We are in the process of building a new website which we want to lock down to specific computers to only allow access, then once the pc is authenticated we will do our in built user authentication. Also, when a pc is known, we dont really want anything on the pc which can be easily transfered (by the client) onto another pc in order to gain access to the website. the best way to achieve this 'lock down', we dont really want to go down the AD route and have loads of extra user data to maintain.
Does anyone have any pointers for implementing the following: I want to cheaply enable multi-factor authentication on an asp.net website. I want people to be able to use an app on their phone (iPhone at the very least) to generate the token used alongside their username/password to login to the site. I do not want the people to have to carry a third-party device/fob to generate the token.
implementing a strong two factor authentication solution to an app that's already using asp.net authentication? any particular add-ons that work well with asp.net? Preferably one that doesnt involved end-user hardware.
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
I have two login control in the index page of my website,each of two different usertypes. there are two user types brands and creatives.the branded user will log in to brands bin(brandsbin.aspx) the Creative user will sign in to creativebin(creativebin.aspx) i am using forms authentication for signin. so i am confused here to to rediret to default path for each user types. how to set default page for each user types. in the web config file i have added like this
This is just a glimpse at the object model, but it's focused on the complexity of the relationships and lists. What I can't really get is what's the best way to factor my repository interfaces, given the requirements to do a unit of work. For example, to create a game, you'll need a venuedate and two participants. Does that mean the GamesController should require an IGameRepository, an IVenueDateRepository, and an IParticipant repository? Should they be rolled into one repository?
Also, what about in the consumption cases? For example, to display a signle team's schedule, you'll need all of the Participants for that Team, all of the Games for that participant, and all of the GameSegments for the participant. If those are factored into individual repositories I can't see how you can do efficient queries. Does that mean you have Repositories specifically focused on different cases? for example:
public interface IScheduleRepository { public ICollection<Game> GetScheduleForTeam(Team team); // More consumption methods } public class ScheduleRepositry : IScheduleRepository { public ScheduleRepository (ModelContext context) { // Do stuff with context } public ICollection<Game> GetScheduleForTeam(Team team) { return ( from p in context.Participants where ((p.Game.VenueDate != null) && (p.TeamId == team.Id)) orderby p.Game.VenueDate.StartTime select p.Game).ToList(); } // more consumption methods } public interface IGameRepository { public void AddGame(Game game); // More crud methods } // Not showing games repository public class GamesController : Controller { public GamesController (IGameRepository gamesRepo, IVenueDateRepository venueDateRepo, IParticipantRepository participantRepo) { // do stuff with repos here } [HttpPost] public ActionResult AddGame(Game game) { // Skipping validation logic // this? VenueDate = venueDateRepo.Add(game.VenueDate); foreach (Participant p in Game.Participants) { participantRepo.Add(p); } Game = gamesRepo.AddGame(game); // or this? // how would the game repo know to persist // the children elements? is that tight coupling? Game = gamesRepo.AddGame(game); } // more consumption methods }
My question is I don't yet understand to what degree factoring your repositories make sense based on a connected object model. I'd love to get some advice here.
I have an "Admin" folder in my application that will include pages that I would not like to have anonymous access to. When a user attempts to load a page that resides in this folder, I would like to redirect them to a login page. Here is what I have in my config so far.
The constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time.I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small..Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout!
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
...where [HERE] is the placeholder for my value, from my code behind in ASP.NET before the page is rendered. I generate a guid, and I need that apart of the script on the page.
I have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
I have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e) {try userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception } [code]...