WCF Authentication With Multiple Providers
Oct 15, 2010
There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform double-check and have PrincipalPermission on the methods with roles specified.
I'm sure that identity names from both providers do not cross (public logins are digits only and the intranet will be something like 'DOMAINLogin'). The front site uses forms auth and its provider returns GenericPrincipal. The intranet sites use Windows auth and i have WindowsPrincipal attached to Page.User.
Is it possible to configure WCF to use two membership providers (custom one that the front site uses and Windows) out of the box, without writing another custom code? Is it important how my WCF is hosted? Currently it's windows service. Do i need to switch to IIS 7?
View 1 Replies
Similar Messages:
Jan 16, 2010
I want to protect a section of my website using forms authentication with the username and password as defined by me in the web.config. When I attempt to login I get the message below.
Server Error in '/' Application.
Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'.
I'm guessing this is happening because it's attempting to use the Membership tables as defined by the LocalSqlServer connection string. I don't want to use the Membership features, how do I configure my web app to do that?
Will I need to write the Authenticate function myself for the in-built Login control?
View 2 Replies
Mar 24, 2010
i am in the process of developing an asp.net mvc 2 social web app and some of the requirements have to do with users authentication and personalization. Site visitors should be able to login using credentials not only by registering to my site but also by entering external account credentials (Live ID, facebook, etc...). Also, users should have a custom profile, where they could enter personal details, preferences, etc...
Is there any good tutorial on how to implement custom membership and profile providers? The default Role provider that comes with asp.net mvc is ok and does not need to be re-implemented.
View 5 Replies
Oct 26, 2010
To begin with I work on the large application, that has a WinForms client and server. Server in our case is the set of WCF services. There is one service that is responsible for authentication of users. The logic of authentication is custom and complex and authentication service uses different membership providers.
We want to protect the access to server services for non-authenticated users. The users must firstly authenticate and than use other services (users in this case are the other systems, services, WinForms client, etc.). On this basis, we decided to use the ASP.NET Url/File Authorization feature.
So, I set on the ASP.NET compatibility mode, allowed cookie in all binding configurations, added AspNetCompatibilityRequirements attribute to our services and added the followingconfigurations to config:
<authentication mode="Forms">
<forms cookieless="UseCookies">
<credentials passwordFormat="Clear" />
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
<location path="AuthenticationService.svc">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the authenticate method of our authentication service I add the following code:
public AuthenticationResult AuthenticateUser(string username, string password)
{
AuthenticationResult result = new AuthenticationResult();
result = Authenticate(username, password);
if (result.IsAuthenticated)
FormsAuthentication.SetAuthCookie(username, true);
return result;
}
Next, I wrote the following code:
var authClient = new AuthenticationServiceClient();
var result = authClient.AuthenticateUser("user", "password");
var otherClient = new OtherServiceClient();
var temp = otherClient.DoSomething();
But after authentication I can't access to OtherServiceClient...
So, how can I share the call context between the WCF services calls? Could anybody provide some useful articles about this question?
View 1 Replies
Mar 8, 2011
Unfortunately, all the examples for Forms Authentication Code Behind w/ Custom Role and Membership Providers I find online are written with a VB.NET code behind and I need a C# code behind. I need a codebehind that will do the following:
authenticate user upon login button click
if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
if user admin_flag=1 & active flag=1 (true), redirect to admin_pageszipsearch.aspx
if user admin_flag=0 (false) & active_flag=1 (true), redirect to pageszipsearch.aspx
Default.aspx Code:
<asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
<LayoutTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>......
View 1 Replies
Jul 12, 2010
my user will use form authentication against Active Directory or database. Theres no Windows Integrated Authentication there!!
What i want is when the user submit the authentication form, it will try to validate the user against Active Directory and if it fail, try with the database.
How can i do that? What i had in mind was to build a custom membership provider that will encapsulate the logic but im not sure how to start.
View 2 Replies
Apr 1, 2011
I know this question is asked (and answered) a lot already, but I believe my situation is unique.
We are using the ASP.NET SqlMembershipProvider. However, we also have some less-secure content we would like to secure by adding users directly to the web.config, like so...
<forms loginUrl="login.aspx" defaultUrl="default.aspx">
<credentials passwordFormat="Clear">
<user name="user1" password="123" />
<user name="user2" password="456" />
</credentials>
</forms>
Is it possible to use this method alongside a SQL Membership Provider? If so, how?
