WCF / ASMX :: WCF Storing Authenticated User Information?
Jan 15, 2011
I am building a RESTful service using WCF. I basically want to save information about a user when they authenticate to the WCF service. For example I want to save their first name, last name, account number , and password in order to access the information in other requests in the same session. Since this information is sensitive I can not store it in a cookie.
I don't want to use asp.net session state because I plan to run this WCF as a Windows Service. Is there something (class, Assembly) I can use that can save user information and retrieve it per request or do I have to create a custom solution that will create an entry in a database every time a client authenticates to the WCF service.
I have a web application on IIS that will authenticate using windows authentication (Active Directory). So when they access the application http://iisserver/webappname/ it ask for username pwd and domain. (currently working) How can I get information of the authenticated user in the web app through c#?
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult
[Code]....
The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. where should i put my code that stores the user information in the session.
I have created a simply website in which users can log on and complete forms. I wish for this data to be saved for when the user next logs on, but havent got a clue how to approach this.
I'g guessing that the data somehow needs to be saved onto a database that can be accessed by all users when they log in?
We have a series of Silverlight apps that use WCF services via SOAP for just about everything. As we migrate to AJAX we've been hoping to expose the same services via JSONP with little more than config changes on the server.Although the message "Cross domain javascript callback is not supported in authenticated services" seems pretty explicit, I'm hoping there might be a way to allow it. We have a need to expose user-centric data across domains, but we'll need to roll our own JSONP to make it happen if this is a hard "unsupported". It would be even better if there was a way for the server to validate the referrer against the client access policy we provide for Silverlight clients, but for now we just need the general requests to not fail if the user happens to have an auth cookie for our domain from a previous visit.f there's no way to allow this to just work, we're also considering the option of channeling the requests through an IFRAME, but we're definitely open to other recommendations.
I am having a simple WCF service hosted in my website. I am using a console client to send and receive messages from the service. It works fine when I run the WCF web host in my local computer, but fails badly with the SecurityNegotiation exception "The caller was not authenticated by the service". It works fine if I use basicHttpBinding, but fails for wsDualHttpBinding which is required for duplex communication.All the source code for both (console) client & (web) server can be downloaded at:http://www.supernovaservices.com/downloads/WfcEventService.zipI have searched a lot and could not get a proper answer
I have a stored procedure which is working fine and also code in my vb class, which when I click on save, looks as though it has executed but no information is saved into the database....
My code used to save the data into the database is below.
I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session) User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...
the Web Part for anonymous user and authenticated user is displayed differently. I faced this problem twise. First time when used Silverlight control in the Web Part and second time when used devexpress control in the Web Part. In both cases problem was with displaying for anonymous user. Silverlight control didn't display. Devexpress control lost it's styles. Both controls had properties that pointed to files. Silverlight control property pointed to the XAP file, and Devexpress control property pointed to the CSS file. It seems to me, that for anonymous user the Web Part cannot find this path or doesn't allow to link to other files.
I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx") c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
I have a WCF service that will be using basic authentication and would like to be able identify "who" is trying to use the service. I know that the HttpContext.Current is NULL and in the WCF service, but do not know what the alternative is to get the username.
I have created a website which has Secure folder in which i have got a form which only "admin role" users can see. Now that form will appear if login is successful and it works great, if password or username is wrong then again the loginForm will appear which works great too.
Now the problem is if the users which are not in "admin role" enter the user name and password correctly, instead of coming back to the login page and showing them the "Not Authenticated" message, it gives me an error that myWebsite/login.aspx is not found. I think this is because the name for my login page is "AdminLoginPage.aspx" and which is not found and hence it shows me the error. I dont know where to change the login Page name to "AdminLoginPage.aspx"
I want to have my code fetch the authenticated user name that is running my code. There's a line or two of code that will accomplish this and I had it but I've misplaced it.
I am trying to integrate my asp.net 4.0(non MVC) website with facebook. I want to retrive the authenticated user info.The samples listed in facebooksdk is based on MVC. i tried to implement it in my website, but getting errors. i am struck.If anyone implemented the facebook connect logic and retrieved the user information using facebook-c#-sdk, please help me how to do this.I tried the same using facebooktoolkit, and i am able to retrive the user info. but the toolkit is having issues with .net 4.0.
I have Forms authentication setup for an ASP.NET 4.0 application on http://example.com - we'll call it MainApp. I also have an ASP.NET 4.0 app running on http://static.example.com which (let's call it SubApp) doesn't have access to the main app.
Now, SubApp needs to figure out usernames of users who first logged in to the MainApp and then came to SubApp. I thought that it's enough for those two apps to have the same machine keys and for the SubApp to specify in web.config, so it could read the MainApp's authentication cookie and get username from it.
I did a simple test and when I try to hit some page on SubApp it keeps redirecting to http://static.example.com/login.aspx - which doesn't even exist not specified in web.config. Apparently my approach doesn't work, though I don't understand why - main domain's cookie should be accessible on a subdomain, right?
