VS 2010 Mixed Authentication With Roles

Dec 13, 2011

I have the requirement for internal users to acces our web app without loggin in manually so using windows authentication, external users need to be refered to a form based authentication.

Now I have implemented the solution [URL] ....

However I also need to employ roles for authorization. The forms side is all set up but I cannot seem to get it to work for the windows side of things, looking for implementing a mixed mode involving roles?

I tried adding in an extra provider

<providers>
<add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="aspnetdbConnection_dev" applicationName="Corp.Web.GSP"/>

but how to configure it for usse only by the windows users. Secondly if I set it as the default where I have code like

if (Roles.IsUserInRole("Internal") || Roles.IsUserInRole("SysAdmin") || Roles.IsUserInRole("Sales"))
{

I get an

Method is only supported if the user name parameter matches the user name in the current Windows Identity error

<add name="WindowsRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />

View 5 Replies


Similar Messages:

VS 2010 / IIS7 - Mixed Mode Authentication

Sep 14, 2011

I am trying to implement single sign on for users within our domain and if the are not then they get re-directed to the login screen to use forms authentication.

I have followed this tutorial below

however I get two issues firstly if I go to my forms authentication page no css or images now display and if i try to login i get an error.

If I go to the login page which should recognise me from the AD I get 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.

[URL].....

View 3 Replies

DataSource Controls :: Use Mixed And Server Authentication Option Inplace Of Windows Authentication?

Jan 8, 2010

I have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.

View 2 Replies

How To Allow Mixed-mode Authentication In IIS 7.0

Oct 19, 2010

How do you back-door authenticate Windows users into a website using forms authentication running on IIS 7.0?

View 1 Replies

Security :: How To Do Mixed Mode Authentication

Jan 13, 2011

I have a question about mixed mode authentication. I've been doing some research into this, but I haven't found the answer yet, so I figured I'd just ask:

I have an internal application that requires login. Right now it's using forms-based authentication. We'd like to make it so that, if you're internal and authenticated against Active Directory, you don't need to login to the application. However, if you're coming in from the outside (or don't have an AD account), it would then require them to login via the forms-based Login.aspx page.

From my research, it seems that the only way to do this is to enable forms based auth as the default membership provider, then on the back-end do a check at Page_Load to pull their login name, match it against the .NET membership and then authenticate them automatically - am I wrong on this?

The documents I've found all seem to point to the user having to login anyway, just the login being stored in AD - instead of having the user just login once to their machine in the morning and using that to verify them and their roles in subsequent applications.

View 4 Replies

Security :: Mixed Mode Authentication With IIS7?

Jan 20, 2011

I'm having a tough time implementing mixed-mode authentication (windows & forms based) for my application using IIS 7. Doing it in IIS6 is easy, but the process doesn't translate to 7/7.5 - and my research has led to me to conflicting answers, none of which.

I have redirect page called WindowsLogin.aspx, and a forms-based one called Login.aspx. I'm having difficulty enabling Windows authentication for just WindowsLogin.aspx.

View 1 Replies

Security :: Mixed Authentication Using IIS 7 On Windows Server 2008?

Sep 30, 2010

Mixed Authentication Using IIS 7 On Windows Server 2008?

View 2 Replies

Security :: Mixed Mode Authentication Fails In Multiple IIS Websites

Jan 26, 2010

I created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]

Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.

Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).

So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].

All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.

View 4 Replies

DataSource Controls :: Login SSMS Using Mixed Mode And Windows Authentication?

Jan 9, 2010

I had a problem login management studio (Sql server 2005) using windows authentication because it doesn't show me any server name to connect and if I put my computer name and user name (my-PCpatel) login was failed.

So, I decided to uninstall it and install it again using mixed mode authentication. After installation I select sql server authentication instead of windows authentication and put login name as "sa" and password that I had put it during installation. But the connect button is dark gray(the way I can not select it or press it on) while the other button (cancel, help, option) can be selected or pressed.So, why am i not able select or click on connect button?

View 1 Replies

Security :: Website Windows Authentication Fails When Enabling SQL Mixed Mode?

Oct 18, 2010

Just to describe the scenario. I have a website. This lives on a webserver. On that webserver is an SQL server. The website connects to this database using windows authentication. I have written a windows form application that connects to the SQL Server on the webserver. This application is being run from a location on out intranet. The Winform application use SQL authentication to connect to the database. The SQL Server didn't have mix mode authentication enabled. So I enabled it. The winform application could now connect to the SQL Server.

This is where it starts getting a little strange.