I know it's bad practice to do this. This is only a stepping stone as we move parts of our website into the asp.net application. We would like some of those password to be easily editable without going to the database.
View 2 Replies
Feb 25, 2010
In my web application am using ASP.Net Membership for authentication ann role management.But now i have a situation where i need to authenticate multiple clients against different DB based upon the URL request being send. Below is my web.Config Details.
<authentication>
<forms loginUrl="Login.aspx" defaultUrl="Login.aspx" />
</authentication>
<membership defaultProvider="QuickStartMembershipSqlProvider">
<providers>
<clear/>
<add connectionStringName="MEMBERSHIP_AND_ROLES" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="SecurityQuickStart"
requiresUniqueEmail="true" passwordFormat="Hashed" name="QuickStartMembershipSqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="QuickStartRoleManagerSqlProvider">
<providers>
<clear/>
<add connectionStringName="MEMBERSHIP_AND_ROLES" applicationName="SecurityQuickStart" name="QuickStartRoleManagerSqlProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
ConnectionString.Config:
<add name="MEMBERSHIP_AND_ROLES" connectionString="Data Source=x.x.x.x;Initial Catalog=xxx;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
Am using form authentication for user authentication. In my login page am using Membership.ValidateUser(username,password),which is using default membership provider. Now my situation is i need to override the default DB and connect to multiple DB based on URL request send to my web server.
View 1 Replies
Oct 13, 2010
I have two connection strings being used:
<add
name="db1"
connectionString="Server=localhost;user
id=root;password=;persist security info=True;Database=db1"
providerName="MySql.Data.MySqlClient"/>
<add
name="db2"
connectionString="Server=localhost;user
id=root;password=;persist security info=True;Database=db2"
providerName="MySql.Data.MySqlClient"/>
I would like to have two different Role Providers using these connection strings:
<roleManager
enabled="true"
defaultProvider="rp1"
cacheRolesInCookie="true"
createPersistentCookie="false"
cookieProtection="All">
<providers>
<clear/>
<add
name="rp1"
type="MySql.Web.Security.MySQLRoleProvider,
MySql.Web, Version=6.1.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
connectionStringName="db1"
applicationName="test"/>
<add
name="rp2"
type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.1.3.0, Culture=neutral,
PublicKeyToken=c5687fc88969c44d"
connectionStringName="db1"
applicationName="test"/>
My application starts with a login screen. Based on what the user selects, I would like to control which database to connect to. (DB1 vs DB2). The problem is, when the application starts the Role Provider defaults to "rp1". Is there a way I can change the default provider during runtime?
View 5 Replies
Jul 1, 2010
I want to know if we can use multiple membership providers simultaneously in a single ASP.net application.
View 1 Replies
Aug 12, 2010
I have the following connectionStrings in my web.config file:
...
<add name="myApp1_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbOne" providerName="MySql.Data.MySqlClient" />
<add name="myApp2_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbTwo" providerName="MySql.Data.MySqlClient" />
...
I also have the following roleManager defined:
...
<roleManager enabled="true" defaultProvider="MySQLRoleProvider" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All">
<providers>
<clear/>
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.1.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="myApp1_dev" applicationName="/"/>
</providers>
</roleManager>
...
I dont know if this was the best way (somewhat new to vb.net), but in my Login.aspx page, I set global session variable to one of the two connection strings. If the user logs into App1, it uses connectionString myApp1_dev; if user selects App2, it uses myApp2_dev. My question / problem is: Each of the two databases have their own MySQL membership and role tables. If the user logs into App1, I would like to the dbOne database tables. If user selects App2, select dbTwo tables. Can I support Roles from multiple databases?
View 9 Replies
Sep 2, 2010
I have created two custome membership providers that I would like to add to my web.config. The first one would be the default that the asp.net application would use. The second would be called by a WCF service that I have in the same application.
