Security :: How To Perform Authentication Between Websites
Jun 1, 2010
I have 2 web sites both located physically on the same web server, I'll call them siteA and siteB. These sites are accessed by internal users on our intranet as well as external users on the internet.
SiteA is is setup on IIS6 using basic authentication which we connect to an active directory. The web config is set to use Windows authentication mode. The url to site a is etoolbox.xxx.yyy
SiteB is the same setup. The url to siteB is rdow.xxx.yyy
What I want is once the user is authenticated against the active directory when the login to SITEA for them to be able to click the url in siteA which opens SiteB in a separate browser window and automatically takes them to the welcome page without being prompted for credentials again.
Currently when clicking on the url to go to siteB I am being prompted again for my credentials.
Is there any way for both external and internal users to only be prompted once for their active directory credentials and then be able to go to whatever site they want to without be prompted for credentials again? Is this something I have to code for or is it handled automatically by IIS?
View 3 Replies
Similar Messages:
Jan 26, 2010
I created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
View 4 Replies
May 31, 2010
For every incoming request I need to perform custom authorization before allowing the file to be served.
(This is based on headers and contents of the querystring. If you're familiar with how Amazon S3 does rest authentication - exactly that).
I'd like to do this in the most perfomant way possible, which probably means as light a touch as possible, with IIS doing as much of the actual work as possible.
The service will need to handle GET requests, as well as writing new files coming in via POST/PUT requests.
The requests are for an abitrary file, so it could be:
GET http://storage.foo.com/bla/egg/foo18/something.bin
POST http://storage.foo.com/else.txt
Right now I've half implemented it using an IHttpHandler which handles all routes (with routes.RouteExistingFiles = true), but not sure if that's the best, or if I should be hooking into the lifecycle somewhere else?
I'm also interested in supporting partial downloads with the Range header. Using
response.TransmitFile(finalPath);
as I am now means I'll have to do that manually, which seems a bit lowlevel?
View 2 Replies
Apr 2, 2013
Error:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
Nov 5, 2010
How do you compare the security of websites built in ASP.NET with other websites bulit in other technologies such as Ruby on Rails, PHP..?
View 3 Replies
Nov 4, 2010
I have inserted a login page using createuserwizard. but RequiredFieldValidator and CompareValidator does not perform at all and even all textboxes are blank, page is submitted and a record created in database
View 3 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Feb 10, 2010
i have 2 websites, website1 has window.open link to the website2, authentication is forms (and windows but in web.config is set to forms) for both websites, when i click on the link and debug Request.IsAuthenticated should be true or false? both applications are running on the same machine
View 2 Replies
Aug 3, 2010
I have created an xml file. and I want only some websites that I have chosen to reach this file and view the datas of this xml file on their sites.
How can I do that? How can I give permission to some sites for and xml file?
View 5 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
Jan 18, 2010
How do i perform signing sensitive data in WebApp?
My algoritm:
[Code]....
The code above works in WinApp but doesn't in WebApp .
Can you fix the code above so it can run under WebApp -or- other method to protect sensitive data from modifying?
View 2 Replies
Jan 21, 2011
I am using .net membership. How can i perform search on the bases of member properties?
View 2 Replies
Oct 15, 2010
the account we use to copy/publish websites to our web server is not allowing us access to push websites. I've added this account to the permissions in the links listed in the below link, but i don't have success when trying to push remotely. When the account is in the local admins account, everything works flawlessly, but we are not allowed to have it in there. http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/31be047e-4716-4974-b8a1-be0111b50199 I've googled and searched a lot for this particular error, but am not finding an answer that helps. We get this error, 'Unable to create the Web 'http://edea01/test/planning'. You are not authorized to perform the current operation', and the above link is the scenario that matches mine the most. I don't do develompment work, but am asked to figure out this connection problem.
View 3 Replies
Jul 5, 2010
I have a scenario with three applications:
1) Portal: where user executes login
2) Site1: after login at "Portal" user is able to use Site1
3) Site2: after login at "Portal" user is able to use Site2
I just need to execute a validation in Site1 and Site2, to validate if they (users) did login at Portal1.
Something like (in site1 main page page_load).
{
if (notFromPortal)
{
//redirect to Denied.apx
}
}
How can I do this in a simple way? With cookies? Does somebody have a url with sample?
My security requirements are almost zero. I just wanna prevent that user put a url from Site2 in browser and see a Site2 page.
View 1 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Aug 9, 2010
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 Replies
Feb 8, 2010
Am going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 Replies
Sep 2, 2010
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
View 2 Replies
Feb 28, 2011
I have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domainuser" ... but when the page is hosted on a IIS server, the returned value is always blank.
View 4 Replies
Feb 3, 2010
We have two different websites that run two seperate web sites (a backend and a front end) for our peice of software. The way we do our authentication is to put the user id into the session when the user logs in, all the pages on the site inherit from one base page if this base page cannot find this value in session it kicks the user out to the login screen.
What we want to be able to do is have a link on the front end after the user logs in and when they click on it it takes them(redirects them) to the back end. However I cannot think about how to do this in a secure and sensible way. I did think of putting the users username and password dynamically generated into the hyperlink that takes them from the front end to the back end. Would this be advisable. It will be clear text but then again we done use ssl in any case just plain forms authentication. I mean I will hash the values anyway but still be sending them. I suppose is there a way to share a session across two app domain without too much dificulty?
View 2 Replies
Nov 10, 2010
i have an dll file which is data access layer of my application.
i am getting this exception while accessing databse
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission contact your system administrator or change the application's trust level in the configuration file.
Exception Details:
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
View 3 Replies
Apr 28, 2010
I'm looking to write some script that checks that: The current user of whom is logged in has the correct authority credentials. NB: Script in C# before I continue. To give a bit more background. The SQL DB Table for AdminUsers has a field 'Authority' this is linked to another table (Authority) which has the values/different levels of authority in them. Thus, if aN admin user whose Authority level is just listed as 'user', for example, in the database and wants to edit information that requires 'Supeuser' authority level - it cannot be performed and is redirected to another page. In detail, my particular page, the operation is being done via a ASP Button within a ASP Repeater. Of each record that occurs there is the button that, once pressed, updates the field in the database (in this case for a Guestbook table which has a 'Moderated' field of 'bit/bool' data type, changing it from false to true (or 0/1)). To allow that entry to be displayed on the front-end for public viewing. All this can onyl happen on the basis of, as previously stated, their authority is of the appropriate level. Here is what my attempt was. The outcome of which simply redirects to the 'Unauthorised' page, despite the user logged in having the correct authority credentials.
ASP - GuestbookMod.aspx:
[Code]....
C# - GuestbookMod.aspx:
[Code]....
LINQ to SQL - Guestbook.cs 'Mod' Method:
[Code]....
View 8 Replies
Jun 3, 2010
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
View 1 Replies
Feb 16, 2011
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
View 1 Replies
