C# - What Is User Token Usefullfor

Dec 11, 2010

here is an article here:http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.htmlIt's not clear why I would need it ? Is it for ASP.NET or also Winform ?

View 1 Replies


Similar Messages:

Could Not Create Windows User Token From The Credentials Specified

Sep 22, 2010

I have developed a web service and installed in a server suucess fully, its working fine there.

I tried to work in another server, But I had some error there in the new server.

I trying to access a network folder, Its accessible for the user which I have mentioned in the web config, But I'm having error.

in the web config

<identity impersonate="true" userName="UserName" password="password"/>

View 21 Replies

Difference Between Token And FormsAuthenticationTicket ?

Mar 23, 2010

when i read msdn.

i saw 2 things token and formsauthentication ticket..

can anybody tell me the Difference between token and FormsAuthenticationTicket ?

View 15 Replies

Authentication Through A Token Pass In MVC?

Sep 15, 2010

I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language. We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the page written in .NET. Almost all the tutorials and articles I've read about security for ASP.NET, and most languages, the message has generally been "just use the built in stuff and don't mess with it".

I have code that takes the token, goes into the database and gets the user details.. what do I do then to integrate that into the built-in security stuff for ASP.NET? I'd like to ultimately use Action Filters for authorization on my controllers.

View 1 Replies

WCF / ASMX :: SSO Authentication Token And POX Interfaces

Jul 28, 2010

We have a SSO authentication service that other externally facing web pages and services use to authenticate users. A user tries to reach a service, if no cookie is found containing an authentication token, they are redirected (HTTP 302) to the SingleSignOn authentication service. The auth service does it's work, and redirects the user (HTTP 302) to the original URL with their encrypted authentication token in the URL. Great. How can I invoke this from a WCF POX service? No SOAP here, just HTTP GET/POST with XML responses.

What I'm currently doing is, in each service method implementation method, checking the headers for the cookie. If the cookie exists, verify the auth token and process the request. If the cookie doesn't exist or the auth token has expired, then respond with:

[Code]....

That works, but isn't integrated with any of the WCF features, and requires me to manually code for a whole bunch of scenarios. Is there a way I could implement this using these classes:

[Code]....

or use some other means that checks each request to the service? I've been reading pages like: How to: Create a Custom Token, but I don't see how it applies to my needs. I'm looking into this because I have some time before my project kicks off, and I'd like to implement this project correctly and learn about WCF as much as I can.

View 2 Replies

Java - Methods To Set A Session Token By Url?

Mar 18, 2011

I'm writing up a security document and it would be great if programmers in other languages than PHP could chime in on (perhaps the default) way sessions are passed by URL in their language's default session handler.

eg. PHPSESSION=token in PHP

Oh, and if yes does it also use cookies?

View 2 Replies

IE Not Saving Authentication Token / Cookies?

Oct 30, 2010

I have an asp.net site. Its a mixture of web forms and MVC2.

I have this on 2 different servers which I get to via different urls.

On one server authentication works fine via all browsers (IE 8, FF 3.6, Chrome)

On the other IE 8 fails, it doesn't send back the cookie on the request to the page after authenticating.

Using Fiddler I have seen that both sites attempt to set the cookie, in the response from the login page.

Response Header I see from both servers
Set-Cookie: DemandLaunch=CCA4...E79C2D1; path=/; HttpOnly

Both sites are in the internet zone of IE.

I'm at a loose for what to check now.

I also have a page that sets a cookie via c# code and that cookie fails in IE as well.

The IE issue is not on a single computer either. I see this failure on 4 different computers Internet Explorer.

My urls which I should have included were:

beta.[site].com - works
beta_[company].[site].com - fails

View 1 Replies

Security :: Use Token Based Authentication?

Mar 2, 2010

How to create Uniue Token with properties like expiration time,

Any standars method provided by Microsoft,

View 2 Replies

Windows Authentication Header Token Not Being Sent?

Feb 21, 2011

I'm trying to get a ASP.NET application to use windows authentication. I have disabled anonymous auth and enabled windows auth in IIS7. On my dev box (my workstation, localhost) I can use fiddler and see proper token is passed in through the header and I'm not prompted. Everything is working fine and I'm authenticated as my domain user.

However, on a remote server on our domain, with identical settings, I continually get prompted. We need it to automatically send the domain authentication for windows auth.

Does anything in IE need to be configured for this to happen for a remote machine on the same domain?

View 2 Replies

MVC :: Razor Multi-Token Statements In VB.NET?

Dec 17, 2010

Multi-Token Statements

The @( ) syntax enables a code block to have multiple tokens. For example, we could re-write the above code to concatenate a string and the number together within a @( code ) block

View 5 Replies

Security :: Storing A Token In Browser Or In Querystring?

