Security :: Pass Credential From On Request To Another Request (one Site To Another Site)?
Jul 27, 2010
WebApp1: on IIS and configured with Windows authentication. Get User account from AD.
WebAPP2: a java web app on another windows box in same domain with authentication from AD
On web app1, I have a http handler like
public class MyHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
string url = "http://WebApp2/Test";
HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(url);
CredentialCache myCache = new CredentialCache();
NetworkCredential netCredential = new NetworkCredential("myname", "mypassword", "");
myCache.Add(new Uri(url), "Basic", netCredential);
//...
myReq.Credentials = myCache;
//....
}
}
in above way, I can set authentication in code and pass it WebApp2.
But I don't want to put name and password in code. User info already available on WebApp1: in context.User I can find out the user info who already logined into WebApp1, so I want to pass this credential to WebApp2. I have tried to do following:
myReq.Credentials = CredentialCache.DefaultCredentials;
but I am failed becuast there is no data in CredentialCache.DefaultCredentials.
View 1 Replies
Similar Messages:
Dec 21, 2010
I have 2 website A and B.
B site with windows authentication
I want to open B site as new window from A site, so its ask for windows credential. I have credential in A site. I am opening B site using Javascript.window.open.
how i can set credential for B site from A site.
View 2 Replies
Jun 15, 2010
I am using asp.net 3.5 and have validateRequest="true" in the machine.config.
Do I need to do something special to stop CSRF and Cross Site scripting or asp.net will handle all these?
View 1 Replies
Feb 15, 2011
I am building a simple intranet site and want to get the employees user name, but when i use Request.LogonUserIdentity.Name , i keep getting the servers credentials and not the users. what am i doing wrong and is there a better way to do this.
View 1 Replies
Feb 8, 2010
I am using if (HttpContext.Current.User.Identity.IsAuthenticated){ //do sth. } in my web service to do credential. Is that good enough? or is there some best practices that I can follow?
View 2 Replies
Mar 3, 2010
At one point this was working, but somewhere something happened. What I am trying to do is simply download a page from our local site. I keep getting the 401 unauthorized.
I have tried NetworkCredential("user", "password", "domain")
and
CredentialCache cc = new CredentialCache();
cc.Add(new Uri("http://site/"), "Windows", new System.Net.NetworkCredential("user", "password", "domain"));
but that didnt work . We are using Windows authentication with no anonymous access.
Here is what was once working:
WebClient wc = new WebClient();
string FileName = Server.MapPath(\App_Data\rpt.htm);
wc.Credentials = CredentialCache.DefaultCredentials;
wc.DownloadFile("http://site/Report.aspx?OrderNum=7534&Type=inv&BE=1", FileName);
View 1 Replies
Apr 20, 2010
it is possible to do a request for another page on internet from page_load? I mean if it is possible to aquire markup code with informations from another page and display them on my aspx site? For example something like this:
protected void Page_Load(object sender, EventArgs e)
{
UnknownType anotherSite = GetMarkupCode("www.fifa.com");
//parse anotherSite
.
.
.
//display parsed informations
}
If it is possible how can i do that?
View 3 Replies
Apr 4, 2011
I have an existing asp.net mvc website that uses basic forms authentication. The site has a login page that posts back to a login action, which logs the user in via FormsAuthentication.SetAuthCookie(). I am looking to add an api to the site, as an mvc2 area, where users would be authenticated based on a token passed as an http header. This area will consist of only json actions, so redirecting the user to a login page doesn't make sense. Instead, I want the users to just pass a token along with each request. That token is mapped to each user account and the user would be authenticated automatically.
I'm struggling with where to put this logic. At this point, the best choice seems to be adding the header lookup logic and authentication to the Global.asax in the Application_AuthenticateRequest method. I want to avoid needing to redirect the user after calling FormsAuthentication.SetAuthCookie(), though. I want the login action to be transparent to them. Am I approaching this the wrong way? As a side note: Requiring a username/password for api requests is not possible, as the site has a mix of users. Some joined using OpenID while the rest joined with a username/password.
View 1 Replies
Oct 16, 2010
i have some aspx page that handle form data submit from few websites. how can i retrieve the ip of the site (server) that send the request? (not the ip of the user that use the site and fill the form) if the form is hosted in server like 55.343.33.343 i need to retrieve to the handler page this ip. (Just to be clear : the handler.aspx is hosting in one server xx.xx.xxx.xx and the forms hosting in other servers cc.ccc.cc.cc, yy.yyy.yy.yy etc
View 8 Replies
Apr 30, 2010
Suddenly, IIS 7.0 is redirecting every request for the root of any domain hosted on the box to ~/Account/Logon, which is our Forms Authentication redirect. Additionally, some JavaScript and image requests are being similarly redirected, but not other aspx pages.
EDIT: It turns out that something has gone wrong with the disk permissions. Can anyone point me to the way things are supposed to be in Windows Server 2008 for a standard ASP.Net installation? The disk permissions are out of whack now.
