Security :: Use A Third Party (CAS) Authentication System While Still Using Membership?
Apr 21, 2010
I need to convert a web site using traditional ASP.Net login,membership/role with SQL to a custom system. I need to use a third party (CAS) authentication system while still using membership and roles to control access to content and User.Identity functions.What would be the best way to accomplish this? I use the <deny> and <allow> user throughout the site to control page access.
View 3 Replies
Similar Messages:
Feb 2, 2010
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?
View 1 Replies
Oct 7, 2010
I've had a look through the forums but I couln't find a concrete answer - I found some things that point me in the right direction but I would like to just ask for some clarification.My requirements are as follows:I have an external system, with an API that allows me to log in a user, and returns whether or not it was successful. This can only be done through the API, it can not be done with a direct DB connection.I want to create a site that can only be accessed by someone who has a login to this external system. Through the site they will only be able to log-in, there will be no possibility to change password etc, this is all done in the external system by an admin.I like the ASP membership system, and the way it works with anonymous and member views and would like to continue to use it. My question is, how do I do this? Do I create a custom membership provider that overrides all the methods of the usual membership provider? And how will the fact that all I actually want to do is allow the user to login affect things? There will be no ability to change details etc.
View 6 Replies
Apr 28, 2010
I have an old website running fine in Classic ASP with large customer base registered onto the site. The current site allows users to have their own user name(unique) registered against an ID assigned to them. They can change the User name later as well provided it is still Unique in the database(Database is SQLServer2005).
The Problem: Now i want to move the website to .NET and want to use the .NET Membership. I know how to create the database structure in SQL Server through aspnet_regsql script but my problem is how should i import the existing username and passwords as the password stored in MembershipDB is Hashed (salt). Also i might want to allow admins to impersonate as users later.
View 5 Replies
Jan 13, 2010
is there a way to snag the database id of a newly created user after CreateUser has been called? I need to be able to tie that id to another database table. From what my book shows me, it looks like member info is encrypted, so merely looking at the membership database table.
View 11 Replies
Oct 31, 2010
Without reading the whole text below, since this is on the ASP.Net side ... basically I think I need to know if there is a way to reduce the size of the forms authentication cookie. When using a DotNet 2.0 website, the ASPXAUTH cookie is about 232 bytes ... when using the same source code but upgraded to DotNet 4.0. the cookie is approximately 264 bytes, setting the ticketCompatabilityMode does not reduce the size since I think the default setting is Framework20. I length of the cookie, including the its' name can not be larger than 256 bytes in order to use it with the "Client Application Services".
I only did a cursory search of the asp.net forums, but will dilligently look for an existing solution.
----- BACKGROUND AND RESEARCH -----
I have been using all three features of client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any problems. This week I hit a brick wall and am pretty stumped with two seperate but related issues.
Issues:
In development, we decided to upgrade our websites/services to DotNet 4.0. All applications upgraded successfully. However we are unable to log into our application using Client Application services. No matter what user we use, Membership.ValidateUser returns false. Since we know the username and passwords, we thought this was strange. When debugging the application, we found that Membership.ValidateUser was throwing an InvalidOperationException (see below for complete exception) stating that the ASPXAUTH property was too long, longer that the schema created in the SQL/CE database. (See below for things tried).
In production .. A user all of the sudden could no longer gain access to the application. Upon inspection, his ASPXAUTH cookie was 264 characters long (9 characters longer than the schemas nvarchar(256)). Even though the user was being authenticated on the "server side", and the JSON query returned "{"d":true}", Membership.ValidateUser returned false. Again, as in the case above, the actual error was ...
Message=@PropValue : String truncation: max=256, len=264 ...
I am assuming I am missing something very simple or that I overlooked a settings. In development, this is not a huge issue as I can release the Dotnet 4.0 websites when I am ready. But now that this has happened to a client on a production system, it is very worrisome.
[code]....
View 1 Replies
May 3, 2010
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
View 3 Replies
Sep 1, 2010
I am evaluating ASP.NET Membership for an intranet Silverlight app. I want users to be automatically authenticated for my application with their windows logon. Thus I configured Windows Authentication. I would like to store user settings like email-address in using the SqlMembershipProvider and not AD. It seems that storing user settings using the SqlMembershipProvider is not supported with Windows Authentication. Is this really so (using .NET 4)?
If so: What is the rationale behind this? IMHO authentication, user settings and authorization are distinct aspects. User settings could easily be stored (identified by user name) using the SqlMembershipProvider with authentication and password management being supplied by Windows. What is the recommended solution for my scenario?
View 2 Replies
Mar 18, 2010
I just like to know how can i create my own authentication(calling the ASP .net membership, role) page with the same function as the LOGIN Control. Your wondering, why not use the Login control instead. I have my own design and i don't know how to pattern my design to the built in Login Control. I tried editing the login template, but it's pretty hard to pattern it to my design.
This is my design
Basically what would like to know how the Login Control calls for the authentication, and when authenticated, it will pass the user(full name) to my LoginView Control without any coding. Or is it possible that I remove default login button in the LOGIN Control then create my own button and trigger the authentication or validation? But if you have other suggestion that can follow my design and call the authentication, i would be happy to know.
