I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
View 1 Replies
How to authenticate an user against a particular OU in Active Directory. If the AD holds 50 OUs I don't want to look into all 50 OUs , instead it should look into a particular OU( for eg: OU=dotnet users) to authenticate the user.
View 1 RepliesI am using Directory entry of System.Directoryservices class of Asp.net for authenticating against Sunone LDAP server. The following works fine.
DirectoryEntry entry = new DirectoryEntry("LDAP://SunOne2:42028/dc=domain,dc=com");
entry.AuthenticationType = AuthenticationTypes.None;
entry.Username = "uid=thost,ou=people,dc=domain,dc=com";(replaced original values)
entry.Password = password;
entry.RefreshCache();
Now I want to be able to authenticate all the users of different organisation units. e.g. ou=development,ou=accounting etc., So I specified like this, entry.Username = "uid=thost,ou=people,ou=devlopment,ou=accounting, dc=domain,dc=com"; but it says "There is no such object on the server". I also tried putting ou in URL. I am not sure where should I specify this OUs to make my search broad. I found a lot on internet but no success so far.
I am very new to LDAP and working around to connect to LDAP using .Net. I have been getting this error since past 2 days. de.Username = "uid=edeplex,ou=users,ou=internal,o=Ericsson"
View 1 RepliesI'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database using kerberos (so the NT user has permissions in the DB). This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any/much additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions for simple website config)
So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP.Net already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it.
I am trying to integrate authentication for a cloud-based application with an Active Directory forest behind my cilent's firewall.
I am a Python developer from the open-source world... needless to say, .NET is not my forte and I'm not familiar with authentication technologies provided by IIS/WIF/etc.
I have installed DotNetOpenAuth and gotten the sample MVC OpenID provider working with the included ReadOnlyXmlMembershipProvider.
I have scoured Google for a sample config/implementation or any documentation at all that describes the appropriate membership provider to use. The only thing I have found are hints - "It's included out of the box," or "create a .NET app that authenticates off of AD and expose OpenID."
How can I query off my client's AD? Is there a provider included with DNoA?
LDAP - directory entry issue with out user and password using impersonate and windows authentication
View 1 RepliesI'd like to Authenticate Users without having to use a Membership Provider.
What's the easiest way to do this?
I'm looking at returning a DirectoryEntry.
I am trying to develop a internal corporate portal that will be hosted external either on company leased decicated server or by hosting service like godaddy. The company portal is going to have links internal and external resources like Outlook Web Access and Sharepoint, Great Plains, our CRM software, etc, etc. I am basically creating intranet site for the company but the intranet is going to be hosted externally.
How do I authenticate user against the Active Directory, when the intranet site is hosted remotely?
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
Login.aspx
[code]....
I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers.
The flow of data is:
User visits login url, on a machine that's part of a webfarm (all with the same machine, decrypt keys)On successful forms authentication, user is redirect to a restricted url, their homepage Homepage renders correctly, knowns the identify of the user, and includes javascript to perform 7 asynchronous post-backs to get additional data Javascript kicks off 7 http.get requests, hitting different machines in the webfarm (assume round robin)Server validates request: ~0.01% fail to authenticate.
Now into details:
A very small number of the asynchronous requests land at my server (with evidence they were not manipulated or faked) and appear to be anonymous. Of the 7 requests made, some number may or may not work (ie, 5/7 will succeed, 2 will fail). There doesn't appear to be any patterns in success / failures. In the cases where my requests appear to be anonymous, the CurrentPrincipal.Identity records:
Thread.CurrentPrincipal.Identity.IsAuthenticated; // false
Thread.CurrentPrincipal.Identity.Name; // null (or empty, unsure off hand)
Dumping the http.context.request.params collection to a log file, I'm able to see the following relevent (and scrubbed) properties (complete params below):
[code]...
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
In my code, I now use...
HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
[code]....
I am using System.directory services namespace in framework 2 to query active directory. I have used fixed user account impersonisation in the web.config file, find the code:
<identity impersonate="true" userName="enterprise ang09" password="Telcome123"/>
<authentication mode="Windows"/>
I have disabled anonymous access in IIS. Also i have given Read & write access to the account tang09 for the website virtual directory and Microsoft.NET folder located in windows folder. But still i get prompted for the domain username and password to access the website.
I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.
View 4 RepliesI am a newbie on a LDAP, now we want to re-deploy a web application that will validate user name and password with AD in a login.aspx
I had success to check the user and password in VS 2008, but when I publish to server it don't work, (they can login even wrong username and password) I had enable the anonymous access and intergrated windows authentication on IIS. we using authentication mode = windows in our web.config
using something like the following to check the AD account
System.DirectoryServices.DirectoryEntry entry = null;
bool isOpened = false;
bool isSuccess = false;
try
{
string dom = System.Configuration.ConfigurationManager.AppSettings["domain"];
entry =
new System.DirectoryServices.DirectoryEntry("WinNT://" + dom, tb_username.Text.Trim(), tb_password.Text.Trim());
isOpened = true;
Object obj = entry.NativeObject;
but still no luck on IIS server. Would you mind to give me a hand to solve this issue, I had google for a week and still can't solve :(
I want to learn how to add/delete/update account (including adding mail boxes for new users). Can someone point to a good book where I can begin from. I want to start with some real basics and build from there.
View 1 RepliesHow to provide authentication based on a Active directory security group for a ASP.net webpage. I am using c# laungauge and .Net framework2.
View 3 RepliesHow to get a primary token to solve a double - hop and be able to access Active Directory [URL]
I don't understand a method A where is ASPX page to set the security mechanism to Anonymous only.
Is there anyway to change a user password as an administrator in active directory using c# code.
View 1 Replieshave a probleme with my search filter, i want to list the users of an organizational unit result.filter =(& (objectClass= user)(ou=dep1)); ====> it didn't work for me
View 1 RepliesI need to list a group of users, their group name is (IRS Group) to a list group. how to do this. I'm very new to asp.net and dont have much knowlegde about acctive directory.
View 1 Repliesour project using active directory on vb.net 1.1 and server 2003. We will be upgrade to vb.net 3.5 and server 2008.
In this case, 1. We convert all vb.net 1.1 application to vb.net 3.5 and run on server 2003.
Then later on, 2. Our server will upgrade to server 2003 to server 2008.
I would linke to know after doing above two phase will effect on Active Directory code setting in our program.
Can I conver to 1 to 1 withut changing anything in vb.net and server?
I am updating some CS code that was written in 2004, and that references some assemblies which extract user data from AD by query filtering on the user's title. I can't test my updated code in VS2010 because the assemblies no longer compile - the references are no longer valid (I can't create a DirectoryEntry or DirectorySearcher) so I need to work out how to replace the code with current directoryservices.accountmanagement namespace properties and methods. I have searched around but don't seem to be getting anywhere. give me some code that will work with vs 2010 to replicate the following:
[code]....
may i know where is the error , i tried so many to figure out but i was not able
Dim
UserName0 As
String= [code]......
I have a problem with saving some data into extensionattribute in AD.There is no problem with saving data into properties like "Mobile" or "SN" but when I try to save data into one of extensionAttribute , for example: extensionAttribute7 , I get an error "The attribute syntax specified to the directory service is invalid".There is no problems of read data from extension Attributes.
I use code like this:
[Code]....
It works good with "standard" properties.
