Security :: Identity Impersonate - False And IIS In Windows Mode
Feb 21, 2011
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
View 3 Replies
Similar Messages:
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Aug 31, 2010
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
View 1 Replies
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Nov 22, 2010
I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
View 1 Replies
Dec 30, 2010
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 Replies
Aug 9, 2010
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
View 1 Replies
Dec 2, 2010
I have a ASP.Net website that interacts with Dynamic CRM. It's also uses a local ASPNETDB.MDF for forms authentication. For the CRM I need to impersonate the identity created on the domain for this purpose. When identity impersonate is enabled I no longer have access to the local Membership Database. How can I allow the domain user used for the impersonation access to the membership database?
View 1 Replies
Jul 30, 2010
I want to know if this kind of authentication is possible.
We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.
The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.
Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.
Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.
View 1 Replies
Jan 23, 2011
I have an requirement to implement single sign on solution using SAML 2. I had a look at a tirdparty toolkit in componentspace, but I would prefer some microsoft components.
the features provided in componentspace toolkit can be done using some Microsoft .NET libraries itself. identify the microsoft way to do this?. I looked at the Windows Identity Foundation SDK, but it is now supported only for .NET 3.5. My web application is built on .NET 2.0.
Is there any alternative for Windows Identity Foundation in .NET framework 2.0?
View 2 Replies
Nov 11, 2010
I have an MVC 2.0 environment in a S#arp layout, everything works great, and I have Intellisense working in my aspx file (for things like HTML helpers and Model properties) As soon as I add the line:
[Code]....
To my web.config, I lose Intellisense on my aspx files! Does anyone have any idea of why this is happening? Or have any experience with this?
View 1 Replies
Feb 1, 2010
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.
In ASP.net, security tokens are stored as cookies.
I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.
How do I remove the token so that the user can log in again and get a new token?
View 2 Replies
May 12, 2010
I currently have a client with a SharePoint site that wants to incorporate an (already written) ASP.NET application within a webpart in the SharePoint site. The ASP.net application currently uses an IIS impersonation account to connect to the SQL database.
Some added functionality the client is requesting would require me to grab the user's windows login identity to use the SharePoint UserProfileWebService to query the PropertyPages for that specific user. Because the (already written) ASP.NET application uses impersonation, when I grab the WindowsIdentity.GetCurrent().Name, I get the impersonation account and not the actual user's account.
Is there a way to keep the current setup (impersonation account on IIS to connect to SQL) and still grab the logged in user's credentials? Or would a better way about this be to change IIS to consume the Windows Identity of the logged in user and encrypt the connection string in the web.config?
View 2 Replies
Feb 10, 2011
I've been trying to set a STS project in my solution following these steps on Channel 9. Right after hitting "Finish", I get an exception saying: The system cannot find the file specified. (Exception from HRESULT: 0x80070002). After installing, uninstalling, rebooting, and so on, I still get the error.
My OS is Windows 7 Enterprise x64, both Visual Studio 2010 and Visual Web Developer 2010 Express are installed in my machine, the WIF SDK 4, the runtime 6.1 and the Identity Training Kit from January 2011.
View 2 Replies
Dec 3, 2010
I'm using IIS Express to host my website, and I would like to do something similar to Directory Security in IIS 6. In IIS 6, I was able to go to the Directory Security tab and allow the anonymous user to be a local windows account.
Is there something equivalent in IIS Express for that? What changes do I need to make in applicationhost.config?
View 2 Replies
Oct 15, 2010
i just found that can not run System.Diagnostics.Process.Start if i set the identity impersonate="true", what can i do if i need to use System.Diagnostics.Process.Start to run my java application and need to set the identity tag?
View 2 Replies
Feb 12, 2010
I been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this. have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database
[Code]....
View 13 Replies
Oct 18, 2010
Just to describe the scenario. I have a website. This lives on a webserver. On that webserver is an SQL server. The website connects to this database using windows authentication. I have written a windows form application that connects to the SQL Server on the webserver. This application is being run from a location on out intranet. The Winform application use SQL authentication to connect to the database. The SQL Server didn't have mix mode authentication enabled. So I enabled it. The winform application could now connect to the SQL Server.