View 3 Replies
May 4, 2010
I'm developing a web application using EF4, POCO's, WCF Data Services and the presentation tier (HTML, CSS, JavaScript, Ajax - NO WebForms). For security I would like using ASP.NET Membership Provider (Authentication Service): from a *.htm file calling the AuthenticationService. I executed aspnet_regsql.exe (to create the necessary database tables) and modified my web.config file:
<configuration>
<system.web>
<roleManager enabled="true" />
[code]...
View 1 Replies
Jul 19, 2010
I am trying to create my own membership system. Therefore I created my own membershipuser class and membership provider class. But I am getting the following error on Createuser method of My membership provider class; no suitable method found to override
This is how my CreateUser method looks like:
public override MyMembershipUser CreateUser(string username, string password, string email, string status, int registerd_on, out UserCreationStatus creation_status)
[code...]
View 6 Replies
Aug 18, 2010
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
View 1 Replies
Oct 19, 2010
I am having an issue, with the membership and form authentication. I am having a problem where when an logged in user types a url they can see the content of pages they're not suppose to. When the user tries to click on the screen or any ajax fires they are redirected to the main page. What is going on? I have all the items setup in the webconfig properly just wondering what is happening. Also I don't want to use a redirect solution for each page since that is what I thought webconfig was setup for.
View 1 Replies
May 24, 2010
if window based using c# .net,how can i create a window authentication when access system.
View 2 Replies
Oct 21, 2010
I am running Windows Server 2008, ASP.NET 3.5, IIS7 i wonder if it's IIS7 problem, or .NET Framework or even security updates problem suddenly all websites do not work, and from event viewer there're two errors
Exception: System.TypeLoadException
Message: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
StackTrace: at System.Web.Hosting.IIS7WorkerRequest.Dispose()
at System.Web.Hosting.PipelineRuntime.DisposeHandlerPrivate(HttpContext context)
at System.Web.HttpRuntime.FinishRequestNotification(IIS7WorkerRequest wr, HttpContext context, RequestNotificationStatus& status)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Faulting application w3wp.exe, version 7.0.6002.18005, time stamp 0x49e023cf, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd
it's on SP2 already
View 1 Replies
Nov 11, 2010
In Visual Studio 2005 I am following the steps to add a Web Reference to a web service.hings appear to go smoothly except for an error messae I am getting. Here are thesteps I follow along with the result.1. Right click on Web References folder and select "Add Web Reference..."2. When the dialog box appears I add the web service URL into the URL dialog box.The web service methods are then displayed in the dialog box with the links to each web service and a prompt to "Start Browsing for Web Service"However in the box to the right which is labeled "Web services found at this URL", there is an error messagewhich reads:There was an error downloading 'https://stage-serv/weatherQuote/WebService/weatherQuote.asmx
The underlying connection was closed: An unexpected error occurred on asend.Authentication failed because the remote party has closed the transport stream.I don't know what is causing this problem. I can reference this same web service on a productionserver just fine, but if I attempt to access it on the stagig server I get the message Ijust talked about.I am thinking that something is not configured on the staging server correctly.
View 3 Replies
Jan 23, 2010
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
View 8 Replies
Jul 27, 2010
I am trying to build an application that
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
View 1 Replies
Aug 9, 2010
I want to create a digital signature, for my product, for creating the digital sigmature i want digital certificate. I came to know there are lot of third party available for creating digital signature. If any one know can tell some of third party for this.
View 1 Replies
Apr 26, 2010
Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
View 3 Replies
Aug 28, 2010
I have an intranet site that is used to pull several other intranet applications/tools and database info to one place.One of the most popular features uses iFrames and jQuery tabs to give a broad overview of activities, signal etc in a network node. Chrome and Firefox eat it up with no problems, IE will work if you override the cookie policies that restrict 3rd party cookies
without a valid p3p (what a worthless standard). IE also works if you already authenticated yourself on the individual sites and the session cookies are still valid.
View 1 Replies
Mar 31, 2010
Is it possible to log the user automatically into a third-party website if we have their details on record? For example, if I had a users facebook/hotmail username/password stored in my database, is it possible to use these details to log them into facebook/hotmail, then open up facebook/hotmail.com with them already logged in?
Basically my Client uses Basecamp for their customers and wants a way of automatically logging his customers into basecamp from their website without them having to go through the trouble of logging in again (after they've already logged in through my clients website).
View 5 Replies
Jul 5, 2010
I am using third party tool in my web site.Its running fine on my dev. PC.but when I upload it to serverm it says "System.Security.SecurityException: That assembly does not allow partially trusted callers."when I read about this error, many suggest to get it set trust level to high by admin bacause developer can not.
View 5 Replies
Oct 15, 2010
I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.
WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80�in and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.
<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated
[code]....
But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.
Here is my custom policy file -
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />[code]....
After i deployed the wsp i verified
* the dlls going to bin
* the trust level changed to custom trust level
* custom policy file being added to config folder
But when i run the page i get the following error -
screen shot -
Error -Execution Permission Denied
I've checked my entire application for any assembly references of the dll. But i was not able to find one.
View 1 Replies
Nov 12, 2010
I have a web site that is using windows authentication. 'Enable anonymous access' is unchecked. It works when I call it through Visual Studio but when I put the site on the server I get the following error:
Unable to cast object of type 'System.Security.Principal.GenericPrincipal' to type 'System.Web.Security.RolePrincipal'.
Here is the offending line:
System.Security.Principal.GenericPrincipal genericPrincipal = (System.Security.Principal.GenericPrincipal)HttpContext.Current.User;
View 3 Replies
