Security :: Application Within A Sharepoint Web Part Using Impersonation But Need Windows Identity
May 12, 2010
I currently have a client with a SharePoint site that wants to incorporate an (already written) ASP.NET application within a webpart in the SharePoint site. The ASP.net application currently uses an IIS impersonation account to connect to the SQL database.
Some added functionality the client is requesting would require me to grab the user's windows login identity to use the SharePoint UserProfileWebService to query the PropertyPages for that specific user. Because the (already written) ASP.NET application uses impersonation, when I grab the WindowsIdentity.GetCurrent().Name, I get the impersonation account and not the actual user's account.
Is there a way to keep the current setup (impersonation account on IIS to connect to SQL) and still grab the logged in user's credentials? Or would a better way about this be to change IIS to consume the Windows Identity of the logged in user and encrypt the connection string in the web.config?
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
I noticed impersonation is turned on by default in MOSS web configs. I tried disabling it but the web app returns an error. So my question, is it possible to disable impersonation in MOSS? If it is possible are there any special considerations I should be aware of?
If you're interested in why I need to do this...I need to have a custom web part (developed with SmartPart) talk to a separate SQL server using the application pool rather than the current user (Kerberos is enabled). If I set the authentication mode to NTLM I get NTAuthority/ANonymous login errors from my SQL connection. If I turn Kerberos on, the currently logged in user's credentials are passed. If I hard code the user id and password in the connection string it seems to ignore it and default to whichever security model is in place (NTLM or Kerberos).
I have an ASP.NET site that uses impersonation. As the impersonated user I use a domain user (not a local machine user). The site is hosted in IIS 6 running on Windows 2003. In IIS 6 for directory security windows authentication is ticked.The site has been running now for about 6 months without any problem. However since about a week back the site has started spuring up really wierd errors. For one, users cannot access the site anymore. When accessing a windows authentication dialog box appears having the user to enter the credentials. However these credentials are not accepted and the standard unauthorized page is displayed
We have several asp.net web applications we've built and we also want to embed them into various sharepoint pages. We need to have them look like standalone applications when viewed in their own pages, but also have them look like they fit within the sharepoint page when embedded. We are doing this currently with IFrames and it works ok, but I'm wondering if there is some sort of proxy web part where we can configure the web part to point to an existing web app and it will proxy the contents through from the web app into the sharepoint page removing the need for an IFrame. Possible?
I want to know if this kind of authentication is possible.
We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.
The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.
Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.
Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.
I have an requirement to implement single sign on solution using SAML 2. I had a look at a tirdparty toolkit in componentspace, but I would prefer some microsoft components.
the features provided in componentspace toolkit can be done using some Microsoft .NET libraries itself. identify the microsoft way to do this?. I looked at the Windows Identity Foundation SDK, but it is now supported only for .NET 3.5. My web application is built on .NET 2.0.
Is there any alternative for Windows Identity Foundation in .NET framework 2.0?
I have this web application where I need the currently logged in windows user Identity. I server on which I deployed this application does not support virtual directories. And I am not sure if that server is configured for "Integrated Windows Authentication."
I tried using: System.Security.Principal.WindowsIdentity.GetCurrent().Name; Request.ServerVariables["AUTH_USER"]; HttpContext.Current.User.Identity.Name;
All these work and retrieve the appropriate currently logged in windows username when the application isn't deployed. But when I deploy it on this particular server, these methods do not give me nothing.
When using SPWeb.GetCatalog(SPListTemplateType.WebPartCatalog), it returns an SPList which of course contains a SPListItemCollection of the web parts in the web part gallery. When looping through the items, is there any easy way to get properties of the web parts? Such as AllowClose, CatalogIconImageUrl, etc... I know I can probably accomplish this using the listItem.OpenBinaryStream etc and loading the xml of the .webpart file, but I wondered if there was an easier way to do this.
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.
In ASP.net, security tokens are stored as cookies.
I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.
How do I remove the token so that the user can log in again and get a new token?
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
I wasnt sure where this question best belongs, in the end I figured this was the best place...
Say I have a utility dll that i might use in either a windows console application or in an asp.net web application - how can I programatically find whether it is running on web or windows, from within the dll?
I feel like this is something I should know by now, maybe some property of AppDomain.CurrentDomain, or Environment, but I just can't find it.
The reason I'm asking is because I'm playing around with nHibernate for asp and I seem to need different session handling when running in asp.net, compared to when i'm running integration tests. So if someone knows how i can solve this without programatically checking the context of the application, then that'd be great too.
