publishing of this setup - I am having one hell of a time maintaining the user 'authenticated' state. (Not sure if that's the best explanation of what is going on.. but)
View 4 Replies
Feb 21, 2011
We're running IIS7 and have windows authentication enabled. Everything else is disabled. When we go to the page though, we aren't prompted for a windows logon, but are redirected to the default forms authentication login page (Accoun
View 1 Replies
Nov 18, 2010
I need this up and running quick but I spent the last few hours researching/worrying about which would be better:
Asp.net Forms Authentication
vs
Custom Header Token:
On the server
[code]...
View 1 Replies
Jun 8, 2010
I am having difficulty deploying a Silverlight 4 RIA services Web app to IIS 6 on Windows Server 2003. The application works fine when running on the development server. However, when deployed to a production server, all the Web service calls redirect to the login page.
Here are the details:
The site uses forms authentication. Login is via an ASP.NET Web page; the Silverlight application does not have its own version of the login page. Login is working correctly.
View 1 Replies
Sep 22, 2010
I have done some research and tried to find answers on how to integrate forms authentication with ASP.NET but all I can find is for 2.0. I don't mean to sound ignorant or annoying about it, but does anyone have a quick link to somewhere where I could find out how to integrate a custom SQL Server DB (with username, password, id, etc columns for user) with ASP.NET 4.0?My application is actually a Silverlight Business Application where I am trying to log in/register users in a separate Database in a SQL Server 2008 engine
View 1 Replies
Feb 17, 2010
as there is so much code a built a demo project
Specs:
MSVS 2005
asp.net 2.0
ajax Enabled site
MS SQL server 2005
User/logon On server required name: MyDBLogon, access to project database MyFormsAuth
Download project from here : http://www.screencast.com/t/ZmE3ZWM4ZDMt(NOTE: Select 'Download this media' as the top of page) Also I use the FREE trial demo of this tool : http://www.qualitydata.com/products/aspnet-membership/download.aspx
Project : The Member logs on with email address and password.
admin logon is : admin@yahoo.co.nz, password is 12345
The issue: I use Logonview control to show menu for each role type. See 'controls' folder.
When You first run the project you will see it in the main page...LIke
"Admin, Members, MembersX, Welcome etc"
Logon..it works fine.
The test.. close browser, to test Authentication ticket cookie.
Re run view project ( we are now testing the forms authentication process as cookie is being read to see if authentictaion is still active).
When the page runs, and authenication is active, proven by going to public page IsAuthenticated=true", fine, BUT The page direction usercontrol ( ie logonview control) is not visible, it doesnt work on the new browser run ??
View 47 Replies
Jan 24, 2010
I am developing a web application which implements membership, roles and profiles. I also want it to be multi-tenant / multi-domain. By this I mean that I will have hundreds of domain names pointing at the same web application. I want users to be able to create accounts at each individual domain. I want the opposite of "single sign on". I want users to be able to use the same username, email address and password (or different ones, at their choice) to create accounts at the different sites. I do not want users to have any awareness that the different domains have any relation to each other as they will look different and have different content. The first problem I run into is that usernames have to be unique within the forms auth aspnet db.
Well, if they want to use the same username to register on 10 different sites then I need to support that. My first thought was that instead of identifying a user by their username, I need to extend the aspnet tables and sprocs to consider the username + a unique site identifier. Is there any sample code or has anyone else ever done this before? Should I just abandon the built in aspnet forms auth and roll my own custom auth scheme? The data on the sites is not sensitive so security isn't really that important to me.
View 8 Replies
Nov 23, 2010
I am working on a site that uses windows authentication, but I have one page for password resets that I want to allow anonymous access to.I have tried doing authorization, allow users="*", but it doesn't appear to work with this.Do I need to have another seperate site for this section?
View 2 Replies
Sep 17, 2010
I'm trying to setup my IIS 7.0 MVC2 site but having problems.I want to use Integrated Security so that the app can obtain the user's credentials. We can then do a look-up of some AD groups to determine what they can do from that point onwards.The problem is - Every time we browse to the application, instead of navigating to our main page immediately, we get a login prompt provided by IE. I've read that we need to make sure that in the browser's Tools->Options->Advanced-> (Securiy-> ENable Windows Intagrated Security) must be checked - which it is on ALL 3 machines where I try this.
