i have one web service how can i give access to that web service to many user(with secure method). Now i am checking url and only doing for one site. So what should i do.
View 1 RepliesI am using ASP.Net Forms Authentication. My Web.config looks like this.
[code]....
So currently every aspx page requires authentication.
I want to allow access to even unauthenticated users to a specific page named special.aspx. How can I do this?
i am still relatively new to web development and have been encountering some issues when multiple users click a button at the same time.
i was wondering what could be causing this as i have already removed all static variables realiseing that was a mistake and replaced them with viewstates were needed then sessions when moving across pages
Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure:
/admin
/customer
/login-admin.aspx
/login-customer.aspx
I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page).
In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ?
I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 RepliesI'm using .Net 2008 and Oracle 10g as my database. The problem I'm getting is after deploying the application in IIS, when multiple users access the same page at a time i'm getting the error. Can't get the output.
Note: Both the users accessing the same page, same menu at a time.
How can I resolve this?
We have created an ASP application with MS Access as back end. We have implemented this web application on our server machine and accessed the same from on my local machine.
Our application works fine when only one user accesses it (All insert, update works fine). But when multiple users connect to this application and try to update the database, then application get crashed. As per our knowledge, this is happening because of access database get locked, when one user open it in exclusive mode.
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
Allow Admin Users to Access Basic Users Accounts?
View 4 RepliesOn our production servers, the admins created a WebUser active directory account which is users for anonymous access to IIS and is also used to authenticate database access with our SQL Server instances using Integrated Security=SSPI in the connection string and identity impersonate="true" in the web.config.
I've often come across situations where I would like to or even need to use forms authentication. However, I using forms authentication, Integrated Security seems to use the logged in user's credentials to authenticate against the database. In these cases I have changed the connection string to use the credentials of a SQL Server users instead. I would prefer to not have a hard coded username and password in the connection string or rather worse in code. Is it possible to use forms authentication just for user authentication for users and windows authentication with the IIS user for database access? What would be the best practice in such a situation?
I have an issue with loginUrl parameter on Forms authentication. Forms Authentication always redirect unauthenticated users to ~/Account/Login ignoring the url configured into Web.Config.
This happend if i add reference to WebMatrix.WebData,WebMatrix.Data into main web.config file (system.web/compilation/assemblies). N.B.: Moving this reference to child web.config file (the one contained into View folder) error doesn't occour anymore
I have an ASP.NET web application that is using forms authentication. Everything is configured and working correctly. However, i'm dealing with the issue of creating and maintaining users and role membership.
I know that I can roll my own solution but I'm wondering if there is an alternative solution?
Does iis7 provide screens for managing forms authentication users? Is there a reliable, free solution that someone would recommend?
I am trying to create an Intranet application and I want my users to be able to log in with their windows account. However my organisation has over 150000 employees but I only want the 10-12 people in my department to be able to log in.
How do I do this? Do I need to store the 10-12 users in a database?
How do I migrate users from a existing users table to Forms Authentication?
There seems to be three options:
T-SQL - Iterate through the existing users table and insert into Forms Authentication tables using the stored procedure aspnet_Membership_CreateUser Code - create a utility that will iterate through the existing users table and insert into Forms Authentication tables using Membership.CreateUser() Code - as users login verify credentials against existing users table and insert into Forms Authentication tables using Membership.CreateUser()
Which is the most practical?
I have been currently trying option 1 but I am running into difficulties using the password salt to create the encrypted password from a plain text password
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesI set up forms authentication in my asp.net application, and everything works apparently without problems. However from time to time some of the users trying to log in inform me that suddenly they cannot enter anymore as their user seems to be deactivated. Even if they try the forgot password entry, they get "user not found" response, but if I check the user is still there, and according to asp.net configuration it is even active.The only solution I found until now to reactivate the user is to remove it and create it again, and then it works. But it cannot work like this of course.
View 5 RepliesFor some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?
[code]....
I have the following implementation and I'm sure there is an easy way to do what I want to do but I can't figure it out.
1. I use forms based authentication to authenticate to my site
2. I use active directory to authenticate the users
3. I use the Allow Users="xxx" tag to authorize the users limited to the list that can access my site. (e.g.. even though Mary is an AD user she can't access my site unless I put her credentials in the allow users tag in the web.config file)
All is working well but I want to move the users access list (e.g.. <allow users="john" />" from the web.config to a database table so that I can create a user maintenance page for my admins to add and delete user access. For the life of me I can't figure out how to do this and I can't seem to find an article on it either.
[code]....
I am invoking a WCF web service (.NET 4.0) via jQuery $.ajax() from an ASP.NET page. How can I secure the WCF service such that only authenticated ASP.NET users can invoke the service's methods? Do I need to imperatively check the forms authentication cookie manually in each service method, or is there a more declarative approach?
View 1 RepliesHow to Protect Web services from Un authenticated users.. right now Im Using Protected Access specifiers.. Is it Correct method To Protect Web services?
View 1 RepliesI have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.
View 1 RepliesI am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 RepliesURL....I use this one as my login, and I addes hyperlink for Forgot Password. But why I can't access the FORGOT PASSWORD.aspx for every time I click it. And when I login it redirects t Forgot Password.How I can access it without logging in?
View 1 RepliesI had created a Membership ASP.NET 3.5 website and selected the Forms authentication. Therefore, I created several users with related information into the ASPNETDB database. Yesterday, I changed the website security to Windows authentication.
This morning, when reviewing the ASPNETDB data for another website, I still can see those Membership Forms users and their ApplicationIDs in the aspnet_Users and aspnet_membership tables. How can I delete those Forms users?
Another question: In aspnet_Applications table, I can see the ApplicationName (e.g. /WebPartsDemo) for the Web Parts websites. I have 2 ApplicationIDs in the aspnet_Membership table. I can not see only one ApplicationID in the aspnet_Applications table, but with an empty ApplicationName, i.e. / only.
Do I miss something when creating the Membership website? What is the ApplicationName for the Membership website?