I've been trying to set a STS project in my solution following these steps on Channel 9. Right after hitting "Finish", I get an exception saying: The system cannot find the file specified. (Exception from HRESULT: 0x80070002). After installing, uninstalling, rebooting, and so on, I still get the error.
My OS is Windows 7 Enterprise x64, both Visual Studio 2010 and Visual Web Developer 2010 Express are installed in my machine, the WIF SDK 4, the runtime 6.1 and the Identity Training Kit from January 2011.
I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines: [Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this: [Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is: [Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
How does one stream files, html or custom AJAX responses from web parts? Our current quick-and-very-dirty solution is to make the web part call the current page with certain query parameters, which the web part checks and instead of performing normal load it writes the required things to output and calls response end.
This sounds bad since SharePoint might load other web parts and execute their code before reaching our web part. The web part is configured with data source settings which means the streaming context must be specific to the web part so it can acquire the correct data source settings.
I have a need to integrate a third-party Java applet into a custom web part I wrote for SharePoint 2007. The web part simply loads a user control I created that contains the bulk of the functionality, and that's where the applet will go. I added it to my user control project and it works fine outside of my SharePoint environment.
I installed the updated web part onto my MOSS 2007 development site and the part's page loads fine. The applet is triggered by clicking a link button on the page, which runs some client-side JavaScript to start it. The problem is nothing seems to happen when I click the link. No error messages appear, and the stuff the applet is supposed to do never occurs (it's for doing file transfers via FTP). I have the .jar file as an embedded resource in my user control DLL, which is deployed to the bin folder, and SharePoint fully trusts this DLL.
I used Firebug to step through the initialization code and I saw an HTTP GET that failed with a message about not being authorized, but it didn't give any details and I'm not positive it was related to the applet. Is there anything special I need to do to make the applet work? Or am I going about this the wrong way?
EDIT: The problem turned out to be the .jar file for the applet couldn't be found. SharePoint is clearly doing something different here, and I need to find out what. Can Java applets be used within a SharePoint site? This question suggests they can, but in that case a Page Viewer web part was used, which isn't going to really work for me.
Is there any way to restrict a web part to a certain zone? I know I can restrict it by using the AllowZoneChange flag, but is it possible to make sure the web part can only be added to certain zones? I have some web parts which are only viable in a wide column (zones), so I want to make sure that no one tries to add the web parts to narrow columns (zones). Is there any way of accomplishing this?
I've created a quiz web part in SharePoint 2007, but am stuck on one permission. It needs to write the quiz score to a list, which it's throwing an error now when trying. I'm under the assumption that if the web part has the appropriate permission level, the user's permissions (the quiz taker) don't matter. Is there a particular permission that should allow the webpart to write to a list? Specifically:
I have a web part that is deployed in a MOSS 2007 application. The web part has a text box for entry of an ID number and a button that fills a dataset from the db based on the supplied ID and binds this to a details view. The details view is a private variable declared at the top of my web part class, the details view is then instantiated and various properties set along with the event handlers in the CreateChildControls() Sub.
[Code]....
The details view is then rendered in the RenderContents() sub.
[Code]....
After checking the user inputted ID number for malicious chars I fill a data set.
[Code]....
The problem is that when I click the auto generated Edit link nothing happens and if I then click it for a second time the editable text boxes appear but have no data in them and my data key appears to have been overwritten. I have also tried entering new values into the text boxes and clicking the Insert link and then looping through the NewValues collection inside the ItemUpdating event but this displays nothing!
i downloaded Microsoft Report Viewer 2010 Redistributable Package and used in asp.net page and it works fine without post back all the page BUT, when i created costume web part including report viewer , default page shows javascript error and the report papers as disabled , and when i click viwer the whole page getting post back
I used to deploy developed web parts to a remote sharepoint site by Build->Deploy menu inside Visual Studio 2008 months ago ( I am not a regular web part developer). My network engineer also asked me how to deploy web parts without stsadm commands. anyway now I can't. Visual Studio keeps complaining that the specified site doesn't have sharepoint site contained. "No SharePoint Site exists at the specified URL."
After googling, it is said web parts can't be deployed to remote sharepoint sites from visual studio. Only can to local site. However I did it before. Visual Studio 2008 service pack or hot fix made this feature (remote deploy) removed? Or is there any workaround?
I have an app that uses impersonation to gain access to a database (on server separate from IIS). The app connects to the database using a trusted connection and seems to be working just fine. However, we get these logon failure events in the security event viewer:
[Code]....
It must have something to do with impersonation because the login failure is for the domain account which my app is impersonating under. But again, the app is working fine so I'm having a hard time figuring out how to stop these logon failures.