C# - Can Reuse Built-in IIS Authentication But Provide Own Credentials Checking
Feb 14, 2011
I'd like to use built-in IIS authentication with non-Windows accounts. There's this module that does that for basic authentication, but it in fact does both the authentication and credentials checking.The problem is I also need to support digest authentication and I could try to do it, but it would be a lot of hassle - I need to generate challenges ("nonces") securely, store them and check for replays, etc. - lots of things I can screw up and make determined attackers happy. So I'd prefer to reuse the digest authentication functionality in IIS, but use my own module for credentials validation. How can I do that?
View 1 Replies
Similar Messages:
Dec 20, 2010
[Code]....
View 4 Replies
Apr 12, 2010
have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
View 3 Replies
Apr 26, 2010
know in asp.net 1.0 the grid display controls would pull all the data in, and then provide paging but the paging was done in memory.Are there any smarter controls that provide paging where they only pull the data relevent to current page being displayed?ie. select 10 rows for the current page, instead of doing a select of ALL the rows in the table.
View 1 Replies
Feb 17, 2010
I'm trying to write a web app using 4-tier design pattern ( Data Store, DAL, BLL and UI).
Among other things this app would also implement a forum.
Suppose I want to move a thread from one forum to another. In order to do this, UI layer must pass down to other layers the ID of a thread and the ID of a forum to which I wish to move this thread ( UI would pass these parameters by calling method A in BLL layer and A would in turn call method B in DAL layer... ).
a) Now should one of the bottom layers provide some sort of checking mechanism to ensure that the two ID arguments supplied by UI layer really represent an existing thread and an existing forum or is it the responsibility of UI layer to provide valid ID values?
EDIT:
I would consider the ability to pass invalid IDs a bug.
Should non existing ID be considered a bug just in the case of moving a thread, or also in the case of displaying a thread. Thus when user navigates to page Showthread.aspx?ID={0}, if query string parameter ID references non existing ID, If none of the layers check for the validity of ID, then GridView simply won't display any
"But in this case it doesn't look like the ids are in any sort of list. If they were one could only assume that this would never happen as I assume the lists would be populated by a stored procedure or a DAL procedure that pulls all valid IDs."
But even if user chooses IDs from a set of list, by the time it posts the page back, the DB table containing this ID could be changed in the mean time by admin or whomever?!
View 5 Replies
Jan 21, 2011
I have a silverlight application and I want to provide windows authentication to the application through WCF.
View 1 Replies
Nov 4, 2010
am developing website in that website no.of users are there every user contain related data, the data should be in xml files ,how to provide authentication every user by using xml files .how to write xml file names in web.config in sql we can use connectionstring
,in xml how we can write them give examples.
View 4 Replies
Mar 22, 2010
If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
View 2 Replies
Jul 20, 2010
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
View 9 Replies
May 25, 2010
I have a mvc2-website with windows authentication.
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
</authorization>
In IE the website keeps asking several times for my credentials per webpage. In Firefox it works correctly.
View 4 Replies
Jan 4, 2011
1) I have an ASP.NET website which is the main entry point in the application.This website uses Forms authentication, which validates credentials (username/password) against a database. 2) Once logged on the website, the user is displayed a page containing several links which point to a Sharepoint 2007 application, where authentication is managed by an Active Directory. 3) Every user in the Active Directory is duplicated in the database managing the ASP.NET website authentication.
View 1 Replies
Apr 13, 2010
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 Replies
Aug 25, 2010
I have an XML web service where the authentication used is BASIC WINDOWS. Following is my client code to connect to the service.
[Code]....
Now, the issue is that the client is really authenticated only in the first attempt(First time I execute the code in VS). Further attempts succeed even if the code to assign credentials is commented or even after providing wrong user id/ password. I ensured that the server is hit each time(Just to make it clear that it not just because of client side caching).Is this the behavior of Basic authentication/credential cache. I would prefer the client be authenticated each time he hits the server.
View 2 Replies
Nov 9, 2010
I have a zealous network administrator who insists that we must use https on an intranet web application in order to safeguard user's credentials. The app is an asp.net web app that uses Windows Authentication to automatically identify users and log them in. There is no login dialog and user's never enter their login or password. The application does not process any confidential data, and the only rationale for requiring https is to "safeguard" users credentials. Additionally he stated that ntlm can be easily hacked.I responded with some information from an MS white paper on Windows Authentication that said it was the recommended way of authenticating users, and that user's credentials were safe because their passwords are not transmitted across the network when the application authenticates them since it sends a hash of the password.
View 1 Replies
Oct 11, 2010
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 Replies
Mar 29, 2011
have a form based authentication login that access MySql to validate the credentials entered.I was wondering how you would encrypt the password??