Feb 17, 2010

We have developed a system to allow users to access another one of our web applications by placing a token in the db and then when they redirect passing this token in the browser to the new apop and using that as an authenication method. However I am thinking that it might be better to simply place this token in the browser cookie as then the user doesnt have to physically click a link they can simply do straight to it because the token wont be in the query string anymore....

Will it add much of an overhead doing it via cookies are there any disadvantages?

View 4 Replies

Security :: Add An Expiration Token To A Existing Querystring?

Jul 2, 2010

I don't know if the following is possible or not but in brief, here is what I'm trying to achieve:

1. When a user requests to view a document, they click on a link (could be other) which contains an encrypted query string containing data required to retrieve the relevant document. i.e.[URL]

2. I want to ensure that if after x minutes the user goes back to their history and select the link again or re-type the same url as above that it will not request the document and redirect them to a page letting them know that the requested document "link" is no longer valid.

I don't want to rely on cookies or sessions, so thought that maybe there would be a way to add a datetime token at the end of the existing url but this needs to be done at run-time as the url is already predefined when the link is created, so I'm not sure how can I do this?

ideally, I'd like something like this [URL] where the token would contain the date & time when the link was clicked.

Once re-requested, I would decrypt the token and validate it again the server time and if it was over the x minutes defined, it would redirect me to the "link is no longer valid" page.

View 2 Replies

Add Per Request - Token Based Authentication To Mvc Site

Apr 4, 2011

I have an existing asp.net mvc website that uses basic forms authentication. The site has a login page that posts back to a login action, which logs the user in via FormsAuthentication.SetAuthCookie(). I am looking to add an api to the site, as an mvc2 area, where users would be authenticated based on a token passed as an http header. This area will consist of only json actions, so redirecting the user to a login page doesn't make sense. Instead, I want the users to just pass a token along with each request. That token is mapped to each user account and the user would be authenticated automatically.

I'm struggling with where to put this logic. At this point, the best choice seems to be adding the header lookup logic and authentication to the Global.asax in the Application_AuthenticateRequest method. I want to avoid needing to redirect the user after calling FormsAuthentication.SetAuthCookie(), though. I want the login action to be transparent to them. Am I approaching this the wrong way? As a side note: Requiring a username/password for api requests is not possible, as the site has a mix of users. Some joined using OpenID while the rest joined with a username/password.

View 1 Replies

WIF Security Token Service Not Staying Logged In

Aug 27, 2010

I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in.

Here's what occurs in my login.aspx on the STS
var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket);
if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(cookie);
var returnUrl = Request.QueryString["ReturnUrl"];
Response.Redirect(returnUrl ?? "default.aspx");

Which was taken almost directly from existing application using normal Forms Auth.
From my web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="2880"
name=".STS" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="default.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>

Looking at the cookie after I sign in I can see the expires time on the cookie is set for 14 days in the future and that the cookie is NOT a session cookie. When I'm required to log back into the STS I can see that my original cookie is still there. Is there some kind of time stamp functionality that the STS embeds into the cookie that is invalidating my cookie even though as far as I know it should still be valid?

View 2 Replies

How To Get Anonymous Authentication Token For Profile Support

Jun 14, 2010

So I have an asp.net Web Application (Not Web Site) that I am trying to support profiles for anonymous users. I have a form and I want anonymous users to be able to enter their name and email only once, and have that information automatically accessible on the next load for them.

In my Web.config I have anonymous ID setup like so:

<anonymousIdentification enabled="true" cookieless="AutoDetect" />

I have my profile section setup like this:

<profile defaultProvider="SqlProvider" enabled="true" inherits="QA_Web_Tools.UserProfile">
<providers>
<clear />
<add connectionStringName="QAToolsConnectionString" name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider" />
</providers>
</profile>

Finally, due to my app being a Web App and not a Web Site, I am using the profiles via this custom object:

public class UserProfile : ProfileBase
{
public static UserProfile GetUserProfile(string username)
{
return Create(username) as UserProfile;
}
public static UserProfile GetUserProfile()
{
return Create(Membership.GetUser().UserName) as UserProfile;
}
[SettingsAllowAnonymous(true)]
public string FullName
{
get { return base["FullName"] as string; }
set { base["FullName"] = value; }
}
[SettingsAllowAnonymous(true)]
public string BuildEmail
{
get { return base["BuildEmail"] as string; }
set { base["BuildEvmail"] = value; }
}
}

This code is based off of this reference. The issue is that that code does not support anonymous users, or if it does I don't know how. I can't use the GetUserProfile() method with no parameters because if the user is anonymous, Membership.GetUser() is null. I could pass in the anonymous ID token into the first GetUserProfile(string username) method but I cant' find any way to get the anonymous ID token for the current user. Does anyone know how to get this information? Google doesn't seem to be returning useful results.

