I have an ASP.net website running with the authentication mode on the web.config file is Windows. The webpages at the root do not need to have login & password form.
Now I created a subfolder called 'reports' and would like to implement a few web pages with the login & password authentication form.
Question, do I need to create another web.config file in the 'reports' folder and update the authentication mode="Forms"?
I have a question about mixed mode authentication. I've been doing some research into this, but I haven't found the answer yet, so I figured I'd just ask:
I have an internal application that requires login. Right now it's using forms-based authentication. We'd like to make it so that, if you're internal and authenticated against Active Directory, you don't need to login to the application. However, if you're coming in from the outside (or don't have an AD account), it would then require them to login via the forms-based Login.aspx page.
From my research, it seems that the only way to do this is to enable forms based auth as the default membership provider, then on the back-end do a check at Page_Load to pull their login name, match it against the .NET membership and then authenticate them automatically - am I wrong on this?
The documents I've found all seem to point to the user having to login anyway, just the login being stored in AD - instead of having the user just login once to their machine in the morning and using that to verify them and their roles in subsequent applications.
I'm having a tough time implementing mixed-mode authentication (windows & forms based) for my application using IIS 7. Doing it in IIS6 is easy, but the process doesn't translate to 7/7.5 - and my research has led to me to conflicting answers, none of which.
I have redirect page called WindowsLogin.aspx, and a forms-based one called Login.aspx. I'm having difficulty enabling Windows authentication for just WindowsLogin.aspx.
how to set the <xhtmlConformance mode="legacy"/> tag in web.config as "strict" using the codes in c#.net for an asp.net webaplication
View 1 RepliesI created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
I have a problem in my asp application. In my application I have an own authentication mechanism so in the web.config file I have <authentication mode="None"/>
Inside the application users can upload files to the folder I've created (App_Files). I would like to give access to the folder only once they are logged in (Session["Login"] is no null).
I dont want not logged in users to be able to access the files over a url address in the browser (like http://<server>/App_Files/Filename.pdf)
Just to describe the scenario. I have a website. This lives on a webserver. On that webserver is an SQL server. The website connects to this database using windows authentication. I have written a windows form application that connects to the SQL Server on the webserver. This application is being run from a location on out intranet. The Winform application use SQL authentication to connect to the database. The SQL Server didn't have mix mode authentication enabled. So I enabled it. The winform application could now connect to the SQL Server.
This is where it starts getting a little strange.
The Website that was already connecting find using integrated authentication starts failing with:
Login failed for user 'NT AUTHORITYNETWORK SERVICE'
When you are enabling mixed mode authentication, you are adding another authentication method, why would the original Windows authentication fail?
I wanted my local iis running application to connect my database in sql authentication mode rather than windows mode,
but it is showing errors of " Cannot open database "aspnetdb" requested by the login. The login failed.
Login failed for user 'DBUser'. ". i also ublocked port from firewall,and allowed remote connection of mssql from sql manager, enabled TCP/IP and named piped protocols from SQL surface config, and with sql manager i also changed server authentication mode to sql from windows.
my datastring is <add connectionString="Data Source=PARTHIV-PCSQLEXPRESS;Initial Catalog=aspnetdb;User ID=******;Password=******/" name="LocalSqlServer" providerName="System.Data.SqlClient" />
i made a user named DBUser in database as well i don't understand where it gone wrong ???
here is error log
[Code]....
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 RepliesI specified to have a user creation wizard that accepts a password with NO alphanumeric characters:
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="watermeConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.{6,})[a-z]+[^a-z]+|[^a-z]+[a-z]+"
minRequiredNonalphanumericCharacters="0"/>
still, I do get the error that I have to provide at least one alphanumeric character.I do so and the error is still the same.why? is my regex wrong? I also took out the "confirm password" step. is that ok?
[Code]....
Hows does one encypt and decypt: appsettings, machinekey, connectionstring?
View 5 RepliesI'm trying to create web securityOn the web authenticate any user that is in the database.But there is a directory called "Administration".I just want to give access path "Administration" to Triqui
<authentication mode="Forms">
<forms loginUrl="Default.aspx">
<credentials passwordFormat="SHA1">
[code]...
I have created the asp.net application and Hosted on Different Server(i.e Test,Development). its is an Intranet Application But When I tried to Host on Production the WebApplication dont work when I check the "Integerated Authentication" and when I check the "anonymous Access" i get null value for the HttpContext.Current.User.Identity.Name.ToString() returns null. and User.Identity.IsAuthenticated also return false. what changes do I have to make in IIS and Webconfig of my application so that it can run on ProductionSERVER
View 2 RepliesHow to secure the connection string in the webconfig the best way
View 1 RepliesI have the following webconfig file that redirects (once logged in) a specific user...but for some reason it's not seeing the redirect location. So, for some reason when john123 log's in he doesn't get sent to superUser.aspx. It's as if it's not seeing the location path.
View 3 RepliesHow do you back-door authenticate Windows users into a website using forms authentication running on IIS 7.0?
View 1 RepliesIn ASP.NET which authentication mode the iis work?
View 3 RepliesI am trying to implement single sign on for users within our domain and if the are not then they get re-directed to the login screen to use forms authentication.
I have followed this tutorial below
however I get two issues firstly if I go to my forms authentication page no css or images now display and if i try to login i get an error.
If I go to the login page which should recognise me from the AD I get 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.
[URL].....
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesTo begin with I work on the large application, that has a WinForms client and server. Server in our case is the set of WCF services. There is one service that is responsible for authentication of users. The logic of authentication is custom and complex and authentication service uses different membership providers.
We want to protect the access to server services for non-authenticated users. The users must firstly authenticate and than use other services (users in this case are the other systems, services, WinForms client, etc.). On this basis, we decided to use the ASP.NET Url/File Authorization feature.
So, I set on the ASP.NET compatibility mode, allowed cookie in all binding configurations, added AspNetCompatibilityRequirements attribute to our services and added the followingconfigurations to config:
<authentication mode="Forms">
<forms cookieless="UseCookies">
<credentials passwordFormat="Clear" />
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
<location path="AuthenticationService.svc">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the authenticate method of our authentication service I add the following code:
public AuthenticationResult AuthenticateUser(string username, string password)
{
AuthenticationResult result = new AuthenticationResult();
result = Authenticate(username, password);
if (result.IsAuthenticated)
FormsAuthentication.SetAuthCookie(username, true);
return result;
}
Next, I wrote the following code:
var authClient = new AuthenticationServiceClient();
var result = authClient.AuthenticateUser("user", "password");
var otherClient = new OtherServiceClient();
var temp = otherClient.DoSomething();
But after authentication I can't access to OtherServiceClient...
So, how can I share the call context between the WCF services calls? Could anybody provide some useful articles about this question?
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Repliesim using windows 7 home premium-64 bit,when i want to install sql server its not asking for mixed mode its directly creating windows authentication mode but i want to use sql server authentication mode,when im installing im unable to see any mode selection?
View 4 RepliesWhat do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 Replies