Security :: Unable To Log In On Domain Which Redirects To Another Domain?
Jul 23, 2010
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
Request.URL and Request.RawURL Do not work because they always return foldername/documentname ex "/foldername/mypage.asxp" regardless of the URL in the browser. Using those create an endless loop.I need whaever string is in the users browser not what document it is requesting
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx this tells me to add a domin attribute like below <forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/> but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
We have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom.
But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following messsage:
System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
This indicates a communication error between the web-server and the DC, however since our application doesn't at all utilizes Windows authentication, I don't see why it needs to communicate with the DC.
This is my implementation:
[code]...
EDIT:
I was finally enable to reproduce this error on my dev-machine (i revoked my machine from the DC yesterday, but didn't reproduce it until today)
HttpContext.User is actually a WindowsPrincipal by default it seems, and the error in my code was that I only replace it with CustomPrincipal upon login. Hence, unathenticated users still get the WindowsPrincipal which then fails horribly if you have trust issues on your AD.
I tried changing the default principal by invoking this on appstart
Im returning the username from sharepoint site as a string. This is done successfully with the below code but I also get the domain with it. How can I only return the username and not the domain either through sharepoint or programmatically removing it? domain/username
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
I have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
The following code works as it was originally designed to move a file from one directory to another directory on the same server, but I need to change it to work so it will move a file from one server to another server. My challenge is how to define the source directory on a different server and check if file exists.
Code behind:
Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
I've got an Search Engine Optimisation problem where users are able to access my site by specifying any sub-domain. This is causing duplicate page issues with SEO.For example if a user mis-types 'www' then posts a link on a forum, google is crawling 'wwww.domain.com'. Furthermore, google is also crawling 'domain.com'.I need a way of forcing the site to always redirect to 'www.domain.com' regardless of how the user accesses the site.
try { using (MailMessage mm = new MailMessage()) { mm.Subject = "Account Activation"; string body = "Hello"; mm.From = new MailAddress("support@foodtrove.in"); body += "<br /><br />Please click the following link to activate your account";
[Code]....
but catch exception service not available error ...
This site needs to get a request from another web site/different domain. How can I check whether the request is coming from right web site so that no any hacker will take an opportunity to enter in my web site.
For this, client does not want to share encryption logic, query string or stroring session state in the same cookie.
My intranet web application uses Forms Authentication. How do i get the Active directory domain nameusername of the logged in user. The IIS directory security settings for the app are:
Anonymous User Access : Ticked Integrated Windows Authentication : Ticked
I tried using the following but to no avail
System.Security.Principal.WindowsIdentity.GetCurrent().Name ----> returns NT AUTHORITYNETWORK SERVICE Request.LogonUserIdentity.Name -----> returns The username used for anonymous access
ineed to pass this information to an external application for the current user to gain access to the system. Can i untick Anonymous user access in IIS and continue using forms authentication? what are the other options.
is there a way i could find out how to get all the users in a group on my domain, i have a domain called "cot", within that domain we have multiple groups like "RO,Admin,PM,SPM and 2 or 3 more", i need to get all the users in a particular group, i am using vs2008 and coding on webforms with c#, i have tried various example i could find online but none have worked for me so far.
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
I have a problem. On the one domain [URL] save employees in another domain [URL] save other employees. What is the best solution for this? Do I need to save each table id_domain?