Security :: Windows Authentication And Still Asking For Login Credentials?
Jul 20, 2010
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
Is it possible to bypass the NT challenge login, and just have a standard webform login, then authenticating programtically as that user and passing those credentials manually to my connection string so that the database sees me as that user?
I have a zealous network administrator who insists that we must use https on an intranet web application in order to safeguard user's credentials. The app is an asp.net web app that uses Windows Authentication to automatically identify users and log them in. There is no login dialog and user's never enter their login or password. The application does not process any confidential data, and the only rationale for requiring https is to "safeguard" users credentials. Additionally he stated that ntlm can be easily hacked.I responded with some information from an MS white paper on Windows Authentication that said it was the recommended way of authenticating users, and that user's credentials were safe because their passwords are not transmitted across the network when the application authenticates them since it sends a hash of the password.
Is the above possible? Basically i need it as I am creating a site where users can upload files to a shared network drive which is secure and has a system account
When a user clicks on upload file, If possible I would like the page to automatically kind of log in with the system account, copy the files and then log off. I know I could achieve something similar mapping a drive but would prefer not to do that for these reasons;
- Security risk if the mapped drive for some reason isnt removed by the code
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
I have developed an Interanet web application using the windows Active directory authentication if user find then it automaticaly authenticated working correctly now my user wants the capability of being able to login to the intranet site as another user by providing the username and Password . For example, Team lead needs to login on other team memeber System to pefrom some task on his behalf if he or she is not aviable in office .
I have created a standard MS Login Page. However when I try to login on the page only by providing the Username system authenitcate the user ( not validating the password of that user)
i want to create a login page and i have to use windows authentication. so what are the steps i have to follow to achive login contorl with windows authentication.
I am using FBA(Form Based Authen) and Windows Authentication for my web application. FBA is working fine with username and pwd. I want to use the same username, pwd for windows authentication without retering credentials in default login screen. How to avoid the default login screen with custom authentication..
I want to create a small intranet web site with a login page that will authenticate against groiups of users in Active Directory. So for example if someone in Group A logs in they can get to web page X and if someone from Group B logs on they can get to web page Y. Is it possible to do this with the login controls without writing code? I thought it would be a fairly standard thing to do.
I have an intranet set up with IIS and it is working fine with windows integrated autehntication. However I have some permissions set and when certain users do not have access they get prompted for their login and I don't want this. I want it to go straight to the access denied page.
I read that "In integrated Windows authentication, the browser tries to use the current user's credentials from a domain logon, and if this attempt is unsuccessful, the user is prompted to enter a user name and password. "
So I understand this is supposed to happen but I was wondering if there was anyway to not have it prompt for a username and password if the first attemp is unsuccessful.
I was wondering what the following error means: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authentication. Initially, when my application was much simpler, I had no permissions and roles and my authentication mode was set to "windows". Afterwards, however, I added authorization, changed the authentication mode to "Forms" and ever since, when I try to login, I get the error above.
If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
I have an XML web service where the authentication used is BASIC WINDOWS. Following is my client code to connect to the service.
[Code]....
Now, the issue is that the client is really authenticated only in the first attempt(First time I execute the code in VS). Further attempts succeed even if the code to assign credentials is commented or even after providing wrong user id/ password. I ensured that the server is hit each time(Just to make it clear that it not just because of client side caching).Is this the behavior of Basic authentication/credential cache. I would prefer the client be authenticated each time he hits the server.
I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
I have to post my request to the web page [URL] and this require 3 credentials namely account id ,username and password and i have to pass the some data for the fields in the page
I have set up a directory on my IIS web server that is protected by "Integrated Windows authentication". I want visitors to be required to enter a name and password to view files in the protected directory except if they are following a link to files in the protected directory from a certain page on my website.
I am doing this to try to get better protection from search engine spidering than is provided by using a robots.text file.
I am using ASP.NET 3.5 with VB. I am wondering if there is a way to pass the log on credentials to the IIS server via a link, or if there is a way to fill in the name and password for the login screen automatically, or something else that would work. It is OK if the login name and password are visible to the visitors.
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only Administration Affiliations Calendars Compensation Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
I'm trying to write a simple login page, that will allow my users to login to my site using their Active Directory credentials (using their username / password we give them through AD).
I want to do 2 things with the login:
1. I want to check the username / password against our AD and verify the person is a valid user within the directory.
2. I also want to store the entry within a global variable so when the user fills out one of the forms within the site it can Insert the data into a SQL table i have running.
** we are using this site to do Setup Change Request Forms / Termination forms etc. and I just want to verify the person signing off on the form is the person logged into the machine -- use it as an "electronic signature per say".
I'm using a vb.net 2.0 approach - as i only have access to visual studio 2005 and i'm more of a vb programmer then a c#.
If anyone has any examples or can walk me through how to go about writing out this page that would be great.
