Does anyone have any pointers for implementing the following: I want to cheaply enable multi-factor authentication on an asp.net website. I want people to be able to use an app on their phone (iPhone at the very least) to generate the token used alongside their username/password to login to the site. I do not want the people to have to carry a third-party device/fob to generate the token.
View 3 RepliesI've got a multi level dependency chain in my object model: An organization has the following children relationships:
Organization
.CompetitionGroups
.CompetitionGroups.Venues
.CompetitionGroups.Competitions
.Divisions.Games
.Divisions.Games.Participants
.Divisions.Games.Participants.GameSegments
.Divisions.SubDivisions...
.Divisions
.Teams
.Teams.Players
.Teams.Participants
.Teams.Participants.GameSegments
.VenueDates
This is just a glimpse at the object model, but it's focused on the complexity of the relationships and lists. What I can't really get is what's the best way to factor my repository interfaces, given the requirements to do a unit of work. For example, to create a game, you'll need a venuedate and two participants. Does that mean the GamesController should require an IGameRepository, an IVenueDateRepository, and an IParticipant repository? Should they be rolled into one repository?
Also, what about in the consumption cases? For example, to display a signle team's schedule, you'll need all of the Participants for that Team, all of the Games for that participant, and all of the GameSegments for the participant. If those are factored into individual repositories I can't see how you can do efficient queries. Does that mean you have Repositories specifically focused on different cases? for example:
public interface IScheduleRepository {
public ICollection<Game> GetScheduleForTeam(Team team);
// More consumption methods
}
public class ScheduleRepositry : IScheduleRepository {
public ScheduleRepository (ModelContext context) {
// Do stuff with context
}
public ICollection<Game> GetScheduleForTeam(Team team) {
return (
from p in context.Participants
where ((p.Game.VenueDate != null) &&
(p.TeamId == team.Id))
orderby p.Game.VenueDate.StartTime
select p.Game).ToList();
}
// more consumption methods
}
public interface IGameRepository {
public void AddGame(Game game);
// More crud methods
}
// Not showing games repository
public class GamesController : Controller {
public GamesController (IGameRepository gamesRepo,
IVenueDateRepository venueDateRepo,
IParticipantRepository participantRepo) {
// do stuff with repos here
}
[HttpPost]
public ActionResult AddGame(Game game) {
// Skipping validation logic
// this?
VenueDate = venueDateRepo.Add(game.VenueDate);
foreach (Participant p in Game.Participants)
{
participantRepo.Add(p);
}
Game = gamesRepo.AddGame(game);
// or this?
// how would the game repo know to persist
// the children elements? is that tight coupling?
Game = gamesRepo.AddGame(game);
}
// more consumption methods
}
My question is I don't yet understand to what degree factoring your repositories make sense based on a connected object model. I'd love to get some advice here.
We are in the process of building a new website which we want to lock down to specific computers to only allow access, then once the pc is authenticated we will do our in built user authentication. Also, when a pc is known, we dont really want anything on the pc which can be easily transfered (by the client) onto another pc in order to gain access to the website. the best way to achieve this 'lock down', we dont really want to go down the AD route and have loads of extra user data to maintain.
View 2 Repliesimplementing a strong two factor authentication solution to an app that's already using asp.net authentication? any particular add-ons that work well with asp.net? Preferably one that doesnt involved end-user hardware.
View 1 RepliesWe have a simple ASP.NET app that uses the ASP.NET SqlMembershipProvider and all is great.
We want to create a second app on the same server, also use the SqlMembershipProvider, but a different "applicationName" so that the user accounts between the two apps are kept separate.
It looks like this would be possible by making the two different app domains (ie they each have their own web.config), but I'm hoping to just put them in different directories so I don't have 3 web.configs (one for each app, and the main one) that all have to be kept synchronized. So what I'm after is:
/web.config
/APP1 (uses membership provider in /web.config, with userlist A)
/APP2 (uses membership provider in /web.config, with userlist B)
It looks simple to define multiple membership providers that use a different 'applicationName' value.
But how do you tell the system.web.authentication node which membership provider to use?
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesI'm trying to create a list of items with a listview (ASP.NET VB) and would like to allow a user to use 1 of 2 checkboxes (or radio buttons), to allow them to mark that record as "approve" or "delete", then once they've made all of their selections, they press a button at the bottom to action each of their requests.
So they might select 10 records to delete and 5 to approve, but I want them to run all at the same time, rather than making them edit a field for them all 1 by 1.
I'm also having a bit of trouble identifying a particular record in my codebehind, is the only way to do it through listview1.items then get the index of it, and compare it to the same sql query somehow?
I have been seeking the best way, or at least a good way, to handle Client Access for a Multi-Tenant/SaaS-type web app designed with MVC 2.There are no tricks as far as client customizations needed here. So every company will have the same experience on the app. I just need to understand how I can isolate the experience so that a logged in user only sees data relevant to his company. My tactic is that my database houses a "tenantID" column for each row so I can easily isolate the rows that way. I am wondering if the default provider using the ASPNETDB.mdf can be modified to route users to their assigned company data. I have seen examples using route paths ({tenant}/{controller}/{action}/{id}) but even those threads express doubts. So if anyone has a good method that they are comfortable with, I am all ears (or eyes).
View 5 RepliesI would like to add this feature to my web application, for the end users to chose the type of the authentication either (windows) or (Forms), and add it in the admin setting. This can be done by changing the authentication type programmatically in the code. how can I do this? Note: The user can use one type at time only.
View 1 RepliesOur current application is working fine but when you try to misbehave like we found out that When login with same user in multiple tab with different organization(there is a organization dropdown in the master page which sets the cookie whenever it is changed.) in tab one it is org 1 and tab 2 it is org2 , cookie has the later org 2 in it but when we go back in tab1(which had org1) and save the record org 2 will be saved with the record So can some one share some sort of a checklist with us which address these types of problem.
View 3 RepliesHow do I configure .NET webservice to require all consumers to supply credentials, then verify their validity against database table?
View 4 RepliesI been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.I have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database I try to connect tThis is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;errormessage
In my masterpage application i have "Integrated windows authentication" enabled and it works fine for Active Directory Users. but i have created some users in my aspnetdb and i want few users to login and use my application. But for created users in aspnetdb i can getting "windows login screen". means when users not on active directory try to access application instead of getting login page, they get windows auth login popup.
View 1 RepliesI have just started building an asp.net web service with visual studio 2005. However whenever i try and run the site i get this message, saying "debugging failed because integrated windows authentication is not enabled". I am at a loss of how to correct this problem.
View 1 RepliesI am developint an Asp.Net MVC3 web application, which will be available over intranet and internet for users.
For this sake I want to use dual authentication (Forms and Windows). Both authentications works perfectly separately.
Kindly let me know how can I enable both authentications for my single MVC3 site. Windows authentication for Intranet and Form based authentication for Internet user.Looking for your kind cooperation.
I have the following code snippet :
[Code]....
With code behind :[Code]....
Why do I have to press the "Enable" button twice to enable a disabled ComboBox ?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
View 2 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 Replies