Users To Re-authenticate With NTLM
May 24, 2010
I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site. Right now once a user logs in it keeps them logged in for weeks at a time. The use of the application is being opened up to users who share computers that use logged in service accounts. I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.)
View 3 Replies
Similar Messages:
Jun 3, 2010
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
And web.sitemap:
[Code]....
View 8 Replies
Oct 28, 2010
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
View 2 Replies
Mar 25, 2011
I'm new to asp.net and SQL Server and I'm trying to research and implement a good way to authenticate a user using those technologies. Would you have any advice as to best approach this? I've read some of hashing but I couldn't find a good tutorial or website describing the best way to approach that
View 3 Replies
May 18, 2010
How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.
View 4 Replies
Mar 25, 2011
I'm using ASP.NET MVC and I want to authenticate users with their Google or Facebook account
View 4 Replies
Sep 25, 2010
I am working on an app where users are only allowed access if they click through from certain URLs. I.e. I need to authenticate by using the referral url and I am using
Request.UrlReferrer to achieve this.
I am guessing that the Request.UrlReferrer can be tampered with by malicious users to gain access...
View 3 Replies
Apr 22, 2010
I have been asked to use the login control to authenticate users to use the website. I have a master page which has header pictures and a menu down the left. I have created a login form and configured my web.config file to use form authentication but when I run it, it does not show my master page just the content page. Should my login page not be a content page?
View 39 Replies
Oct 27, 2010
The behaviour I would like is for a user to be able to visit a custom built website and if they are already authenticated against sharepoint for the custom website to know who they are and give them various rights. If they are not recognised by sharepoint then I would like them to login to sharepoint and be directed back to the custom website. Sharepoint picks its users and groups up from Active Directory. I don't know much about the internals of the server, but the custom one will be in a separate domain (I think) though I have full control over the custom and moderate control over the SP infrastructure.
View 1 Replies
Mar 13, 2010
I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database using kerberos (so the NT user has permissions in the DB). This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any/much additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions for simple website config)
So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP.Net already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it.
View 3 Replies
Jan 13, 2011
I need to authenticate users based on three parameters such as username, password and officename instead of just username and password. User name is unique only across the single office and not across the application.
Can I achieve this using Membership class and if yes do I need to write any custom code for that?
View 1 Replies
Dec 4, 2010
I am trying to integrate authentication for a cloud-based application with an Active Directory forest behind my cilent's firewall.
I am a Python developer from the open-source world... needless to say, .NET is not my forte and I'm not familiar with authentication technologies provided by IIS/WIF/etc.
I have installed DotNetOpenAuth and gotten the sample MVC OpenID provider working with the included ReadOnlyXmlMembershipProvider.
I have scoured Google for a sample config/implementation or any documentation at all that describes the appropriate membership provider to use. The only thing I have found are hints - "It's included out of the box," or "create a .NET app that authenticates off of AD and expose OpenID."
How can I query off my client's AD? Is there a provider included with DNoA?
View 1 Replies
Jan 21, 2011
I'd like to Authenticate Users without having to use a Membership Provider.
What's the easiest way to do this?
I'm looking at returning a DirectoryEntry.
View 7 Replies
Feb 5, 2011
we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.
We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using
Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.
View 4 Replies
Mar 26, 2010
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?
View 1 Replies
Dec 10, 2010
Does anyone know how I can authenticate users based on their Email Address and Password as oppose to Domain, Username and then Password?
View 1 Replies
Mar 8, 2010
I have a ubr file setup to stress test an internal DotNetNuke site with WCAT:
transaction
{
id = "Intranet Home Page";
weight = 1000;
cookies{clear = true;}
[Code]....
View 1 Replies
Sep 21, 2010
I have one project in asp.net using httpModules. But i got one exception while debugging,
the error shows like this: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.I don't know whats the problem in my code, i refereed many sites, but there is no correct solution at there.
View 1 Replies
Jan 18, 2011
I know that you can enable NTLM authentication in an ASP.Net app using:
<authentication mode="Windows" />
However - I need to handle Forms, HTTP and other custom authentications in the same app, so ASP.Net's limited built-in support is no use.
The NTLM handshake should be fairly simple:
Request - [unauthenticated - no user info passed]
Response - 401 Unauthorized
WWW-Authenticate: NTLM
Request - Authorization: NTLM <base64-encoded type-1-message>
[code]...
I need to parse type-1 and type-3 messages and generate a type-2 message.
The structure for those messages is well documented but fairly complex - it seems very messy to write my own message generators and parsers. I think the methods to read and write these messages should already be in .Net, but I haven't been able to find them.
View 1 Replies
Feb 8, 2011
I currently have an odd problem with ASP.Net authentication. Consider the two following lines:
MembershipCreateStatus ct = new MembershipCreateStatus();
Membership.CreateUser("admin", "mypassword", "test@gmail.com", "1", "1", true, out ct);
This does register my user in my database. I have verified this.However, when I run this immediately after:
FormsAuthentication.Authenticate("admin", "mypassword");
The authentication fails. The weird thing is I know for a fact that the user does exist in the db, and that is further confirmed if i run
MembershipUserCollection uc = Membership.FindUsersByName("admin");
and uc does hold my admin user withe all the proper info. why Authenticate would return false?
View 1 Replies
Feb 9, 2010
I have an asp.net web app that uses forms-based authentication, a SqlMembershipProvider (using an encrypted password format), and a SqlRoleProvider. I need to know if it's possible to administer the users (create new users, assign them to roles, etc.) from a windows application - the powers that be don't want any administrative functionality in the web app itself.
Here is the membership provider definition from web.config:
[code]....
So, obviously, I have a Sql Server database that contains the users and roles for the web app. I'd like to create a separate windows app that references the web app assembly, and use the configured MembershipProvider, RoleProvider, and machineKey to create users, assign users to roles, etc. If that's not possible, I can duplicate the configuration settings from web.config within the windows app. But I don't know how to do this either.
View 3 Replies
Mar 25, 2011
I need to stop users users using the browser back button and potentially submitting an old version of a form.
I'm storing a guid in a session variable and also writing the value to a hidden form field and then checking the session value against the hidden field value if a user does try to navigate back and submit an old form.
If the form is submitted and the user wants to complete a new copy of the form then a new guid is generated both to the session and to the hidden form field. Now, if the user decides to hit the back button a few times to get the old form and tries to submit it again, the page checks the current guid in session against the guid stored in the form field and it finds a mismatch and prevents the form being submitted.
This works as expected in Chrome and Firefox, but in IE6, when the user hits the back button to view the old form, the new guid value appears in the hidden field of the old form! This means the user can submit the old form again, which we definitely do not want.
View 3 Replies
Aug 26, 2010
Allow Admin Users to Access Basic Users Accounts?
View 4 Replies
Dec 6, 2010
[Code]....
after successful creation of 3 users on my web site now cannot create users
View 9 Replies
Jun 25, 2010
different return for added users and for rejected users?
[Code]....
View 4 Replies