Windows Authentication Succeeds But IsAuthenticated == False?
Jun 29, 2010
Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:
<location path="auth/windows">
<system.webServer>
<security>
[code]...
When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.
View 1 Replies
Similar Messages:
Mar 15, 2010
My ASP.NET app is using windows authentication. If I run the following code:
WindowsIdentity wi = (WindowsIdentity)User.Identity;
foreach (IdentityReference r in wi.Groups)
{
ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value);
}
if (User.IsInRole ("Everyone"))
Label1.Text = "Is in role";
The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false.
View 2 Replies
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Nov 22, 2010
I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
View 1 Replies
Feb 9, 2010
I am using forms authentication and have an issue with a particular browser using the remember me feature. For various reasons I want to support the opera browser that works with the nintendo dsi. I can use forms authentication with that browser just fine but when I use the remember me (cookie) feature I can get through the login but then calls to User.Identity.IsAuthenticated return false. If I do not check remember me it works fine. Initially I thought the browser didn't support cookies but it does. At least I can go to m.gmail.com and check their version of remember me and it works. I can exit the browser and come back in and m.gmail.com remembers me. Also I don't have problems with remember me on any other browser I have tried.
Is anyone aware of some specific browser issue that doesn't work with asp.net forms authentication? I am using asp.net mvc but I doubt that matters.
View 3 Replies
Sep 17, 2010
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 Replies
Jan 8, 2010
I have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
View 2 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
Dec 30, 2010
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 Replies
Mar 24, 2011
I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
View 3 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Mar 29, 2011
I have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e)
{try
userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception
}
[code]...
View 2 Replies
Sep 8, 2010
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
View 3 Replies
Nov 2, 2010
My overall goal is just to get the logged on users information for an Intranet site I'm developing without them providing their login (since they are already logged into their computer). So far I just get 401.1 errors and it keeps asking for my login/password. Even though I provide my login/password, it still won't let me in.
I've Enabled Windows Authentication from IIS > Sites > Default Web Site, added this to my web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
My Application Pool is setup as Integrated / ApplicationPoolIdentity for .NET Framework 2.0.
View 1 Replies
Sep 15, 2010
I've been asked to convert an asp.net application from forms authentication with roles using the aspnetdb database to use windows authentication instead.
what is required to do this? can I still use the roles defined in the app and stored in aspnetdb?
View 1 Replies
Feb 12, 2010
I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table.
For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table.
I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate Windows Authentication on a separate login page that allows you to extract the domain account name. From what I can tell, though, this is not possible in IIS7 (the overall authentication method is applied on all pages and cannot be selectively deactivated, and both authentication methods can't be applied on the same page).
Is there a way of getting IIS to pass through the windows domain account name of the requesting user? I don't need proper AD authentication, just the domain name.
View 6 Replies
Apr 26, 2010
Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication?
For example:
A website contains several other folders that contain parts of the overall application: /frontend,/backend, /login
The bin folder is on the same level as these subfolder, i.e. the root of the website.
All of these subfolders contain pages that use binaries that reside in the bin folder of the root of the website.
The user must input windows credentials when visiting a page in the backend folder, but not when visiting a page in the login or frontend folder.
View 2 Replies
Sep 3, 2010
I am developing one intranet website. Being an intranet application, one of the requirement is to have a single sign on feature.
It means that the windows PC username (i.e the "ctrl + alt + delete" username) is going to be the username for the system.
How do i fetch that username?
I tried the following two ways which are working in debug mode but not on live site.
System.Security.Principal.IPrincipal user = System.Web.HttpContext.Current.User;
Response.Write(user.Identity.Name);
&
Response.Write(Request.ServerVariables["AUTH_USER"].ToString());
Both the above method works when i run the page from visual studio.
However when i run the page from IIS or any other server, it gives me a blank value
View 12 Replies
Jun 3, 2010
We are using RDLC's in a Asp.net web application. For reasons beyond our understanding, the first call to the database server fails with the following error:
An error has occurred during report processing. Cannot open database "TryParkingIt2" requested by the login. The login failed. Login failed for user 'EXTRANETOurServerNameHere$'.
Run the report again, it works.
Update Click the button the first time, it fails. Click the button again, it works. The account being impersonated is a domain account. Also, this error occurs on all five different report pages, which is why I didn't include any code.
View 1 Replies
Feb 21, 2011
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
View 3 Replies
May 21, 2010
In our code, we have to give the users a list of printers to choose from. The user then chooses a printer and it is checked to verify it is valid before printing. On a windows 2003 server with IIS 6, this works fine. On a windows 2008 server with IIS 7, it fails each time impersonate is set to true.
PrinterSettings printerSetting = new PrinterSettings();
printerSetting.PrinterName = ddlPrinterName.SelectedItem.Text;
if (!printerSetting.IsValid)
{
lblMsg.Text = "Server Printer is not valid.";
}
else
{
lblMsg.Text = "Success";
}
Each time this code is run, the "Server Printer is not valid" displays, only if impersonate is set to true. If impersonate is set to false, the success message is displayed. The impersonation user has full rights to the printer. Is there a way to catch the actual reason the printer is not valid? Is there some other 2008 setting I should check? update I found that IsValid fails when the IIS7 application pools has "Enable 32-bit applications" is checked. This must be checked b/c we are using a 3rd party tool to print with, and it is a 32-bit application. It is not currently part of this test, so right now it is not causing this error.
View 1 Replies
Dec 12, 2010
a couple weeks ago, my ASP.NET website stopped sending user comments which I implemented by emailing those comments to my email account through Gmail SMTP server [URL]. I opened the project on my development machine and again it fails to send the email after a couple minutes with the following exception message:
Failure sending mail
Unable to read data from the transport connection: net_io_connectionclosed.
I'm using Gmail's SMTP with port 465, and MailClient.EnableSSL = True.
The weird thing is my Office Outlook 2007 is using the same settings and it doesn't have any problems sending mail using the same Gmail account.
View 3 Replies
Dec 30, 2010
Is there any way to use a custom Login Page (Not Windows Login Box) for Windows Authentication of SharePoint publishing sites?
View 2 Replies
Mar 17, 2011
I have an ASP.NET MVC 2 (.NET 3.5) application. It is hosted on IIS 6.
For the sake of this question I have two urls.
http://example.com/
http://example.com/admin
I want admin to be available to any user on the domain, and the root to be available to all users. The server is on the domain but the domain is example1.com, so they are not the same.
Since this is ASP.NET MVC there is no Admin folder to set rights on. I have tried setting the whole site to block anonymous request and have had it allowing all request. Then in the web.config I set it up to deny unauthenticated users in the admin folder and/or allow anonymous access to the root.
What I end up getting is a login prompt that doesn't work. I've tried the user name and example1username but it always fails to login.
View 1 Replies