The providers in the membership section of my web.config looks like the following:
<add name="SiteProvider" type="MyNameSpace.SiteProvider, MyNameSpace" ApplicationName="Si2" EnablePasswordReset="true" PasswordStrengthRegularExpression="(?=[w$#_ ]{8,})(?=.*?d)(?=.*?[A-z])[w$#_ ]*" ResetPasswordMinimumLength="8" ResetPasswordPattern="USL9SLU9SLU9SLLLL" ResetPasswordAllowDuplicateCharacters="false" />
<add name="WCFProvider" type="MyNameSpace.WCFProvider, MyNameSpace" ApplicationName="Si2" EnablePasswordReset="true" PasswordStrengthRegularExpression="(?=[w$#_ ]{8,})(?=.*?d)(?=.*?[A-z])[w$#_ ]*" ResetPasswordMinimumLength="8" ResetPasswordPattern="USL9SLU9SLU9SLLLL" ResetPasswordAllowDuplicateCharacters="false" />
I receive the error "Item has already beed added. Key in dictionary: 'SiteProvider' Key being added: 'SiteProvider'" any time I browse to the site.
This doesnt make sense to me sense they have unique names. If i remove the second provider the site is browseable.
View 1 Replies
Sep 10, 2010
Is it possible to hook multiple role providers with one service? I want client A to connect to service A with roleprovidername A & client B to connect to service A with roleprovidername B
View 3 Replies
Nov 15, 2010
I want to know the name of the ISP provider and webhosting provider name for given Domain.
is it possible to know the ISPs name and webhosting providers name through Dotnet or manulally?
View 1 Replies
Aug 9, 2010
In my web.config I have:
[Code]....
If I just have ADProvider1 it works, when I add ADProvider2, even though for testing I only use ADProvider1 I get an error: "Unable to establish secure connection with the server" Am I adding the second provider to the membership section incorrectly?
View 11 Replies
Aug 6, 2010
I'm trying to update/create the user profile for a specific user that will not be the logged on user of the moment. I'm able to do this with the following code:
'Dim p As ProfileBase = ProfileBase.Create(Email, False)
View 3 Replies
Jan 14, 2010
I'm building a new ASP.NET MVC application (in C#) and one of the requirements is to create a new database of members. For this, we'd need roles to manage the different types of members and profiles to manage the additional metadata attached to each member. So far so good, just use the standard MembershipProvider, RoleProvider and ProfileProvider provided as part of the .NET Framework.
However, the catch is that I'd like to allow different authentication methods. I'd like Accounts and Login Credentials to have a one-to-many relationship (one account can have a number of login credentials attached). A user for example, might have both an OpenID and ActiveDirectory account attached to their account.
However, after experimenting with a few ways we opted for the MembershipProvider route (explained how it was achieved as an answer below).
It appears to be something that is achieved on quite a number of sites, yet a search on here doesn't return anything solid to play around with.
EDIT: After looking around for a good period of hours overnight and this morning - I'm still not convincinced that butchering a single MembershipProvider would have been the easiest option. Does having multiple MembershipProviders give the same effect?
BOUNTY EDIT: With no responses, I am assuming that there is no more optimal solution that the one I posted as an answer. Is this really the case? I'm offering a bounty to try and see if anyone has any further thoughts on this and whether there are better alternatives.
BOUNTY ACCEPT EDIT: I think that WIF is the answer as accepted below, for a .NET 4 release and maybe other versions as it probably works with 3.5. Other than that, maybe a butchered MembershipProvider or adapted one may still be relevant.
View 4 Replies
Feb 16, 2010
I have a problem with membership authentication. I have two websites, website1 and website2, and both of them uses forms authentication with SQL membership provider (SQLEXPRESS). I have two scenarios:
Case 1:don't publish the website1 and try to login website1 with user1 -->Works ok
don't publish the website2 and try to login --> it displays the previously logged in user (Website1 user)-->Perfect
Case 2:publish the website1 and login-->works ok
publish the website2 and try to login--> it does not show up the site1's logged in user (No idea why)
then login into website2 and open website1-->it does not show up the website2 logged in user or any user...It looks like something wrong with cookies....
my web.config looks like this:<authentication mode="Forms">
<forms loginUrl="~/LogOn/LogOn" timeout="2880" protection="All"/>
</authentication> [code]....
View 2 Replies
Mar 7, 2011
I have two applications with a single domain name ([URL] and [URL]). First one has been developed in .NET 2 and the other one with .NET 4. I have configured web.config as these steps:
1- I've set the same machine key for both of them.
2- I've set the coockie name.
3- I've set the domain name to "domain.com".
