Active Directory And Authentication Across Domain?
Aug 4, 2010
we have 3 different domains and their active directory.i have to made a web serivce that when user gets logged in any of the domain and call that web service it takes the user credential.and then process the task and logged in the current user and domain of user. my iis configuration is 1) anonymous user disabled2)integrated authentication is enabled.and sending the user credentials as and then process the task and logged in the current user and domain of user.my iis configuration is1) anonymous user disabled 2)integrated authentication is enabled.
System.Net.CredentialCache.DefaultCredentials from calling application
our different servers are configured for any one of the 3 domains .when i use to call the web service (deployed on a server)from the same domain it
I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.
I have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e) {try userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception } [code]...
a asp.net site located at a hosting center(UK)and i want users from our office to login to that site using their active directory account.is this possible to do over the network ? or i need the site on the same domain as the active directory server?
I need to get the list of domain usrs. The users not necessorily be on the domain where I am logged in. (e.g. I am logged in on domain "Dom111" but I need the list of users from the domain "Dom222")
I want this information on the basis of following - 1) Name of the Domain 2) A valid User name (of-course with Admin rights for the Target domain) and password
I am trying to use the following code -
DirectoryContext dc = new DirectoryContext(DirectoryContextType.Domain, "Dom222", "Administrator", "password"); Domain domain = Domain.GetDomain(dc); DirectoryEntry de = domain.GetDirectoryEntry(); FillList(de);
Here is the FillList function private void FillList(DirectoryEntry de) { DirectorySearcher deSearch = new DirectorySearcher(de); deSearch.Filter = "(&(objectClass=user)(objectCategory=person))"; SearchResultCollection results = deSearch.FindAll(); //checkedListBox1.Items.Clear(); foreach (SearchResult srUser in results) { DirectoryEntry deUser = srUser.GetDirectoryEntry(); checkedListBox1.Items.Add(deUser.Properties["sAMAccountName"].Value.ToString()); } checkedListBox1.Sorted = true; }
This works fine for the domain where I logged in (i.e. Dom111) but for the other domain (Dom222), while executing the statement - Domain domain = Domain.GetDomain(dc); I am getting the error saying "The specified domain does not exist or cannot be contacted."
Now, For creating the dc if I use following - DirectoryContext dcTemp = new DirectoryContext(DirectoryContextType.DirectoryServer, "Server_dom222", "administrator", "password"); Then everything works fine. But as you can see I need to pass the "Domain Controller (Server) Name"which I want to avoid.
I need an idea please, i have the task of disabling the Domain Administrator account, but we have a very messed up AC and im practilly new employee here. The administrator account has been used on several services, servers, print servers, etc. Across the network and sites. All our intersite communication is perfect.So what i want is a way to know in which devices this account is configured.Is there a way or tool, where i can input the account, and the output should be a list of servers, ip adresses or devices where the account is configured?
I can get the list of user groups from the same domain based on the logged in users by using following commandSystem.Web.HttpContext .Current.Request.LogonUserIdentity.GroupsBut in my case user can be part of another trusted domain group also. The above command is not retrieving the trusted domain groups.Is there any way to get all the groups belongs to logged in user even he is part trusted domain group also?
I am developing a simple ASP.NET website that will run on the intranet on a WS2008(IIS7) box and respond to users running XP/IE8. Everything is domain connected and I am trying to automatically login the users much like SharePoint does.On my dev machine (XP), when running the site through VS, everything works. I can pickup on the user perfectly. I am using the following settings:
my website need a function to allow domain users jump over the login page and directly access the contents of the site. but for other users which there are not in the domain or they are not the member of the domain then they have to login the website through the login page.
this is different with ask user login to the domain through a login page. the website must distinguish is the user a domain user and the user name in the domain or not when the user first time access website.
I am using System.directory services namespace in framework 2 to query active directory. I have used fixed user account impersonisation in the web.config file, find the code:
I have disabled anonymous access in IIS. Also i have given Read & write access to the account tang09 for the website virtual directory and Microsoft.NET folder located in windows folder. But still i get prompted for the domain username and password to access the website.
I can attempt to log on but every time it says I am using the incorrect username/password. Does it look like I am doing anything wrong above? Is there any way for me to find more information on why it's not finding my username/pass?
UPDATE:
Do I need to provide a Username and Password in my membership/providers section?
