Do any of you guys have experience using Active Directory and the Intranet Zone to silent authentication with a local web site? I've done it in the past with 1.1 and 2.0 .NET, but this 3.5 site I have written doesn't seem to be working for some reason.In the past, how I have done it is:
In web.config, set:
<authentication mode="Windows"/>
In IIS 6, under directory security, check Integrated Windows authentication and Digets authentication for Windows domain servers, and set the realm to my domain, and uncheck Enable Anonymous access.The I add the Host Header for the site to the corporate Intranet Zone in Internet Explorer under trusted sites using Active Directory.And that's basically it. I've done it on plenty of intranet sites before, but with this 3.5 application I am still being propped to login. Anybody see any steps I missed?
I am having a .net project that builds the web based installer. I was using visual studio 2005 environment and the project is targetted to .Net 2.0 framework earlier. I don't see any issues with installing the product that was builted from above environment.
Recently i migrated to Vs2008 and .Net 3.5 framework and the i was facing the following issue. During the installation the web browser( opened in IE 6.0) is getting opened in INTERNET Zone which applied higher security settings including disabling of all Java scripts.The browser was not responding any click events( next or back or cancel).Copying the URL to the new IE doesn't have this issue. I am not sure whether it is an environment issue or not.
I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
We also have sales rep that take call and use the same website to take the orders.
My boss wants me to allow the SR to only be able to take orders if they are in the network itself. When I ask why he tells me "just because".
I'm sure there's a way but I can't see it at the moment. How do I go by doing that? Also keep in mind that if the SR is outside the intranet, he can't be allowed to enter his active directory login/password (so the login window must not even show).
I've a project using windows authentication and it will be used in intranet. The client itself already have a web application in their intranet and they built it with Java (they used windows authentication too). The problem occur when they want my web application only appear within their application content section.
What should I do? I did think about using iframe but some people said it's evil. And if I'm going to use iframe, is it save? My web application will use a few pop up window/modal window and ajax.
I'm in the D820MySite_Developers group. When I attempt to login, it wants my password. I thought that with Windows Authentication it should not prompt for the password. If is use <allow user="*"/> it does not.
1. Is this the correct behavior?
2. My aspnetdb does not appear in the App_Data folder. Should it and is this causing the problem. If it should be there, how do I get it there?
3. I was under the impression that by using Windows Authentication, I can prevent users from accessing pages by folder. Is this provided by IIS or is this provided by Windows (using Windows Explorer)?
I can log in with my own credentials, but I have virtually all the rights in AD. User2 can not log in. The website is set to use Windows authentication in IIS manager. And I've tried setting permissions in IIS manager and NTFS permissions for the folde
We are having an issue with the windows authentication and IIS restart for asp.net application Our environment is an intranet site (an asp.net application ) that uses windows authentication, uses integrated security application pool, physical path credentials are set for a service account, who is admin for sql server, IIS etc. web.config - Connection string has Integrated Security = true, authentication = Windows, and authorization - deny *, allow = security group. Anytime we start - stop service (or restart) (IIS); and hit the website thru some other machine IE, it fails to show the website (401.2), and any subsequent hit to the website doesn't go thru.
However when we start the service, and hit the website on server's (where website is deployed) browser first time then everything works fine for subsequent hits from anywhere as long as authenticated on corp net and member of security group configured in web.config. This behavior however goes away if we uncheck the configuration "Enable Kernel-mode Authentication" on the asp.net application. ( but then Firefox browser stops working with this configuration!!) Why such behavior? In the documentation it states its recommended to keep it enabled. What is recommended way of publishing a website with windows authentication enabled? Any side effects of "Enable Kernel-mode Authentication" being unchecked ( other than what we found for firefox not working) Environment : IIS 7.5 windows 2008 Server R2, VS2008, SQL Server 2008, ASP.NET 2.0
We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
we are migrating existing windows form application to asp.net(3.5) intranet portal, there is a requirement whereby database connection should be made by the logged in windows user. Is it possible to achieve this functionality?
We're using a CMS product called Immediacy, which claims it can handle silent authentication using LDAP / AD but just can't get the thing to work.
point me to a good article or post that lays out the steps to do the above (assuming it's achievable)?
Basically, we need to secure pages on our intranet, and, as our firm is full of 'very important people' who 'don't have time to log in' this is an almost essential requirement.
To work with the ASP.NET 2.0 Membership and Role, we will use Forms authentication for the public Internet. On the other hand, we use Windows authentication for Intranet applications. uestion: In a website with Windows authentication, can I still have some kind ofole management for different groups of the Intranet users? If yes, how?
When in the Catalog Zone, I select a Web Part and a zone in which to put it and then click Add. I need to know immediately which zone has been selected in which to place the selected Web Part.
My Catalog Zone is declaratively a class called CatalogPart1 which inherits the CatalogPart class:
[code]....
But I cannot work out how to use this event to get the Zone that has been selected.
I have been tasked with creating an intranet site and have been able to do everything so far (leaves the door open wide, I know ) EXCEPT get the username that the person is logged in as under their own computer.
<system.web> <pages styleSheetTheme="Black"/> <customErrors mode="Off"/> <compilation debug="true" urlLinePragmas="true"/> <authentication mode="Windows" /> <identity impersonate="true"/> <globalization requestEncoding="utf-8" responseEncoding="utf-8"/> </system.web> Under my master page I am doing this:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If Environment.UserName.Length > 0 Then username.Visible = True username.Text = Environment.UserName Else username.Visible = False End If End Sub
All I am getting is the ASP account name....what am I doing wrong??
I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. I need to do to get the URL with server name working.[URL]
We would like to use AD authentication with our Intranet site to control what pages different users can access. I'm very new to ASP.net and would be interested in links to a how to description. We are using Visual Studio 2008.
The company I work for has a web app running on IIS that has been strictly internal (uses a port other than 80 not accessible to the internet). Recently we started using mobile devices and need to access it over the internet. So I simply made it part of our company web site and secured that portion using forms authentication. The problem is that it is also our home page in the office and it is a pain to be logging in several times a day. In fact some of the staff are irate they have to login in at all when at their workstations. Is there a way to by-pass authentication when the referrer is http://servername/ and still enforce it when accessed via http://www.domainname.com?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.
I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.
My environment is visual studio 2008 in C#, .net 3.5 if that matters.
I have an intranet that gets the current logged in user through active directory. When a user is locked out they get a windows prompt to enter their username and password. Is there a way for me to catch this and redirect them to a page where they are asked to enter their credentials again or tell them that their account might be locked out and to contact the help desk?
I have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...