The Website that was already connecting find using integrated authentication starts failing with:

Login failed for user 'NT AUTHORITYNETWORK SERVICE'

When you are enabling mixed mode authentication, you are adding another authentication method, why would the original Windows authentication fail?

View 1 Replies

Mixed Mode Authentication Against AD And Fallback To The Database If It Fail With Membership Providers?

Jul 12, 2010

my user will use form authentication against Active Directory or database. Theres no Windows Integrated Authentication there!!

What i want is when the user submit the authentication form, it will try to validate the user against Active Directory and if it fail, try with the database.

How can i do that? What i had in mind was to build a custom membership provider that will encapsulate the logic but im not sure how to start.

View 2 Replies

SQL Reporting :: SSRS 2005 "Mixed" Authentication Mode?

Aug 24, 2010

I have a web application where users can authenticate using either SiteMinder or Windows domain accounts. This is actually configured as two separate virtual directories within IIS 6. Both applications need to use the same instance of SSRS. Is it possible to configure the SSRS web application so that if a user is authenticated by SiteMinder it impersonates a Windows account, but if they are already Windows-authenticated that account is used instead?

View 2 Replies

Forms Authentication For Different Roles?

Sep 7, 2010

I am developing a website in which i am using forms authentication. We have 2 log in pages.one for user another for admin. I added this code into webconfig file for user.

<forms loginUrl="Login.aspx" defaultUrl="Home.aspx" >

I am using this code for user side when user successfully logged in.

FormsAuthentication.RedirectFromLoginPage (UserName.Text, chkPersistCookie.Checked)

I am not using the default user membership database.i have my own data base in sql server 2005 I want same thing for admin,but the default url is Admin.aspx & login url is adminlogin.aspx for admin. How can i assign in web config file for admin?

View 2 Replies

Security :: Authentication - Redirect URL For Different Roles?

Mar 10, 2010

I am currently having a spot of bother in something im trying to create. I want it so when a user who is in a certain role logs in they are directed to a certain page, and any other normal users are directed to another page.

I think i have this sorted via code but...

-The first time it will work, the 'admin' user will get directed to the appropriate page

-I then log out and log in as a normal user and get directed to the appropriate page

-then when i log out of that users account and back into the admin one i get directed to the normal users page instead.

-additional to this, I tried it on a different machine logging in as the admin user only to be redirected to the normal users page (is my session being stored somewhere?)

Ive traced through the problem and the user name and password being subbmitted are what they should be, yet it skips the true part of my IF statement for being in that role.

Here is my code I am using on the login form:

[Code]....

-When stepping through if seen it work and not work with the same values, I cant understand the logic of its inconsistency

the code i am using for the logout is (this is on my masterpage):

[Code]....

View 4 Replies

Security :: Update Roles In Form Authentication?

Feb 14, 2010

I am developing a website in which I am using ASP.NET Form Authentication and everything is working fine as I am expecting. I can authenticate user from login form, I can read user roles from database and can add authenticate ticket in which user roles are stored as user data etc. etc.

Now I want to give user a page where user can update his roles in the database by selecting any role he/she want from the list of checkboxes. I know how to update the user roles in database but I want to know how to update user roles in the authentication cookie after database update.

Let's say in the start user is in "Seller" and "Buyer" role and later he want to become member of "Agent" role as well and he update his roles from the given page and everything is updated in database. Now according to database user is member of three roles but User.IsInRole("Agent") method is returning me false because the new role "Agent" is not updating in the authentication cookie.

How can I update a newly added role in authentication cookie when user is still logged in.

View 4 Replies

Active Directory/LDAP :: AD Authentication Using Forms - Dealing With Roles

Mar 2, 2010

I am not really sure if this post should go in the Security section or the Active Directory / LDAP section....with that being said I am looking for advice on how to best accomplish my goal(s), I am working with FORMS authentication, using active directory (across 2 domains). I have got authenticating working correctly based upon the article at: [URL] now - my questions:

1. What is the best way to deal with roles? What I would like to do is restrict access to my application so that only the users that are authorized to use the application can login - not everyone in the AD. My gut feeling tells me I would use an AD group for this. Furthermore, a subset of these users in this group will be allowed to access the data maintenance forms

2. Ideally, in a perfect world, I would like to write this authentication piece as a separate project - this way it could be used for multiple projects - the only thing different would be the AD groups it would be checking. Is there a way that I could set which AD groups or roles in each projects web.config?

Am I approaching this the correct way? What is typically done?