4- Also, I've set hardcoded coockie domain name to "domain.com" .
Everything was working fine when both of them were running on a single web server. Recently, I've been asked to move test.domain.com to another server. After moving, authentication ticket is not valid on the second server. I tested both of them on a single server again and everything was workinh fine, but in two servers users can't acces to test.domain.com. (Authentication Ticket is invalid)
Edited: The second server is a virtual (VMWare) server. I don't have any problem in physical servers. I checked the server's time to be synchronized. I also used fiddler to see if the server does not get the auth ticket and ther ticket is sent to the 2nd server. Note: Servers are located in different networks and maybe proxy or firewall causes this (I've no idea)
View 3 Replies
Nov 10, 2010
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
View 4 Replies
Mar 4, 2011
We have a server with lets say 5-10 internal ASP.NET (MVC) applications running in separate application pools as separate websites (on different ports and/or subdomains). I know nothing about the built-in ASP.NET authentication framework, so I was wondering if anyone could drop me a quick pointer in the right direction...
I want to secure all of the internal apps via one login mechanism (supporting 3-5 different roles; nothing complex). This login system would be another app/website running on the server, and to gain access to any other app, one must have authenticated via the one login system and the target app must be able to see the user's role. The internal apps will be modified at the code level to plug into this new login system (in other words, we'll modify the current apps to support the authentication).
The whole point of this is that I don't want each app to have its own login/authentication mechanism, but rather use a more "global" authentication system (everything on the same server). I am not looking for anything complex (just a company of 15-25 employees, 3-5 departments - each user must be associated with a department (role) based on their login - and each app will be tuned to show the user the appropriate data based on his role).
The question is - how do I make it so that a user's authentication status is visible across all of the different apps (in different assemblies and running separately)?
View 2 Replies
Mar 23, 2011
Until now, I've always used straightforward Forms Authentication on my community websites, and that one method of authentication, with that one cookie/ticket has been used throughout the website (with varying roles per user also stored in the ticket). I haven't used the built in LogIn controls and instead have always just created my own login/registration form, and written the code to insert into (and authenticate against in the log-in scenario) my bespoke 'Users' table. So I've essentially just been utilizing the .IsAuthenticated() method (to determine if a user is logged in), referenced the UserData property in the ticket (to determine which roles the user belongs to), and set up the 'location' restrictions in the Web.config, so the log-in page is automatically shown for pages that require 'member access' etc.
With my new project, I will need user registration/login for the Forums/Community part of the website only. I then need an additional user registration/login for the Recruitment part of the website (not related in any way to the users that sign up/log in to the Forums/Community part of the site).I was wondering if this possible, and if so, how to go about it?e user registration/sign-in pages might look the same, but my underlying code would would create accounts/authenticate against different DB tables.
View 1 Replies
Mar 16, 2010
I have a small project I am working on using web developer express, and I am trying to get windows authentication to work with my intranet website project. This website is only to be accessed inside my LAN and not from the internet at all, so I figured windows authentication would be best.What happens when I turn it on (and I've tested this from multiple browsers: IE8, Firefox, Chrome, Safari) is that the website asks the user to log in (via pop up textbox). Not only does it request the user to log in (which I don't think it should, since the login is based on windows authentication and I am on a windows machine already logged into the internal domain) but it requests the user to login multiple times, sometimes I get asked to log in and type in the same username/password combination 12 different times. It seems to me that the asp page is requesting permission to view each individual element and requires authentication to load one object (like an image or text box).
I am severely annoyed. :( I just wanted authentication to work smoothly without any login requests, or at the mostone request.
View 1 Replies
Mar 10, 2011
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 Replies
Jul 9, 2010
Currently my ASP.Net MVC website uses forms authentication is set up like this my web.config:
<authentication mode="Forms">
<forms loginUrl="en/User/Signin" timeout="2880" />
</authentication>
We have some routing rules that use the prefix /en/ in the url as a identifier for the language, but the problem is that if someone is visiting our french site [URL], they are redirect to [URL], which in turn sets the culture to english. So after logging in, users may need to change there language back to french.
So if the website need to suppurt more languages, so I need to do something like this in the web config:
[code]....
I know you can not have code in the web.config, but this is just to illustrate what I am trying to achieve. Could anyone provide a simple solution, or links to solutions they may already use?
View 2 Replies