View 1 Replies

Unexpected Token Error When Using XmlDataSource Control?

Sep 23, 2010

I have XML like this:

<?xml version="1.0" encoding="UTF-8"?>
<viewentries timestamp="20100923T130205,90Z" toplevelentries="8903">
<viewentry position="1" unid="A4958CC88435D1A8422577A7004422E8" noteid="4DF15A" siblings="8903">
<entrydata columnnumber="0" name="$59">
<text>63722</text>
</entrydata>
<entrydata columnnumber="1" name="$70">

[Code].....

However, if I save the same xml to a file to my computer, it works without a glitch.

View 2 Replies

Security :: Token Login Don't Keep Session With Two Applications?

Jun 15, 2010

I've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.

To this way, by token, I create a new session and save the relative auth cookie.

But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.

Both the two application are behind an reverse proxy.

View 3 Replies

Social Networking :: Get Value Of Access Token Of Google Plus API In MVC

May 7, 2015

I am using Mvc4 application while connecting using google i need to fetch the user details how to do it????

View 1 Replies

Configuration :: Application Does Not Ask For The Pin Number Of The Token While Signing The Data?

May 7, 2010

i have used "advapi32.dll" and "crypt32.dll" dlls in my application for signing the sensitive data.This is working absolutely fine when i am running my asp.net application from solution explorer(directly).But the problem arises when i am hosting this application in IIS.The application does not ask for the Pin Number of the token while signing the data.

View 1 Replies

Cookies - Windows Identity Foundation - How To Get New Security Token

Feb 1, 2010

I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.

In ASP.net, security tokens are stored as cookies.

I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.

How do I remove the token so that the user can log in again and get a new token?

View 2 Replies

SQL Server :: Generate A Unique Token No Which Will Have Three Fields An Incrementer,comp_code?

Oct 19, 2010

I have to generate a unique token no which will have three fields an incrementer,comp_code anddate.I have problem in generating a unique incrementer. Incrementer should be incremented by 1 like 0001,0002 etc, should be unique and based on no of record inserted.

View 5 Replies

C# - System.BadImageFormatException - Invalid Token When Updating DLL To Newest Version

Mar 17, 2011

I've had this project running for a couple of months using a couple of company-specific DLL's. I just downloaded and updated to the newest version and I am now receiving this error. I don't believe it is specific to the DLLs themselves, more something in my project not expecting new versions. The stack trace isn't very helpful.

Server Error in '/dashbad' Application.

Invalid token.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.BadImageFormatException: Invalid token.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[code]...

View 1 Replies

Security - Securing Forms Authentication Token On Client Side?

Jul 16, 2010

In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

View 1 Replies

Membership Services Is Separate From Session / Forms Auth Token Is Still Hanging Around In The Browser

Feb 9, 2010

In our application, we have a need for a user to "impersonate" a different user. Think of it as a hierarchy -- Bob is above Frank in a hierarchy. Bob is logged in, and he needs to do things in the system for a short time as Frank. So, we have given Bob a list of users that report to him, and an impersonate link. He clicks on this link, and, behind the scenes, I log Bob out, and log in as Frank. I also set a session variable that tells me that really Bob is they guy who is the user. Also, Bob (acting as Frank now) has a nice little link at the top of every page that says "Stop Impersonation."

In addition, when Bob is impersonating Frank, Bob is restricted from doing some things, like changing Frank's password.

This was working great, until we encountered a situation where, if the session (I think -- getting confused here) gets destroyed (such as when I copy up new code and dlls to the live site), then when Bob clicks on "Stop Impersonation" he gets redirected to the default page, and is still logged in as Frank, but without the Impersonation session variable. So, now Bob really is logged in as Frank, and can change Frank's password (among other things).

How is it that a session variable (Impersonation) gets destroyed, but I guess the session is still hanging around, because it doesn't make the user log in again?

This is a somewhat serious bug for how our system works (bug in our code, I'm sure, not in .Net). We are using ASP.Net c#, aspnet membership services, .net 3.5, forms auth...not sure what else you need to know.

EDIT: Updated information. Looks like when "something" happens, for instance, when I recompile some dlls and copy them to the webserver, the session gets dumped. Or, rather, the variables in the session get dumped. The session id stays the same. I do get to check for Session.IsNewSession and it returns true, even though the id is the same as it was before.

Just like Utaal mentioned, Membership Services is separate from Session, so it's forms auth token is still hanging around in the browser, but my session variable telling me that that isn't really the user who is controlling the browser isn't there anymore.

EDIT: Sky, here is what I'm doing to authenticate a user. I can't figure out where I would insert a ticket into this flow:

if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
FormsAuthentication.SetAuthCookie(txtUserName.Text, false);

View 2 Replies

Security :: How To Security Token Transfer To J2EE Web Application

Mar 6, 2010

Here is 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest ) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved