Using Active Directory To Authenticate Users In WWW Facing Website
Mar 13, 2010
I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database using kerberos (so the NT user has permissions in the DB). This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any/much additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions for simple website config)
So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP.Net already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it.
View 3 Replies
Similar Messages:
Dec 4, 2010
I am trying to integrate authentication for a cloud-based application with an Active Directory forest behind my cilent's firewall.
I am a Python developer from the open-source world... needless to say, .NET is not my forte and I'm not familiar with authentication technologies provided by IIS/WIF/etc.
I have installed DotNetOpenAuth and gotten the sample MVC OpenID provider working with the included ReadOnlyXmlMembershipProvider.
I have scoured Google for a sample config/implementation or any documentation at all that describes the appropriate membership provider to use. The only thing I have found are hints - "It's included out of the box," or "create a .NET app that authenticates off of AD and expose OpenID."
How can I query off my client's AD? Is there a provider included with DNoA?
View 1 Replies
Jan 21, 2011
I'd like to Authenticate Users without having to use a Membership Provider.
What's the easiest way to do this?
I'm looking at returning a DirectoryEntry.
View 7 Replies
Sep 28, 2010
How to authenticate an user against a particular OU in Active Directory. If the AD holds 50 OUs I don't want to look into all 50 OUs , instead it should look into a particular OU( for eg: OU=dotnet users) to authenticate the user.
View 1 Replies
Feb 11, 2011
I want to learn how to add/delete/update account (including adding mail boxes for new users). Can someone point to a good book where I can begin from. I want to start with some real basics and build from there.
View 1 Replies
Mar 13, 2010
have a probleme with my search filter, i want to list the users of an organizational unit result.filter =(& (objectClass= user)(ou=dep1)); ====> it didn't work for me
View 1 Replies
Jun 15, 2010
I need to list a group of users, their group name is (IRS Group) to a list group. how to do this. I'm very new to asp.net and dont have much knowlegde about acctive directory.
View 1 Replies
Apr 22, 2010
I'm a complete beginner with Active Directory, never having done anything with it. So here's probably a basic question.
Can I run a simple query from within an application to get all enabled active directory users?
View 3 Replies
Jul 7, 2010
I am trying to retrieve all the users from active directory into a sorted list, but for some reason it does not return all the users like myself for instance. It's on a client's ad and there is probably about 1500+ users in AD.
My code is as follows
[Code]....
What am I doing wrong?
This is the first time I am working with AD...
View 1 Replies
Aug 14, 2010
I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
View 1 Replies
Mar 25, 2011
I am trying to develop a internal corporate portal that will be hosted external either on company leased decicated server or by hosting service like godaddy. The company portal is going to have links internal and external resources like Outlook Web Access and Sharepoint, Great Plains, our CRM software, etc, etc. I am basically creating intranet site for the company but the intranet is going to be hosted externally.
How do I authenticate user against the Active Directory, when the intranet site is hosted remotely?
View 1 Replies
May 18, 2010
I have done a small active directory application and it is working fine in my testing environment. However, When I put it on the production server, it is throwing following erroMain Error: Logon failure: unknown user name or bad password.Stack Trace :[DirectoryServicesCOMException (0x8007052e): Logon failure: unknown user name or bad password.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +636
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
[code]...
View 1 Replies
Feb 15, 2010
I m writing a web page to display user name and his contact number.
I m giving user a choice to enter user name once he enter the name i should be able to search in active directory and return all user starting with (inputed name).
DirectorySearcher deSearch = new DirectorySearcher(de);
//set the search filter
deSearch.SearchRoot = de;[CODE]....
Above code needs exact login name like adamjo which is not the purpose.i should be able to display all possible possibilities for example if user enters adam i should give him choice to select whether he want to see adam josef or adam john e.t.c.Is there any property to find first name from active directory?
View 3 Replies
May 5, 2010
I am using System.directory services namespace in framework 2 to query active directory. I have used fixed user account impersonisation in the web.config file, find the code:
<identity impersonate="true" userName="enterprise ang09" password="Telcome123"/>
<authentication mode="Windows"/>
I have disabled anonymous access in IIS. Also i have given Read & write access to the account tang09 for the website virtual directory and Microsoft.NET folder located in windows folder. But still i get prompted for the domain username and password to access the website.
View 4 Replies
Mar 2, 2011
How can I get a list of users from active directory? Is there a way to pull username, firstname, lastname? I saw a similar post where this was used:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"); I have never done anything with active directory so I am completely lost.
View 3 Replies
Aug 11, 2010
I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.
