Security :: Windows Identity Foundation For .NET Framework 2?
Jan 23, 2011
I have an requirement to implement single sign on solution using SAML 2. I had a look at a tirdparty toolkit in componentspace, but I would prefer some microsoft components.
the features provided in componentspace toolkit can be done using some Microsoft .NET libraries itself. identify the microsoft way to do this?. I looked at the Windows Identity Foundation SDK, but it is now supported only for .NET 3.5. My web application is built on .NET 2.0.
Is there any alternative for Windows Identity Foundation in .NET framework 2.0?
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.
In ASP.net, security tokens are stored as cookies.
I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.
How do I remove the token so that the user can log in again and get a new token?
I've been trying to set a STS project in my solution following these steps on Channel 9. Right after hitting "Finish", I get an exception saying: The system cannot find the file specified. (Exception from HRESULT: 0x80070002). After installing, uninstalling, rebooting, and so on, I still get the error.
My OS is Windows 7 Enterprise x64, both Visual Studio 2010 and Visual Web Developer 2010 Express are installed in my machine, the WIF SDK 4, the runtime 6.1 and the Identity Training Kit from January 2011.
Our solutions requires validating users against a custom database. This also includes roles which dictates what he user can do in the system. What is the best way to implement implement security, is it to use Windows Identity Foundation or the default Membership Provider and Role Provider that comes with .net?
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
I am beginner in the Windows Communication Foundation. I am reading about it. I am little bit confused with the word 'Windows'. WCF can be used for building the web services for window application as well as web application. Then what is meaning of the word 'Windows' in WCF ? Why we are calling it as a 'Windows' Communication foundation ?
When i create a Windows Service for getting information from a Web Application(ASP.NET c#) for scheduling some task in the client machine.
To consume WCF from the web application. I added WCF reference to Window Service project as a service reference, everything seems fine. It updated app.config file, added service reference etc. it was not working.
I want to know if this kind of authentication is possible.
We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.
The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.
Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.
Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
I currently have a client with a SharePoint site that wants to incorporate an (already written) ASP.NET application within a webpart in the SharePoint site. The ASP.net application currently uses an IIS impersonation account to connect to the SQL database.
Some added functionality the client is requesting would require me to grab the user's windows login identity to use the SharePoint UserProfileWebService to query the PropertyPages for that specific user. Because the (already written) ASP.NET application uses impersonation, when I grab the WindowsIdentity.GetCurrent().Name, I get the impersonation account and not the actual user's account.
Is there a way to keep the current setup (impersonation account on IIS to connect to SQL) and still grab the logged in user's credentials? Or would a better way about this be to change IIS to consume the Windows Identity of the logged in user and encrypt the connection string in the web.config?
I read some blog that If we host workflow foundation in asp.net, there will be issues with workflow persistence, is this correct? and what is the better idea to host workflow foundation on asp.net or on windows service?
I Need by service contract to return the xml/json result depending on the request type. function which will convert my result set (i am using linq to sql) so that i do not need to create the xml format for the result set by iterating through the table row many times.What is the suitable way to do that.
I need a kind of short cut method which will convert the table data to xml result.Had i been using asp.net mvc i would have been able to generate the xml data by overriding the the ExecuteResult method in the ActionResult and giving Conetnt-Type = "text/xml" as OP.But since i am using Wcf i don't have the controller context(as controller context is the parameter that needs to be passed to Execute Result).
My present code for converting the table data to the xml format is below.
public XDocument UsersLists(string authToken) { bool IsAuthenticated = Authenticate(authToken); XDocument xDoc = new XDocument(); XElement root = new XElement("Users");
[Code]....
I need to eliminate this way of generating xml for each table records.
I want to know that, is there any source code security assessment module in Team Foundation against security issues? If it is there, can somebody pls point me to the documentation of it, so that I can caliberate it. I'm personally not able to find it, through google.
The site is running on my local IIS 6.1. I Would like to add some features to pull information from our AD. My AD code works on many other projects and on my dev server. Here are my attempts at writing out the username:
We are observing some strange behaviour in our web server logs where where the Identity of the currently logged in user seems to be getting swapped with another user. I will describe our set up before explaining further.
We are running an asp.net web site (v3.5 of the framework) on 2 Windows 2008 web servers and use forms authentication.They are load balanced using a separate server running Apache 2.2 on Linux (Cent OS 5). The load balancing simply attaches a cookie to a user and directs them to a particular server for each subsequent request.
We notice on occasion patterns in the log like this (details obfuscated)
First Log Entry
UserName - customer1@x.com UserId - 1111 WebPage - page1 IP - ip1 Time - 2010-06-29 12:56:20.750 SessionId - h3uyz2fsdfegugjy452sdz0far.........
We are using forms authentication using the standard asp.net forms authentication framework (the standard login control and we implemented a custom membership provider).
The UserName is the Windows identity retrieved using "HttpContext.Current.User.Identity.Name" The UserId is the database Id set in the session. The sessionId is retrieved using "HttpContext.Current.Session.SessionID"
As you can see the same Windows identity is the same for 2 different users, under different IP addresses and with different session id's, hitting the site about the same time. We checked and the IP's were from totally different locations. The wrong windows identity seems to be getting recorded. UserId 2222 should have a different username recorded.
Since it happens very occasionally, the code is standard and has not changed substantially for some time we don't "think" it is a coding error. We presume either a problem with the load balancer or some problem in the web server. I have never heard of such problems in asp.net before.
The forms authentication entry in the web.config is
authentication mode="Forms"
forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH"
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
I have this web application where I need the currently logged in windows user Identity. I server on which I deployed this application does not support virtual directories. And I am not sure if that server is configured for "Integrated Windows Authentication."
I tried using: System.Security.Principal.WindowsIdentity.GetCurrent().Name; Request.ServerVariables["AUTH_USER"]; HttpContext.Current.User.Identity.Name;
All these work and retrieve the appropriate currently logged in windows username when the application isn't deployed. But when I deploy it on this particular server, these methods do not give me nothing.
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
get the below error. My application was working fine until I probably modified something, but don't know what.
Server Error in '/' Application.
Method is only supported if the user name parameter matches the user name in the current Windows Identity.
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.Provider.ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.] System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName) +2195661 System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName) +36 System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username) +61 System.Web.Security.RolePrincipal.IsInRole(String role) +182....