View 7 Replies

VS 2010 - Hide DIVs Based On Roles

Mar 26, 2012

I have a bunch of divs that are widgets. I am using a custom role provider and I need to hide the divs based on roles. Is it better to add a "runat=server" attribute to the div so that I can hide/unhide in the code behind? Should I hide/unhide on the aspx page or do i use panel controls and hide/unhide in the code behind?

View 1 Replies

How The Visual STudio 2010 Sample Website Works / Put Roles Like Administrator

Apr 8, 2010

we are a small team of student developers and we are making a website with a silverlight application hosted on the sample website of VS 2010(i mean the one you go New website new asp.net website).But we cant understand how the login works or how we can put roles like administrator and such.Also we are using master pages and pages and i would like to know how can we make container to not being visible to an unregistered user and how to be visible in registered or better to a spesific user.

View 1 Replies

Roles Authentication Works Using Authorization Attribute But Not Via Authorization In Web.config?

Mar 29, 2011

I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...

My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:

[Authorize(Roles="Administrators")]

However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:

[code]....

However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.

If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.

View 1 Replies

Web Forms :: Assign Roles To Users Using Forms Authentication

May 7, 2015

how to implement role based security in asp.net 4.0, in detail. Like from Data base to UI. how I wanted to implement. On page Load, drop will be filled with all available roles, with list of all check boxes(basically it will equal to the no. of links on the left side tree) below, I will select required boxes and then save. If that particular user with that role logged in, then we will load only those links which this role is having ( of course we will assign that user with the spefic role).

View 1 Replies

VS 2010 Active Directory Authentication?

Jul 26, 2010

I got a request from a specific client to rather use Active Directory than SQL Server Authentication, and was wondering if someone can give me a push in the right direction.I hoping to stick to using service contracts (interfaces) and just have a different implementation (injected with castle perhaps) for each client (though it will only be one client for now using Active Directory, instead of my usual aspnet membership / role providers), but as I never did this I'm unsure if that would be possible.

View 5 Replies

VS 2010 - Forms Authentication Across Applications

May 14, 2012

I'm using a common <machineKey> to allow two ASP.Net applications to share a single forms authentication ticket (ie. only need to login to one application to access both). My problem is that I only want users in a particular role to have access to the second application. What's the best way to implement this?

I've tried checking the role in Application_AuthenticateRequest() and doing FormsAuthentication.SignOut() if the role doesn't match, but that doesn't get picked up until the second request to the application. I can't redirect from Application_AuthenticateRequest() because that would just create a redirect loop.

View 2 Replies

VS 2010 Windows Authentication - Session Time-out?

Sep 20, 2010

Does Session Time - out is applicable ing Windows authentication?If so, in what event can i capture this?

View 6 Replies

VS 2010 - Authentication (login Session) On The Clientsite

Jan 19, 2011

I am checking if the login session is still available on the client side in Jquery. What i did i created a web method to be called as a pagemethod on the client side. the webmethod is defined like this

[System.Web.Services.WebMethod]
public static Boolean CheckSessionExpiration()
{
Boolean IsLoggedin = false;
if (System.Web.HttpContext.Current.Session["LoginUser"] == null)
{
IsLoggedin = false;
HttpContext.Current.Session.Abandon();
HttpContext.Current.Response.Redirect("Login.aspx");
}
else
{
IsLoggedin = true;
}
return IsLoggedin;
}

and in my Jquery i have functions that perform different operations and before those function execute, i will need to make sure that the user is still logged in, so i will call the web method on the client side like this

PageMethods.CheckSessionExpiration(OnCheckSessionExpirationComplete);

and its callback function like this

function OnCheckSessionExpirationComplete(result) {
//Callback function
}

i know the webmethod should be void because the boolean value is not used at all on the client side or anywhere in the app. Now my question is. My Assumptions are , looking at the webmethod that is being called on the on the client side, it will execute first and if the session is null and it will not continue to execute. The client side code that was about to follow Please clear my assumption. Mybe there is something i don't know about Jquery that will make it continue even if the page redirection code is fired.

View 5 Replies

Visual Studio :: Authentication After Upgrade To VS 2010 And .net 4.0?

May 5, 2010

My application uses authentication mode="Forms". I am doing my first Publish since the upgrade and all looks correct. I publish to the File System which is what I used to do in VS2008. When I install the app on my server (IIS6), the login page renders correctly and I enter correct authentication. In previous versions, the application would then render the Default.aspx page. Now, I receive a windows authentication window for my website. I'm not sure what's changed and I think it has something to do with the publish process in VS2010 although I may be mistaken

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved