I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 RepliesWe have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
[Code]....
View 4 Repliesi have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
View 1 RepliesI have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 RepliesIs there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
View 1 RepliesI am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
<add name="MySqlMembershipProvider" connectionStringName="SQL2005DB380ConnectionString" applicationName="MyAppName" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Encrypted" enablePasswordReset="true" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
How can I get old password and reset new password.
I am creating a website for reset the password in one of the application from the back end.
I have created a webpage with only one button called "RESET".
If user click the button, it should check the user have already access the application from the "USER" table. If no access, the message appears "You do not have an access."
If yes, next step whether the user have authenticate. If yes update the encrypted password from new table called "UMRESET" to the application table "USER" password.
Using windows Authentication... is it possible to progrematically change a password?
I tried using several ways to do this. I tried using the ChangePassword control. This tells me that minimun characters is 7 even though I have more then 7 characters... I also tried using this method:
[Code]....
The user is always null... and I am assuming this is because this object is indended to use with Forms authentication.
All I want to do is have an option for users to change passwords. Is this possible with Windows Authentication?
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
I am working on an application that uses windows authentication. Within this application, we give the user the ability to change their password. The user can change the password just fine. However, after they change their password, that is when things get weird. Sometimes they can navigate through the application just fine. Other times, they click on a link and are immediately prompted to supply credentials. Occasionly they can click on a link but upon a second click they are prompted to supply credentials. Does the browser keep a token to the original credentials and use this when they request the next page? If this is the case, why can i continue using the site sometimes? Can I change the password and then assign that token to the request?
View 1 RepliesI have an intranet that gets the current logged in user through active directory. When a user is locked out they get a windows prompt to enter their username and password. Is there a way for me to catch this and redirect them to a page where they are asked to enter their credentials again or tell them that their account might be locked out and to contact the help desk?
View 1 RepliesI have a .NET 3.5 application running under IIS 7 on Windows 2003 server and cannot get integrated windows authentication working properly as I continue to get prompted for a login. I have set Windows Authentication to enabled in IIS with all other security types
disabled and my application web.config file authentication/authorization is set up as:
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="3.5" />
<authenticationmode="Windows"/>
<authorization>
<deny users = "?" />
</authorization>
</system.web>
With this setup, I'm expecting behind the scene verification of the Windows user to allow access and deny anonymous users. However, what I'm getting is a Windows login pop-up when I try to access the site. I have been troubleshooting this issue for a few days now and cannot figure out the problem. Based on posts with similar problems, I confirmed my URL does not include any periods, double checked that my IE settings are set to Enable Integrated Windows Authentication, and also added my URL to my intranet sites, but still getting the pop-up. To troubleshoot it further, I enabled Anonymous Authentication in IIS and modified my web.config file to which lets me right in and then added Response.Write(System.Security.Principal.WindowsIdentifity.getcurrent().user.name.toString()) to try to see what user is being used in the authentication. The result I'm getting is IIS APPPOOLmyapp which is obviously the IIS application pool for my application.
I'm still using only windows authentication but don't get the pop-up and the windows authentication is performed against the actual Windows user. Just noticed that when the login fails and the Windows login prompt displays again, it is showing the username that attempted to login as "SERVERNAME""USERNAME" which led me to believe it was trying to validate the user against the server vs. the domain. To confirm this, I created a local user account directly on the app server with the same username and password as the network domain user and tried to login again. The result was that I received the login prompt again but when I entered the username and password this time, I was able to successfully login. The network user and app server are on the same domain so really not sure why IIS authentication is pointing to the local app server accounts and not to the domain accounts. I realize this is an IIS question at this point so posting on forums.iis.net as well but anyone may have since have been troubleshooting this for days.
We have an ASP.NET Web App, where we want to provide a link 'Sign in as a different user' on a page. Authentication mode is Windows. Went through a couple of articles (like setting the statuscode =401). We want to authenticate the user, and then redirect him to a specific page (say 'ReviewTask.aspx');
View 2 RepliesI am evaluating ASP.NET Membership for an intranet Silverlight app. I want users to be automatically authenticated for my application with their windows logon. Thus I configured Windows Authentication. I would like to store user settings like email-address in using the SqlMembershipProvider and not AD. It seems that storing user settings using the SqlMembershipProvider is not supported with Windows Authentication. Is this really so (using .NET 4)?
If so: What is the rationale behind this? IMHO authentication, user settings and authorization are distinct aspects. User settings could easily be stored (identified by user name) using the SqlMembershipProvider with authentication and password management being supplied by Windows. What is the recommended solution for my scenario?
How do you allow the user to reset their password if they have forgotten it and have the new password sent to their email address?
View 2 RepliesI have an asp.net c# site that I have setup in IIS 7 and am loading into a sharepoint frame. Sharepoint doesn't prompt for domain credentials but my site does?In IIS I have enabled basic and windows authentication so I can get the domain users username, so if there is a way to get this without prompting that'd be a perfect solution for me.I am using the follwing statement to get username:
System.Web.
HttpContext.Current.User.Identity.Name
I have a small requirement i.e if any user forgot the passwordhe would like to reset the password by contacting an admin or mailing. Now if the admin logged in he will check for the user name if the user name matches i would like to send a mail to that user by resetting the password
View 2 RepliesI am using PasswordRecovery to reset a password and email it to the user.
I am sending an email programmatically with PasswordRecovery1_SendingMail.
In this sub, how do I get the new reset password to include it in the email?
can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.
View 1 Repliesi am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
[code]....
I am using forms authentication. It's works fine locally. Once I upload my web application to a remote iis server and run it I get a Windows authentication prompt. The server [URL] at [URL] requires a username and password.
View 1 RepliesI'm trying to setup my IIS 7.0 MVC2 site but having problems.I want to use Integrated Security so that the app can obtain the user's credentials. We can then do a look-up of some AD groups to determine what they can do from that point onwards.The problem is - Every time we browse to the application, instead of navigating to our main page immediately, we get a login prompt provided by IE. I've read that we need to make sure that in the browser's Tools->Options->Advanced-> (Securiy-> ENable Windows Intagrated Security) must be checked - which it is on ALL 3 machines where I try this.
The machines AND the server are all in the same domain.My config file states <authentication mode="Windows" /> and I've tried every combination for <identity...> and <authorization...> but to no avail. I can only get the "login" prompt to go away if I enable Anonymous Authentication - but then I can't detect the windows user or their group membership.
I'm using the built-in membership in my ASP.NET Web Forms 4 app.
I'm also using the PasswordRecovery control for handling users who have forgotten their passwords. Before I reinvent the wheel, I've decided to post this question.
As one can imagine, in most cases, people give it a few tries before requesting a password change. Of course in the process, they lock out their accounts. The problem is that password recovery does not work for locked out accounts.
How do I first unlock the account if I'm using PasswordRecovery control?
ser enters email addressafter submit, an email is sent to the user The email will include a link that will take the user to a reset password page.Now, how do I fetch user's ID based on the email address and encrypt it? Then what should link be? Like, what I want is fetch the User ID then encrypt it somehow so that the link doesn't contain the actual ID and that link will take the user to a page that will have textboxes to reset the password. I am just confused how to go about it.Also is this the secure way? To reset a password like this?
View 2 Replies