The machines AND the server are all in the same domain.My config file states <authentication mode="Windows" /> and I've tried every combination for <identity...> and <authorization...> but to no avail. I can only get the "login" prompt to go away if I enable Anonymous Authentication - but then I can't detect the windows user or their group membership.
View 1 Replies
Oct 31, 2010
Let's say I'm currently authenticated in an application (namely: applicationA) and I click a link that will take me to another application (namely: applicationB). Is it correct that in order to bypass authentication of applicationB, I'll just create a ticket for that application telling the web server that I'm already authenticated?
View 5 Replies
Dec 22, 2010
I have created an android app, that registering to google c2dm service. And It's getting a registration_id token from c2dm services successfully. I already signed Android Cloud to Device Messaging form and I received confirmation email from c2dm service.Everything seems ok in client side, it's getting registration_id in simulator environment. So, it's ok. But, On server side, It's authenticating google service, it's receiving Auth code then it's invoking to c2dm send url with below code.
public void SendMessage(string registrationId, string data)
{
ServicePointManager.ServerCertificateValidationCallback += delegate(
[code]...
View 2 Replies
Mar 15, 2010
Is it possible to request an X509 certificate from a client without configuring the application to use Windows Authentication? The purpose would be to press an asp.net button and "digitially sign" a web-form's contents. I do not need any login information, just the X509 cert.
View 1 Replies
May 26, 2010
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?
View 1 Replies
Sep 23, 2010
We have a weird issue found during setting up a new Windows 2003 Server with IIS6.0 & ASP.NET 2.0, our site is built using ASP.NET forms authentication with general authorization to deny access to all users & allow explicitly to static, home pages etc, -- web.config setting for forms auth looking as below:
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/Pages/Users/Login.aspx" protection="All" timeout="60" defaultUrl="~/Pages/Inner.aspx">
</fo </authentication
View 1 Replies
Feb 9, 2010
In our application, we have a need for a user to "impersonate" a different user. Think of it as a hierarchy -- Bob is above Frank in a hierarchy. Bob is logged in, and he needs to do things in the system for a short time as Frank. So, we have given Bob a list of users that report to him, and an impersonate link. He clicks on this link, and, behind the scenes, I log Bob out, and log in as Frank. I also set a session variable that tells me that really Bob is they guy who is the user. Also, Bob (acting as Frank now) has a nice little link at the top of every page that says "Stop Impersonation."
In addition, when Bob is impersonating Frank, Bob is restricted from doing some things, like changing Frank's password.
This was working great, until we encountered a situation where, if the session (I think -- getting confused here) gets destroyed (such as when I copy up new code and dlls to the live site), then when Bob clicks on "Stop Impersonation" he gets redirected to the default page, and is still logged in as Frank, but without the Impersonation session variable. So, now Bob really is logged in as Frank, and can change Frank's password (among other things).
How is it that a session variable (Impersonation) gets destroyed, but I guess the session is still hanging around, because it doesn't make the user log in again?
This is a somewhat serious bug for how our system works (bug in our code, I'm sure, not in .Net). We are using ASP.Net c#, aspnet membership services, .net 3.5, forms auth...not sure what else you need to know.
EDIT: Updated information. Looks like when "something" happens, for instance, when I recompile some dlls and copy them to the webserver, the session gets dumped. Or, rather, the variables in the session get dumped. The session id stays the same. I do get to check for Session.IsNewSession and it returns true, even though the id is the same as it was before.
Just like Utaal mentioned, Membership Services is separate from Session, so it's forms auth token is still hanging around in the browser, but my session variable telling me that that isn't really the user who is controlling the browser isn't there anymore.