View 1 Replies
Oct 4, 2010
I am getting this error when I am trying to upload a video in my site. how to fix this?
View 3 Replies
Mar 9, 2011
I'm getting an exception when trying to access an .asmx webservice within a MVC site. I've tried numerous things like updating the web reference within the console application and building another quick app to test, but can't get passed this issue. If I pull the URL out of the svc variable, I can browse to it directly.
Exception Details
System.Web.Services.Protocols.SoapException
occurred Message=Server was unable
to process request. ---> Value cannot
be null. Parameter name: uriString
Source=System.Web.Services Actor=""
Lang="" Node="" Role=""
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream
responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at ClarityIntegration.SendTrackerDataToClarity()
in [REDACTED].Reference.cs:line 78
at [REDACTED].Program.Main(String[] args)
in [REDACTED].Program.cs:line 33
InnerException:
CONSOLE APP CODE
var svc = new TrackerClarityService.ClarityIntegration()
{
Url = url,
Credentials =
new System.Net.NetworkCredential("user", "pass", "domain")
};
svc.SendTrackerDataToClarity();
svc.Dispose();
The exception was coming out of the Web Service itself. There were some global variables not being initialized directly through the .asmx call that were being initialized by the application itself.
Some simple checks on variables within the Web Service and setting what needs to be set have fixed up the issue.
View 2 Replies
Feb 5, 2010
I am using DotNetNuke and I have posted this in their forum. But it is more appropriate here. I am trying to upload a 13 MB video file to my site ( a .flv file) using the file manager function under the host login. I understand that .NET limits the upload size to 4 MB for security reasons. In accordance with other posts here I added this code to my web.config file to allow bigger upload.
<httpRuntime maxRequestLength="51200" enable = "True"
I added it in the system.web section. Now, I still get this error:
"An error has occurred.DotNetNuke.Services.Exceptions.PageLoadException: Maximum request length exceeded. ---> System.Web.HttpException: Maximum request length exceeded. at System.Web.HttpRequest.GetEntireRawContent() at System.Web.HttpRequest.GetMultipartContent() at System.Web.HttpRequest.FillInFormCollection() at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) --- End of inner exception stack trace.
View 3 Replies
Sep 30, 2010
I hosted two asp.net web project in IIS with unique VirtualDirectory (sample and Sample2). Now i access a web page from Sample site and from this page i'm sending request to a web page in a site Sample2 with some values through Query String. I got the page and the values from query string.
Now my problem is, instead of sending values through QueryString is there is any other way to pass values from one site to another. Because, i never give the url for the second site to client. They know only the first site url based on user input i'll redirect it to the second site. Problem is user can see the values passed through QueryString and there is a chance to bookmark that link by user, it just like hacking. I donot want the user to do that.
View 2 Replies
Mar 11, 2011
I have an ASP.NET website that worked fine using and debugging in VS2008. I went through the upgrade process opening the solution in VS2010. I can run the site, but as I make changes in the app_code folder classes, they don't seem to commpile and warn me of compile-time errors. As soon as I get to a point that calls the class, the errors show up. Sounds JIT I guess, but this isn't how it was working in 08. Is there an option that was changed in the upgrade process? This is a large project, I really don't want to break something and not find out until some obscure page is opened.
View 1 Replies
Jan 26, 2011
I have a requirement where I have to transfer a user from Web Site 1 on Server A to web Site 2 on Server B.
On Web Site 1, I have to provide controls to enter user id and password and which have to be validated on Web Site 2 on server B, after validating them I have to redirect the user to Web site 2.
what is best way fo doing it. code examples are greatly appreciated.
Note: On Web Site 2, user login functionality is already existing and it is provided by ASP.Net login control, am not sure how to handle the user login process from two different places.
or is it the best way to move Web Site 2 from Server B to Server A so that, the same login controls will be shown using Iframe on Web Site A.
View 6 Replies
Dec 2, 2010
I have an application that uses the ASPNET role provider.My SQL Server crashed so I took a backup of the database and restored it to a new SQL Server and changed the db connection string to that server.The web site runs but no users can login to the site.Is there something that I should have done when the db was on the other server?
View 6 Replies
Apr 24, 2010
Encrypt request.querystring and Descrpt request.querystring
View 1 Replies
Mar 29, 2011
I'm new to C# web development. I'm trying to reference a param from Site.Master.cs in Site.Master, so that in Site.Master page, I can do:
<%
if (someParam == true) {
%>
some HTML code
<%
}
%>
The param someParam is the one I want to pass from Site.Master.cs.
View 3 Replies
Jan 27, 2011
We're trying to implement functionality that intercepts, inspects, and alters if needed data in the Request.QueryString and Request.Form collections.
Since Request.QueryString and Request.Form are readonly, is it possible to use a HttpModule to do this without Reflection or Response.Redirect?
