I am having some trouble with active directory authentication using FormsAuthentication in ASP.NET MVC 2 (VS 2010).
As I understand it I should be able to step into/through the Microsoft source code for FormsAuthentication.Authenticate if I check 'Enable source server support' and 'Enable .Net Framework source stepping' in Options->Debug->General and specify 'Microsoft Symbol Servers' in Options->Debug->Symbols.
I have done this and can step into a whole bunch of MS source code, but not FormsAuthentication.Authenticate. The debugger simple steps over it.
If I could step into FormsAuthentication.Authenticate it would make my life a whole lot easier.
I have configured Forms Authentication in my web config file as below.
Following is my code
[Code]....
The issue is that FormsAuthentication.Authenticate never returns true. This is a very simple website with only two pages and no other code(The code too was copied from MSDN).
How do I use the FormsAuthentication.Authenticate(Username,Password) method to match against the generated Database?..since as far as I have read, it matches the values against the Web.config.
If I am on a website#1, and I enter my username/pwd for website#2 on a login page that is on website#1, and website#1, behind the scenes, makes a httpwebrequest to website#2 and posts to the login page. If I then navigate to website#2, should I be logged in? website#2 uses formsauthentication and I call a httpHandler that is on website#2 and pass it the username/password via the querystring. Should this work?
So we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works. We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working. Using forms authentication, I set up in the web.config
It connects to build the membership provider just fine, but when I tryto use the exact same username and password to login on the forms login page (the stock asp.net stuff) it fails to login. same user, same password that's being used to connect with the membership provider. If I change the password in the web.config, I get an error that it's incorrect, so I know that the membership provider is getting connected with those credentials. What I can't figure out is why can't I use the same credentials to login? I've checked:
The user is not locked.
the user is not set to change password on next logon.
We are developing a browser based intranet application. All users have active directory account, so obvious choice would be use Integrated Windows Authentication. But there will be multiple users accessing same client machine so we decided to use form based authentication (but authenticated against AD). In this scenario what is the best way to authenticate between my ASP.NET application (IIS) and WCF Services (another server IIS 7). I don't want to use asp.Net Compatibility mode or certificate. I am thinking to create another domain account to authenticate ASP.NET and WCF. I am also passing the information about the current ASP.NET user to WCF as header info. Is this the right way to do? The following code will call from ASP.NET to access and get each service method.
// Call WCF service from ASP.NET Application using a new domain account for each call. proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain"; ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient(); proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account"; proxy.ClientCredentials.Windows.ClientCredential.Password = "password";
Is there any better way to authenticate WCF from ASP.NET?
For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon.
My question is how can I authenticate an application as being an official application suited for use with these wfc services without using certificates?
They are trying to avoid a situation where inquisitive customers are clever enough to retrieve the service calls and have enough infrastructure to build their own clients to use them.
I'm using Asp.net c# language programming. What is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site. Right now once a user logs in it keeps them logged in for weeks at a time. The use of the application is being opened up to users who share computers that use logged in service accounts. I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.)
I have an asp.net app. It has a page that requires authentication. The authenticated user can view the page because he/she is authenticated. The page makes a jQuery Ajax call to a WCF service. The WCF service checks that the user is authenticated via HttpContext. I have a user that is using WinXP and IE8. This user can authenticate to the page, but when the Ajax call is made from the page to the wb service, the user recieves my "session not authenticated" message on the page, generated by the service and displayed on the page. When I use the same OS/browser combo, the page and service work just fine, as expected; no errors.
What option in this user's IE settings would cause this behavior?
I´m building a home page where logged in users shall buy products. To be able to get to the buy page the user already has to be logged in. But when he shall execute the buy he has to reenter his password again to check the user a second time. How do I check if his entered password matches his user password? I´m using the ASP Membership library and I have passwordFormat="Hashed".
working sample of logging in using Twitter (OAuth) for .NET I'm currently using this one [URL] but it only works if I set the callback url to "oob", if I set a real callback url I get "401 unauthorized".
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
I have a ASP.NET website which uses the standard ASP.NET Login Control for authenticating users. The user information is stored in a SQL Server database which is not accessible from client side. I want to write a standalone desktop windows form application which requires user to login with the same credential (username and password) used on the website. For the web-based form authentication, it's simple just to use the login control. Howerver, I have no idea for how to deal with the login for windows form application. My naive idea is to create a login web service which windows form application can utilize.
In web development, when session state is enabled, a session id is stored in cookie(in cookieless mode, query string will be used instead). In asp.net, the session id is encrypted automatically. There are plenty of topics on the internet regarding how you should encrypt your cookie, including session id. I can understand why you want to encrypt private info such as DOB, but any private info should not be stored in cookie at first place. So for other cookie values such as session id, what is the purpose encryption? Does it add security at all? no matter how you secure it, it will be sent back to server for decryption.
Be be more specific, For authentication purpose, turn off session, i don't want to deal with session time out any more store some sort of id value in the cookie, on the server side, check if the id value exists and matches, if it is, authenticate user. let the cookie value expire when browser session is ended, this way. vs Asp.net form authentication mechanism (it relies on session or session id, i think) does latter one offer better security?
When using the system.net/mail web.config settings to configure my SmtpClient, it fails to deliver emails, with an "protocol error" described best by Base64 encoding and authentication problems:
Example: With the following Config <system.net> <mailSettings> <smtp from="[URL]"> <network host="[URL]" port="2525" defaultCredentials="false" userName="username" password="password"/> </smtp> </mailSettings> </system.net>
And the Code:
var tmp = new SmtpClient(); MailMessage msg = new MailMessage(); msg.Subject = "test"; msg.From = new MailAddress("[URL]"); msg.To.Add(new MailAddress("[URL]")); msg.Body = "test"; tmp.Send(msg);
Produces the error message:
System.Net.Mail.SmtpException: The server committed a protocol violation The server response was: UGFzc3dvcmQ6 at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response) at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException & exception) at System.Net.Mail.SmtpClient.Send(MailMessage message)
However, in the following code where I manually set all the properties, the code runs without exception and the email is delivered.
var tmp2 = new SmtpClient("[URL]", 2525); tmp2.Credentials = new NetworkCredential("username", "password"); tmp2.UseDefaultCredentials = false; MailMessage msg = new MailMessage(); msg.Subject = "test"; msg.From = new MailAddress("[URL]"); msg.To.Add(new MailAddress("[URL]")); msg.Body = "test"; tmp2.Send(msg);
I'm new to asp.net and SQL Server and I'm trying to research and implement a good way to authenticate a user using those technologies. Would you have any advice as to best approach this? I've read some of hashing but I couldn't find a good tutorial or website describing the best way to approach that
Here's the situation - Most of this ASP.NET Web Forms application (which uses a single master page for all pages) with Forms Authentication, has a standard session timeout, but there are some "modes" where we store an encoded cookie that links the user to their account.
I would like to manually check early on in the page lifecycle for the cookie, and if certain conditions are met, manually re-establish the user's authentication ticket/session.
Where's the best place to do this? Master page Page_Init? Global.asax BeginRequest?
I am trying to modify my current page to have a login. My Current page has the user select a store via a drop down List. This DDL will need to be used as the user name. I would liketo add a Password textbox and the end of the page that the user would just type in there password and hit submit to submit the form is correct or pop-up that passowrd is incorrect and re-enter. I would like to use a Database on my SQL Server to autenticate the passwortd with the store. Does anyone have any sample code that will accomplish this.
