i'm wondering is there a way that i can add my configuration User to a specific role ?
so i have this in my web.config file
<forms loginUrl="/Account/Login.aspx">
I need to pass specific user credentials to a .svc so it can be used to open a server. The code in my .svc is as follows
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string OpenServer()
{
RFCOMAPILib.FaxServer objFaxServer;
NameValueCollection appSettings = ConfigurationManager.AppSettings;
sFAXServerName = appSettings["FAXServer"];
objFaxServer.OpenServer();
}
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 RepliesI am trying to figure out how to associate a specific user to a specific data on the site, like social networking site.
View 3 RepliesIn my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 RepliesI am building a web application that is limited to one database, thus I cannot use the handy ASP.NET config tool. I am attempting to use SqlClient to authenticate users from a user table I added to my database. Here is the code I have thus far:
[Code]....
[Code]....
In my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
I have an ASP.net 2.0 application on an IIS6 server with a second server running SQL.
The problem I have is that I can't use Integrated Windows Authentication to authenticate against the SQL server, instead the IIS passes its machine name (DOMAINMachineName$) to the SQL server. Of course I can add the necessary permissions to the machine name account on SQL, but I want to use the local user credentials in Integrated Windows Authentication to authenticate against SQL.
I have tried to find some reading/articles online but apart from a basic understanding I can't find the details I need to implement into my application. All I have found is that IIS doesn't pass the credentials onto a remote machine when using Integrated Windows Authentication, and Kerberos should be used instead. I have no experience of Kerberos or how to use it in ASP.net so I am hoping it can be done using Integrated Windows Authentication or be pointed to some good easy to understand articles on using/implementing Kerberos.
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
View 1 Replies[Code]....
View 4 RepliesGiven a particular user group id, how can we most quickly retrieve the list of users under that user group id?
View 2 RepliesI need to create individual account for a big group of people (around 200) from an Excel spreadsheet. What is the best practice? It will take too much time to create account using web form. I think there must be a way to do it. I tried to use Stored procedures created by ASP.NET.
View 2 RepliesI have two user groups set up in AD and Im "authorizing" against these in my web.config file :
[Code]....
What I need to do is redirect the user if they are a member of "CD" or "Individual".
I have a summary page that has an Add New Record button, andEdit Record butto and a Delete Record button.Every user has ReadOnly access.However, only users with administrators Access Level can add, edit, delete, view.Users with Staffers Access Level can only Add records but cannot delete or edit.So, basically, 2 access Levels, Administrators, Staffers.Administrators can view, add, delete, update records.The rest, Staffers, can only view and Add records.I am struggling to figure this out.I have done this a ton of times using Classic ASP, something like:
If AccessLevel <> "Administrator" Then
Response.Redirect"login.asp" 'so if user has admin password, s/he ccan log in with that.
End if
[code]...
4 different groups will be using the system, each will be redirected to their own summary page based on their groupNumber.All I just want now is to ensure that a user from a particular group is redirected to his/her summary page, then that user is checked again against AccessLevel (view, edit, delete, update).
how do i ask if the current user have the specific role ...
like ... if(user is in role)
{
do simthing...
}
Below code is working fine, it will logout user in after 1 minute, since I have another login control in Home page, I was trying to add another line:
<forms loginUrl="Default.aspx" timeout="1"/>, but gives me error: The element <forms> may only appear once in this section,
so the timeout in the webconfig can only have one page for the function?
[Code]....
I am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e)
{
TextBox uname = Login1.FindControl("UserName") as TextBox;
TextBox pass = Login1.FindControl("Password") as TextBox;
CheckBox rm = Login1.FindControl("RememberMe") as CheckBox;
Literal fail = Login1.FindControl("Literal1") as Literal;
if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
For example:
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
I have the following scenario and I'm not sure how to implement/tackle it.
I have a login control and roles for different users. When a user logs in I need to display a javascript alert only if the user fullfill special criteria (so not for everyone).
I have tapped into the x_Authenticate and x_LoggedIn events.
In x_Authenticate I do the MembershipProvider verification that the user exists as well as some custom verification. At this point I know that the user has successfully logged in and I can verify if they match the popup criteria.
In x_LoggedIn depending on the user type I redirect to different pages.
Ideally the x_Authenticate event would be the best place to show the popup, however the page isn't rendered then. Instead right after x_Authenticate the x_LoggedIn method gets executed and redirects to the needed page.
Here are the structure of my web site:
Login.aspx in the root path
UserInfor.aspx and 1.txt in the sub-directory folder named 'Restricted'
Authenticate this website with form authentication configured in IIS, and does not allow anonymous to get into the Restricted folder with the web.config file.
I think it should work this way, if I manually access the 1.txt in the browser, I should be able to view the content, and if I go to the modules configuration for this applicaiton in IIS7, find the 'UrlAuthorization' module, and cancle the listbox for 'invoke for requests to asp.net ...', I should be directed to the loginurl setting in the root web.config file when I access the 1.txt file without logging, however, I still can see the content of 1.txt.
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
I want to allow each user to create a webpage on our domain. example: www.site.com/username
I've created a few pages that get content from database and place it in a folder. I want each user to be able to edit their own data and when they hit "submit". the system will then copy those pages to a folder and modify the code so it read from the right database.
I keep getting "virtual directory not being configured as an application in IIS" errors. Is there any way around this error? I want the process to be 100% automatic so that I don't need to manually go into the server and configure the IIS myself.
I need to develop a page in my applicaiton like the image for the user lists.
I need to get the list of users under a group and need to show likw this.