We're thinking that we can construct a new HttpRequest, and replace the original one. Would there be any implications in doing this?
I know mocking this object is impossible without using HttpRequestWrapper, but wasn't sure whether ASP.NET sets other things beyond the constructor.
View 2 Replies
May 15, 2010
I have a webservice which works 100% fine on my developer machine. Where Web Service is installed on LOCALHOST on my developer machine,Then i went to my servers, I installed webservice on one server and map it with the server where the website is hosted, Then i tried accessing this service using BROWSER from my web server, it worked fine, That means the mapping was done perfect.Then i run my program on web server (website). It worked fine on page1, then on page2, but when i did the same and call same function on page3, It popped me any error of
View 4 Replies
Dec 9, 2010
Is it at all possible to inject a request into IIS for a page, have IIS and ASP.Net handle it as normal, but get the response as html handed back to me programmatically?
Yes, I know that I could connect to port 80 using WebRequest and WebResponse, but that becomes difficult if you are accessing the IIS server from the same physical machine (loopback security controls et al).
Basically, I want to inject the request (eg for [URL]) between the points at which IIS would normally talk to the browser, and the point at which it would route it to the correct ASP.Net application, and get a response back from IIS between the points at which ASP.Net/IIS applies the httpfilters and hands the html back to the browser.
I'm predominantly working with IIS7 so if there is a solution that works just for IIS7 then thats not an issue.
View 2 Replies
Jun 29, 2010
This is a input
<input type="image" src="<%=Url.Content("~/images/shopping-cart.jpg")%>" alt="shopping cart" id="btnshoppingCart" name="btnshoppingCart" value="shoppingCart" />
when i browse the page with firefox and click on the input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is statisfied.
When i browse the same page with internet explorer 8 and click on the same input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is not satisfied. When i used the watch i saw that there is no key by the name of "btnshoppingCart" in either Request.Form or Request.Params if input is clicked from internet explorer. However when it is clicked from firefox there is value "shoppingCart" inside Request.Form and Request.Params against "btnshoppingCart" key. One more strange thing that i observed was that are two keys "btnshoppingCart.x" and "btnshoppingCart.y" inside both Request.Form and Request.Params whenver clicking is done from both internet explorer and firefox. This is happening against all inputs of type image irrespective if the input is present inside a html form or not. Forms are created like this
<% using (Html.BeginForm("Action", "Controller", FormMethod.Post)){%>
The version of internet explorer is 8.0 and firefox is 3.6.6
View 5 Replies
Jan 21, 2010
I there a way to know if a request is a soap request on AuthenticateRequest event for HttpApplication? Checking ServerVariables["HTTP_SOAPACTION"] seems to not be working all the time.
public void Init(HttpApplication context) {
context.AuthenticateRequest += new EventHandler(AuthenticateRequest);
}
protected void AuthenticateRequest(object sender, EventArgs e) {
app = sender as HttpApplication;
if (app.Request.ServerVariables["HTTP_SOAPACTION"] != null) {
// a few requests do not enter here, but my webservice class still executing
// ...
}
}
I have disabled HTTP POST and HTTP GET for webservices in my web.config file.
<webServices>
<protocols>
<remove name="HttpGet" />
<remove name="HttpPost" />
<add name="AnyHttpSoap" />
</protocols>
</webServices>
Looking at ContentType for soap+xml only partially solves my problem. For example,
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1131
Content-Type: text/xml
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: ro
Host: localhost
mymethod: urn:[URL]
Some clients instead of having the standard header SOAPAction: [URL], have someting like in example above. "mymethod" represents the method in my web service class with [WebMethod] attribute on it and [URL] is the namespace of the webservice. Still the service works perfectly normal. The consumers use different frameworks (NuSOAP from PHP, .NET, Java, etc).
View 4 Replies
Oct 24, 2010
I develop an asmx web service (i.e. ASP.NET 2.0). There's a piece of code that may read the contents of the HTTP request (via HttpContext.Current.Request.InputStream) while processing it. I realise that InputStream may only be read once for a request, and I make sure I never try to read it more than once.
The problem seems to be that if InputStream happens to be read during the early stages of the application's lifecycle (e.g. after pskill w3wp, during Application_Start), the HTTP request fails with a HTTP 400 - Bad Request error, with no explanation given, no exception thrown and no entry in the httperr log. If it is read later (e.g. within the web method itself), requests run fine whether InputStream is read or not. Application_Start runs fine if InputStream isn't read.
Is this some sort of ASP.NET bug? IIS bug? Or am I doing something wrong by daring to read InputStream? And if so, is there another way to get a look at the "raw" contents of the request without disturbing the inner workings of IIS/ASP.NET? In short, adding this code within Application_Start is enough to reproduce this error: using (StreamReader reader = new StreamReader(HttpContext.Current.Request.InputStream))reader.ReadToEnd();
View 1 Replies