View 3 Replies
Mar 17, 2011
Is it possible to bypass the NT challenge login, and just have a standard webform login, then authenticating programtically as that user and passing those credentials manually to my connection string so that the database sees me as that user?
View 1 Replies
Mar 24, 2010
I'm running into a weird issue that I can't find an answer for anywhere I've looked (and I've looked a ton).I built a web deployment project with Visual Studio 2008 Team System on my old Win XP machine. This has always worked flawlessly and installed everywhere. I can also copy this MSI to my new Windows 7 Ultimate machine and it again installs just fine.
HOWEVER, when I rebuild that exact same web deployment project on my new Win7 machine, also using VS2008, the MSI will build OK, but when I then run it to install my software I get a dialog box telling me "the installer was interrupted." Interestingly, when I built this MSI in my new environment one additional warning popped up during the build process, which was "Unable to copy the schema file '(null)'"After many searches and reading different web pages, I know this has to do with these two registry keys:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftVisualStudio9.0DeploymentSchema]
"DefaultMSISchemaFile"="c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\Deployment\Vspkgs\..\VsdSchema\Schema.msi"
"DefaultMSMSchemaFile"="c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\Deployment\Vspkgs\..\VsdSchema\Schema.msm"
Yet, everything checks out. All permissions are correctly configured, etc., etc.Then, when I enable the built-in administrator account and log in as that, and then rebuild this same web deployment MSI the "Unable to copy the schema file '(null)'" warning no longer appears. Then when I log back out, log back in as myself and then run this newly built MSI it installs fine, just like the original one that was built on XP.I also tried uninstalling VS2008 and re-installing it as the super user, but that also didn't change anything. And yes, I did also configure devenv.exe to run as administrator.
Has anybody seen this? Or is it a requirement that you can only compile deployment projects as the super user? That cannot be right.I've been thrashing for more than five days and for the life of me cannot figure this out. Of course, I can run as the super user when developing, but I thought the new security model in Win7 was designed exactly so you don't have to.
View 1 Replies
Feb 1, 2011
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
View 1 Replies
Sep 8, 2010
I have set up a directory on my IIS web server that is protected by "Integrated Windows authentication". I want visitors to be required to enter a name and password to view files in the protected directory except if they are following a link to files in the protected directory from a certain page on my website.
I am doing this to try to get better protection from search engine spidering than is provided by using a robots.text file.
I am using ASP.NET 3.5 with VB. I am wondering if there is a way to pass the log on credentials to the IIS server via a link, or if there is a way to fill in the name and password for the login screen automatically, or something else that would work. It is OK if the login name and password are visible to the visitors.
View 3 Replies
Apr 21, 2010
How to provide authentication based on a Active directory security group for a ASP.net webpage. I am using c# laungauge and .Net framework2.
View 3 Replies
Dec 12, 2010
I have simple asp.net web service, for monitoring and managing about 10 computers, with 4 webMethods and all of this methods are quite simple. In general they look sometning like: (1)make WMI connections to certain machine, (2)do some simple task, (3)return result.
Problem is that WMI connections to remote computers takes about 15s and I offten need to call 2 or 3 methods successively for the same machine.
From what I know, there is new instance of my service class (public class MonSvr :
System.Web.Services.WebService ) created every time webMethod is called.
So how can I share WMI or DB connection betwen all instances of my service that I could reuse this connection ? When there all multiple calls to webMethods of my service, does then each instance of web service runs in separate thread ?
View 2 Replies
Jul 16, 2010
Is there a way to accomplish this? Let me give you a scenario:
The user clicks on a button "Click Me", then it opens a new window that is aspx page. The user didn't close that page, and went back and click on the same button "Click Me" again. At this point, instead of open a brand new window, I want to be able to reuse the same opened aspx page earlier and concatenate some information...
View 2 Replies
Jan 10, 2011
I have a WCF webservice that acts as a data provider for my ASP.NET web page. Throughout the web page a number of calls are made to the web service via the auto-generated ServiceClient. Currently I create a new ServiceClient and open it for each request i.e. Get Users, Get Roles, Get Customer list etc.... Each one of these would create a new ServiceClient and open a new connection.
Can I make my ServiceClient class a global or statically available class so that all functions within my ASP.NET web page can use the same client. This would seem to be far more efficient. Are there any issues with doing it this way? Any advice I should take into account when doing this? What happens if I make multiple requests to a client? Presumably it is all synchronous so it shouldn't matter if I make 1 or 50 calls to it?
View 2 Replies
Nov 16, 2010
Using a SQL Server back end, I have a Company Name field that I want to reuse in different views of my application. I do not want to use it only in the Master layout but within the "view space". Is there another way to access this data without using a ".include" for that table in all of my methods? Is there a way to add dynamic data in the Shared folder that can be called up anytime? If it is in the Master page can I pull the variable into the specific "view space"?
View 5 Replies