This is where it starts getting a little strange.
The Website that was already connecting find using integrated authentication starts failing with:
Login failed for user 'NT AUTHORITYNETWORK SERVICE'
When you are enabling mixed mode authentication, you are adding another authentication method, why would the original Windows authentication fail?
View 1 Replies
Oct 16, 2010
I wanted my local iis running application to connect my database in sql authentication mode rather than windows mode,
but it is showing errors of " Cannot open database "aspnetdb" requested by the login. The login failed.
Login failed for user 'DBUser'. ". i also ublocked port from firewall,and allowed remote connection of mssql from sql manager, enabled TCP/IP and named piped protocols from SQL surface config, and with sql manager i also changed server authentication mode to sql from windows.
my datastring is <add connectionString="Data Source=PARTHIV-PCSQLEXPRESS;Initial Catalog=aspnetdb;User ID=******;Password=******/" name="LocalSqlServer" providerName="System.Data.SqlClient" />
i made a user named DBUser in database as well i don't understand where it gone wrong ???
here is error log
[Code]....
View 4 Replies
Apr 1, 2010
I know how to impersonate a user for the entire site but how best to impersonate for a block of code; WindowsImpersonationContext or NetworkCredential?
And how would this code look like?
View 2 Replies
Mar 8, 2011
The site is running on my local IIS 6.1. I Would like to add some features to pull information from our AD. My AD code works on many other projects and on my dev server. Here are my attempts at writing out the username:
Response.Write("1. " + this.Request.LogonUserIdentity.Name);
Response.Write("2. " + Request.ServerVariables["Auth_User"]);
Response.Write("3. " + WindowsIdentity.GetCurrent().Name.ToString());
The results I get are:
NT AUTHORITYIUSR
administrator
NT AUTHORITYNETWORK SERVICE
How can I get at the actual windows username like ourdomain/username
View 5 Replies
Mar 1, 2011
We are observing some strange behaviour in our web server logs where where the Identity of the currently logged in user seems to be getting swapped with another user. I will describe our set up before explaining further.
We are running an asp.net web site (v3.5 of the framework) on 2 Windows 2008 web servers and use forms authentication.They are load balanced using a separate server running Apache 2.2 on Linux (Cent OS 5). The load balancing simply attaches a cookie to a user and directs them to a particular server for each subsequent request.
We notice on occasion patterns in the log like this (details obfuscated)
First Log Entry
UserName - customer1@x.com
UserId - 1111
WebPage - page1
IP - ip1
Time - 2010-06-29 12:56:20.750
SessionId - h3uyz2fsdfegugjy452sdz0far.........
We are using forms authentication using the standard asp.net forms authentication framework (the standard login control and we implemented a custom membership provider).
The UserName is the Windows identity retrieved using "HttpContext.Current.User.Identity.Name" The UserId is the database Id set in the session. The sessionId is retrieved using "HttpContext.Current.Session.SessionID"
As you can see the same Windows identity is the same for 2 different users, under different IP addresses and with different session id's, hitting the site about the same time. We checked and the IP's were from totally different locations. The wrong windows identity seems to be getting recorded. UserId 2222 should have a different username recorded.
Since it happens very occasionally, the code is standard and has not changed substantially for some time we don't "think" it is a coding error. We presume either a problem with the load balancer or some problem in the web server. I have never heard of such problems in asp.net before.
The forms authentication entry in the web.config is
authentication mode="Forms"
forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH"
View 3 Replies
Feb 8, 2010
LDAP - directory entry issue with out user and password using impersonate and windows authentication
View 1 Replies
Feb 7, 2011
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
</configuration>
App pool config (left out "handlers" for brevity, there's a 30000 char limit):
[Code]....
View 2 Replies
Jan 4, 2011
I have this web application where I need the currently logged in windows user Identity. I server on which I deployed this application does not support virtual directories. And I am not sure if that server is configured for "Integrated Windows Authentication."
I tried using:
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Request.ServerVariables["AUTH_USER"];
HttpContext.Current.User.Identity.Name;
All these work and retrieve the appropriate currently logged in windows username when the application isn't deployed. But when I deploy it on this particular server, these methods do not give me nothing.
View 4 Replies
