Security :: How To Security Token Transfer To J2EE Web Application
Mar 6, 2010
Here is 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest ) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?
View 3 Replies
Similar Messages:
Mar 2, 2010
How to create Uniue Token with properties like expiration time,
Any standars method provided by Microsoft,
View 2 Replies
Feb 17, 2010
We have developed a system to allow users to access another one of our web applications by placing a token in the db and then when they redirect passing this token in the browser to the new apop and using that as an authenication method. However I am thinking that it might be better to simply place this token in the browser cookie as then the user doesnt have to physically click a link they can simply do straight to it because the token wont be in the query string anymore....
Will it add much of an overhead doing it via cookies are there any disadvantages?
View 4 Replies
Jul 2, 2010
I don't know if the following is possible or not but in brief, here is what I'm trying to achieve:
1. When a user requests to view a document, they click on a link (could be other) which contains an encrypted query string containing data required to retrieve the relevant document. i.e.[URL]
2. I want to ensure that if after x minutes the user goes back to their history and select the link again or re-type the same url as above that it will not request the document and redirect them to a page letting them know that the requested document "link" is no longer valid.
I don't want to rely on cookies or sessions, so thought that maybe there would be a way to add a datetime token at the end of the existing url but this needs to be done at run-time as the url is already predefined when the link is created, so I'm not sure how can I do this?
ideally, I'd like something like this [URL] where the token would contain the date & time when the link was clicked.
Once re-requested, I would decrypt the token and validate it again the server time and if it was over the x minutes defined, it would redirect me to the "link is no longer valid" page.
View 2 Replies
Aug 27, 2010
I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in.
Here's what occurs in my login.aspx on the STS
var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket);
if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(cookie);
var returnUrl = Request.QueryString["ReturnUrl"];
Response.Redirect(returnUrl ?? "default.aspx");
Which was taken almost directly from existing application using normal Forms Auth.
From my web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="2880"
name=".STS" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="default.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
Looking at the cookie after I sign in I can see the expires time on the cookie is set for 14 days in the future and that the cookie is NOT a session cookie. When I'm required to log back into the STS I can see that my original cookie is still there. Is there some kind of time stamp functionality that the STS embeds into the cookie that is invalidating my cookie even though as far as I know it should still be valid?
View 2 Replies
Jun 15, 2010
I've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.
To this way, by token, I create a new session and save the relative auth cookie.
But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.
Both the two application are behind an reverse proxy.
View 3 Replies
Feb 1, 2010
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.
In ASP.net, security tokens are stored as cookies.
I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.
How do I remove the token so that the user can log in again and get a new token?
View 2 Replies
Jul 16, 2010
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies
May 19, 2010
Members cannot login when I move a site from development to production. I can see them in a page I made that reads the sql table.I checked the machine config file and the application name is "/" in both development and production. When I open the db in management studio I can only see new ones created during production. What gives, and how can I delete these 'ghost' users and re-create them in production so they can log on?
View 2 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Apr 2, 2013
Error:Â
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
Jan 27, 2011
i hve 3 applications with membership providers which are wrking perfectly.. i am storing the users , roles , profiles etc in the same database as for the each application. now i want to store users roles etc in a single db n application data in separate db.. how can i shift existing users from current db to new db without re-creating them ..
View 6 Replies
Aug 9, 2010
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
View 1 Replies
Feb 17, 2010
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
View 3 Replies
Feb 7, 2010
I currently have a ProfileCommon enabled on my site and would like to know where I would start to transfer this ProfileCommon's context to a user's profile after he/she has logged in. Here is a snippet of how I have defined this ProfileCommon:
[Code]....
View 2 Replies
Mar 22, 2010
How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET
View 4 Replies
Sep 25, 2010
I am making application in asp.net and I wanted to implement security features in my application I want help from you experts with good logic on implementing security Field Level, Button Level and different DIV section level security. Where I wanted like read only, addition, edit and delete and also I can make Groups and then assign user in that so that group security I can give. Customize security for some users.I am ready to use some DLL or Active X which give me above.
Before I was using database for security logic where in I was putting some codes in comma format and was looking that for specific control on form load but it have disadvantage that when some user have access to database that can alter make problem.
View 2 Replies
Oct 21, 2010
I have a C# 4.0 WinForm application that creates new Membership users using Membership.CreateUser(). I've created 1,000+ users. I run into problems when I access those same users from my Web application specifically MembershipUser.GetPassword(). I'm able to get the user in the Web app but when I try to get the password using MembershipUser.GetPassword() I get the "Unable to Validate data" error everytime. If I use the MembershipUser.GetPassword() method in the WinForm application it works fine. I'm using the same MachineKey in both applications.
WinForm App.config:
[Code]....
WebApp Web.config:
[Code]....
Error:
[Code]....
View 1 Replies
May 7, 2010
i have used "advapi32.dll" and "crypt32.dll" dlls in my application for signing the sensitive data.This is working absolutely fine when i am running my asp.net application from solution explorer(directly).But the problem arises when i am hosting this application in IIS.The application does not ask for the Pin Number of the token while signing the data.
View 1 Replies
Jan 30, 2010
I have two .NET applications X and Y
a. I want to have User A as a common user for both application X and Y.
b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
View 3 Replies
Mar 9, 2010
I know that ASP.NET MVC has error filter attribute to handle specified error type. However, this feature cannot catch any error that occurs when application start. Therefore, I need to add some code to "Application_Error" method for handling this error like the following code.
public void Application_Error(object sender, EventArgs e)
{// At this point we have information about the error
var ctx = HttpContext.Current;
var exception = ctx.Server.GetLastError();
[code]...
View 1 Replies
Aug 4, 2010
I am supposed to create a intranet web application and the question is what technology I will use? is that the ASPX with C # or the Java EE. in any case I want to know the great advantages that I will receive.
View 4 Replies
Jun 28, 2010
I just created an asp.net application and its working perfectly fine!
Now there is a requirement from my client that pages likes (Login, Product details) etc, should run on SSL.
kindly explain the whole process required to run pages on SSL in ASP.Net
View 4 Replies
Oct 7, 2010
What are the Freenode irc channels for Java, J2EE, C#, asp.net and SOA?
View 1 Replies
Aug 13, 2010
Is it possible to call an '.EXE' application which is on Server Machine from Any Client Machine?
View 4 Replies