In the past I've developed web apps using Windows authentication however I'm now tasked with building a web app which needs to directly authenticate with Active Directory however I'm unsure about the security of doing this and have several questions.
As it stands I'm simply authenticating users by padding the username and password entered into a method which performs a search on active directory for the user's sAmAccountName, this is done within a try catch block. If the search can't run and throws an exception then the user isn't authenticated and if a result is found then the user is authenticated.
My first question is , how secure is doing this?
Secondly I need a way of storing possibly a session variable to ensure the user, once logged in, can access all the pages they have access to.
I was thinking of pulling the user's GUID out of AD and using that as the session variable.
Lastly I need to prevent people from trying to brute force my web application and to do that I've simply create a new session variable and once the count reaches 3 , they will not be able to make anymore attempts until the session variable has expired or they clear their cookies.
I think this is a more method of preventing numerous consecutive login attempts and wonder whether there's a better way? I'm considering using a captcha.
I got a request from a specific client to rather use Active Directory than SQL Server Authentication, and was wondering if someone can give me a push in the right direction.I hoping to stick to using service contracts (interfaces) and just have a different implementation (injected with castle perhaps) for each client (though it will only be one client for now using Active Directory, instead of my usual aspnet membership / role providers), but as I never did this I'm unsure if that would be possible.
if you have implemented Forms Authentication with Active Directory in ASP.NET 2.0, I have implemented [URL] mentioned on this page. But I am getting an error saying "Provider must implement the class 'System.Web.Security.RoleProvider".
I currently support a web application that was built in ASP.NET.The application contains its own users and permissions. It handles its own authentication.I am wondering if it is possible to modify the existing application to utilize our Active Directory users and permissions. I would like to assign users and permissions to the application from Active Directory, rather than needing to go into the web app's admin panels EVERY TIME I need to change user permissions.
I am authenticating my ASP.Net application through Active Directory(Microsoft ADFS Proxy). Now I want to move this authentication to WCF service so that authentication will b done there and later on this service will b flexible. Let me know how to proceed for this and what are the binding types required for this
I am trying to set up an intranet application with Forms Authentication configured for AD. (Don't ask why, it's for the boss). Anyways, I got it configured to where everybody on the domain can log in but I need to restrict it to a security group that IT has set up for me.
The problem I am having is that users in the SG can not log in to the site. I tried just adding
[Code]....
without a role manager but it didn't work. Then I tried adding the role manager below (among others...).
Here is my web.config
[URL]
Also, how should the user defined in connectionUsername and connectionPassword be set up? Must it be the same as the user I am running the application as?
I'm using the code below to authenticate a user in Active Directory, but the password is sending in clear text. How can I hash my password and then send it to Active Directory?
DirectoryEntry entry = new DirectoryEntry(path, username, pwd); try { //Bind to the native AdsObject to force authentication. object obj = entry.NativeObject; DirectorySearcher search = new DirectorySearcher(entry); search.Filter = "(SAMAccountName=" + username + ")"; search.PropertiesToLoad.Add("cn"); SearchResult result = search.FindOne(); if (null == result) { return false; } //Update the new path to the user in the directory. _path = result.Path; _filterAttribute = (string)result.Properties["cn"][0]; } catch (Exception ex) { throw new Exception("Error authenticating user. " + ex.Message); } return true;
I want to authenticate against the Active Directory by using Forms authentication and Visual Studio ASP.NET/C#.Do you know any great tutorials/howto:s for implementing this?
I am just getting started with MVC and I was wondering if someone could point me in the right direction for help with forms authentication using active directory? I have the sample site up but the results I have found on google have not been very helpful in answering this question. This site is going to be an intranet page that we want users to be able to access without logging in when they access it from our network while they must login when trying to access it from home.
I have a DC (Win 2K3,IIS 6.0..) and put my site there. I have a local computer (win XP2) with computer name PC1 is already joined to the DC. in PC1 I login with account (user: abc, passs: 1234567) was created on the DC to log on to domain. After successful login into the domain, andand type in my web address, so I have to write code in my web site to understand how abc account login to the domain will always login to the my site must be signed in .not logged in login module that in my site.
I have a DC (Win 2K3) and put my site there. I have a local machine (win XP) with PC1 name is already connected to the DC. PC1 I log in with machine account (user: abc, passs: 1234567) was created on the DC to log on to domain. After successful login khj me on my website, so I have to write code in my web site to understand how abc account login to the domain will always log into the site must be signed in toi.khong Login Module.