View 4 Replies
Mar 31, 2011
I am a newbie on a LDAP, now we want to re-deploy a web application that will validate user name and password with AD in a login.aspx
I had success to check the user and password in VS 2008, but when I publish to server it don't work, (they can login even wrong username and password) I had enable the anonymous access and intergrated windows authentication on IIS. we using authentication mode = windows in our web.config
using something like the following to check the AD account
System.DirectoryServices.DirectoryEntry entry = null;
bool isOpened = false;
bool isSuccess = false;
try
{
string dom = System.Configuration.ConfigurationManager.AppSettings["domain"];
entry =
new System.DirectoryServices.DirectoryEntry("WinNT://" + dom, tb_username.Text.Trim(), tb_password.Text.Trim());
isOpened = true;
Object obj = entry.NativeObject;
but still no luck on IIS server. Would you mind to give me a hand to solve this issue, I had google for a week and still can't solve :(
View 3 Replies
Jul 7, 2010
I want to use the Domain Users group to show all the users in a dropdown box. For some or other reason I cannot return all the users when looking for everyone under the domain so instead I was thinking of using the domain users group.This is part of my code:
[Code]....
[Code]....
View 1 Replies
Jun 25, 2010
.NET 4.0
I wonder if it's possible to use .NET to get access to users in Active Directory:
- Methods that returns a collection of users belonging to a specific AD group
- Get access to AD propterties beloning to the user account, want to check if the user account is disabled or not
View 1 Replies
Oct 19, 2010
I am trying to do something that i am sure has been done before. I have a asp.net pagethat changes a password , and it works fine if I use credentials of a user with rights to a OU that holds the users container. However i would like to have the users credentials
userEntry = new DirectoryEntry(adspath,userid,this.oldPasswordtb.Text.ToString(),AuthenticationTypes.Secure);
be used when executing
userEntry.Invoke("SetPassword", new Object[] {passwd});
currently I get System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) --- End of inner exception stack trace --- at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args) at ASP.changepassword_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:usrhtmlexternalChangePasswordchangepassword.aspx:line 128any ideas why that wouldn't work users I assume have right to modify that attribute of their CN right?see code below
<%
string userid = System.Web.HttpContext.Current.User.Identity.Name.ToString();
userid = userid.ToLower();
[code]...
View 1 Replies
Jul 17, 2015
I am wanting to make a sign in and out site for reception I have made it so far using C#, I have got the visitor part sorted, how I could let staff choose there name from a list that has retrieved the names from active directory and then that pulls there name into the SQL Database and then adds a row with there name into as including other columns but I can do the other columns.
View 1 Replies
Apr 22, 2010
I have been asked to use the login control to authenticate users to use the website. I have a master page which has header pictures and a menu down the left. I have created a login form and configured my web.config file to use form authentication but when I run it, it does not show my master page just the content page. Should my login page not be a content page?
View 39 Replies
Oct 27, 2010
The behaviour I would like is for a user to be able to visit a custom built website and if they are already authenticated against sharepoint for the custom website to know who they are and give them various rights. If they are not recognised by sharepoint then I would like them to login to sharepoint and be directed back to the custom website. Sharepoint picks its users and groups up from Active Directory. I don't know much about the internals of the server, but the custom one will be in a separate domain (I think) though I have full control over the custom and moderate control over the SP infrastructure.
View 1 Replies
Aug 31, 2010
how to show windows server 2003/2008 Active Directory User data in windows phone 7.
in asp.net application we can use "System.DirectoryServices" Namespace. in didn't find this name space in .net compact framework.
View 2 Replies
Aug 4, 2010
I need to get the list of domain usrs. The users not necessorily be on the domain where I am logged in. (e.g. I am logged in on domain "Dom111" but I need the list of users from the domain "Dom222")
I want this information on the basis of following -
1) Name of the Domain
2) A valid User name (of-course with Admin rights for the Target domain) and password
I am trying to use the following code -
DirectoryContext dc = new DirectoryContext(DirectoryContextType.Domain, "Dom222", "Administrator", "password");
Domain domain = Domain.GetDomain(dc);
DirectoryEntry de = domain.GetDirectoryEntry();
FillList(de);
Here is the FillList function
private void FillList(DirectoryEntry de)
{
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=user)(objectCategory=person))";
SearchResultCollection results = deSearch.FindAll();
//checkedListBox1.Items.Clear();
foreach (SearchResult srUser in results)
{
DirectoryEntry deUser = srUser.GetDirectoryEntry();
checkedListBox1.Items.Add(deUser.Properties["sAMAccountName"].Value.ToString());
}
checkedListBox1.Sorted = true;
}
This works fine for the domain where I logged in (i.e. Dom111) but for the other domain (Dom222), while executing the statement - Domain domain = Domain.GetDomain(dc); I am getting the error saying "The specified domain does not exist or cannot be contacted."
Now, For creating the dc if I use following - DirectoryContext dcTemp = new DirectoryContext(DirectoryContextType.DirectoryServer, "Server_dom222", "administrator", "password");
Then everything works fine. But as you can see I need to pass the "Domain Controller (Server) Name"which I want to avoid.
View 1 Replies