EDIT: Sky, here is what I'm doing to authenticate a user. I can't figure out where I would insert a ticket into this flow:
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
View 2 Replies
Apr 2, 2010
how revoking authorization works in the ASP.NET Toolkit. I've tried issuing the following:
ConnectSession connect =
new ConnectSession(FacebookHelper.ApiKey(), FacebookHelper.SecretKey());
Auth x = new Auth(fbSession);
x.RevokeAuthorization();
But I get an object reference error during the RevokeAuthorization call. Here's the call definition.
View 1 Replies
Dec 21, 2010
I've just finished implementing a modal dialog login popup for my ASP.NET website. The experience is similar to what you get with [URL]. When you log in, you get a fancy popup modal dialog (provided by the JQuery Tools Overlay control). The dialog is an ASCX file in the Master Page, so it's available globally. It uses a PageMethod to validate the current user. If the validation succeeds, I call window.location.reload(); in the PageMethod's success callback.
This works great when logging in on a page that doesn't require authentication, but what about when non-auth users are trying to navigate to a page that requires auth?
Is it possible to modify my web.config file so that instead of redirecting to a SignIn.aspx page for non-authenticated users I simply invoke the modal dialog instead?
Let's say a non-authenticated user is on Default.aspx which doesn't require auth. He wants to navigate to "Add.aspx" which does require auth. What's the best way to handle this with a modal dialog popup?
If I have to use a dedicated page, I guess I'll just have a SignIn.aspx page that invokes the dialog when it loads and if authentication succeeds, it'll use JavaScript to redirect to the destination page.
But ideally, I'd like to do the login from the Default.page and then redirect to "Add.aspx" with script.
View 1 Replies
Oct 17, 2010
when I upgraded my root website from ASP.NET MVC 3 Preview 1 to the new Beta 1. I am using RavenDB, which needs to run as a virtual sub-application with Windows authentication instead of Forms authentication. I had raven working like described above just fine in preview 1, but with beta 1, now it won't work. It looks like no matter what I try, the membership provider system for my root website is redirecting me back to the login page, even though I've set my RavenDB virtual directory to use windows authentication and cleared out the membership and roles providers in it's web.config. I guess MS changed something to do with
either routing or authentication between preview 1 and beta 1. If anyone else sees this problem and knows how to fix it, I would be in your debt. I would guess that the easiest way to recreate the problem would be to create a new ASP.NET MVC 3 Beta 1 root website, then add a virtual directory marked as an application. See if you can get the root site to use the forms auth provided by default, but have the virtual directory use windows auth, denying all users but a specific one of your choosing. I can't seem to get this scenario working in the beta like I did in the preview.
View 3 Replies
May 18, 2010
I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?
View 2 Replies
Jun 7, 2010
I have an application we bought that I need to integrate, and it uses jakarta connection to get to the application from IIS.So, the basic operation is
View 1 Replies
Jul 30, 2010
I have an implementation for my website to have facebook single sign on, using their javascript sdk.The javascript adds the cookie and I deal with it fine.The question is related to when an user logs out of facebook, I would expect the auth.sessionChange or auth.logout events to fire, but that only occurs when the page is refreshed.As my implementation is done server-side, this means that after the user logs out of facebook they can access one secure page one more time before being properly logged out.Is this the normal case or do these events usually fire up straight away and I'm maybe doing something incorrect in configuration of the facebook app?
View 1 Replies
May 19, 2010
Our code relies on checking the Context.User.Identity value in the Global.asax Application AuthenticateRequest(...) method to retrieve some information about the logged in user. This works fine in classic mode but when I flip IIS to use the Integrated Pipeline "Context.User" comes back as null, but only intermittently.I have < authentication mode="Windows"> and only Windows Auth enabled in the Virtual Directory.
View 1 Replies
Feb 1, 2010
The session state timeout is set using this web.config element
<sessionState mode="InProc" cookieless="false" timeout="120" />
The forms auth is configured using this web.config element
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
</system.web>
What is the difference between the timeouts specified in each of these elements? If both are different, how would it work?
View 2 Replies
Aug 16, 2012
I need to develop a login where user can login from his facebook account. When user login first time, an auth dialog should open from facebook asking to user for access permission and than it should move to one of my page where I can retrieve user email address and first name & last name through his facebook access token. How to achieve this?
View 1 Replies