How To Authenticate A Calling Application
Oct 4, 2010
For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon.
My question is how can I authenticate an application as being an official application suited for use with these wfc services without using certificates?
They are trying to avoid a situation where inquisitive customers are clever enough to retrieve the service calls and have enough infrastructure to build their own clients to use them.
View 2 Replies
Similar Messages:
Mar 21, 2010
I have a fairly complex business application written in ASP.NET that is deployed on a hosted server. The site uses Forms Authentication, and there are about a dozen different roles defined. Employees and customers are both users of the application.
Now I have the requirement to develop a Windows Mobile client for the application that allows a very specialized set of tasks to be performed from a device, as opposed to a browser on a laptop. The client wants to increase productivity with this measure. Only employees will use this application.
I feel that it would make sense to re-use the security infrastructure that is already in place. The client does not need offline capability.
My thought is to deploy a set of web services to a folder of the existing site that only the new role "web service" has access to, and to use Forms Authentication (from a Windows Mobile 5/.Net 3.5 client).
I did see this question and I am aware of the limitations that Forms Authentication poses. Since security is not my primary motivator (I use SSL and can restrict access by IP address), but rather using existing user accounts and roles, my decision tree is somewhat different as well.
View 1 Replies
May 24, 2010
In my ASP.NET application, I need to be able to authenticate/authorise against local Windows users/groups (ie. not Active Directory) on a different machine, as well as be able to change the passwords of said remote local Windows accounts.
Yes, I know Active Directory is built for this sort of thing, but unfortunately the higher ups have decreed it needs to be done this way (so authentication against users in a database is out as well).
I've tried using DirectoryEntry and WinNT like so:
DirectoryEntry user = new DirectoryEntry(String.Format("WinNT://{0}/{1},User",
serverName, username), username, password, AuthenticationTypes.Secure)
but this results in an exception when you try to log in more than one user:
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
I've tried making sure my DirectoryEntries are used inside a using block, so they're disposed properly, but this doesn't seem to fix the issue. Plus, even if that did work it is possible that two users could hit that line of code concurrently and therefore try to create multiple connections, so it would be fragile anyway.
Is there a better way to authenticate against local Windows accounts on a remote machine, authorise against their groups, and change their passwords?
View 1 Replies
Feb 8, 2011
I currently have an odd problem with ASP.Net authentication. Consider the two following lines:
MembershipCreateStatus ct = new MembershipCreateStatus();
Membership.CreateUser("admin", "mypassword", "test@gmail.com", "1", "1", true, out ct);
This does register my user in my database. I have verified this.However, when I run this immediately after:
FormsAuthentication.Authenticate("admin", "mypassword");
The authentication fails. The weird thing is I know for a fact that the user does exist in the db, and that is further confirmed if i run
MembershipUserCollection uc = Membership.FindUsersByName("admin");
and uc does hold my admin user withe all the proper info. why Authenticate would return false?
View 1 Replies
Nov 10, 2010
My application name is MyApp and i added the util.dll as a reference in my MyApp. I have some forms and methods in util.dll (say frmErr.vb). Consider that i'm opening this frmErr.vb form (which is in util.dll) from MyApp so how can i find that i'm opening this form from MyApp in frmErr.vb Load function?
View 3 Replies
Apr 26, 2010
I am new to SSRS report. I designed the report in BIDS and deployed it on the server. Now I have to use that report in my web application.
how do I do that using VB.NET.
The report path looks like this,
[URL]
View 5 Replies
Oct 7, 2010
I'm new to Borland C++ Builder and the application that I'm working on has to be launched from a ASP.net application on click of a button. That ASP.net application is able to launch other EXEs (made in C#) but when my application is launched it crashes immediately with a msg "an error has is encountered, tell microsoft about this problem" with button "Don't Send" "Send error report" and "debug". The ASP.net program is able to call "notepad.exe" which is probably not written on .net.
So, how do I call an application from ASP.net/c# which written in Borland C++ Builder and is launching successfully when I double click the application.
View 1 Replies
Jan 13, 2011
in my asp.net application, i am calling a stored procedure (oracle) to get some values from database.
Following is the sp:
[code]....
how to call this sp from my asp.net code.
View 2 Replies
Jul 22, 2010
I'm trying to call a linked server, SS2000 that has NText field and insert that data into an nvarchar(120) field on SS2008.
If I execute the SPROC from SS Management Studio, it works fine.
If I try to call the SPROC from my web application, I don't get any errors, but the data doesn't get updated.
I'm using the following SPROC:
[code]....
View 4 Replies
May 19, 2010
I am using Asp.Net application for calling an existing Java webservice. Recently the web service is configured with Security certificates. Now I need to call the webservice using "https:URL .." and by passing the credentials i.e. UserId and Password.
When I call the webservice using [URL] I get the below error. Is the change in my code is causing this error?
Error:Client found response content type of 'text/html; charset=iso-8859-1', but expected 'text/xml'. The request failed with the error message: --
500 Internal Server Error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. contact the server administrator, you@your.address and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
IBM_HTTP_Server Server at ............ Port 443
View 1 Replies
Mar 2, 2011
The message sent to browser is as follows:
The type My.API.Class is ambiguous: it could come from assembly '[on Temporary ASP.NET Files]' or from assembly '[on bin folder]'
The problem occurs when debugging a Web App, speciically when making a request to a WebMethod of a WebService.The project compiles just right. It generates My.Website.dll on bin folder and if I publish the Web Application. It works fine.The asmx file is on the root of the application. The CodeBehind file is on App_Code and its marked to be compiled to generate My.Website.dll.The way this person exposes its problem is somehow similar but I get starting to be lost when he talks about a proxy class and shared dlls I don't use.
View 2 Replies
Sep 15, 2010
I have a web service that has a CreateReport method that generates a report based on the specified criteria.
When I call this method Synchronously using a Windows Application or Console Application, the call works fine and the report is created.
When I call this method ASynchronously (CreateReportASync) using Windows Application the report is created.
When I call this method ASynchronously (CreateReportASync) using Console Application the web service does not even get the call.
I am using VS2005 and .Net Framework 2.0. So the proxy is automatically created with the Async methods. I am not really interested the result of the method call, so I do not add a Callback Delegate.
View 4 Replies
Aug 17, 2010
I have simple 3 tier web application and have mostly CRUDE functionalities. Recently I required to add new console application to the existing solution in which I call data layer methods for retrieving data from DB but I get an exception "The type initializer for threw an exception."When I debugged I found that the exception is thrown at datalayer on first line of class where I get connectionstring from
web.config, the code is public static readonly string CONNECT_STRING =
ConfigurationManager.ConnectionStrings["DbConnectString"].ConnectionString;
Now if I hardcode the connection string value like public static readonly string CONNECT_STRING = "Data Source=XYZ;uid=sa;password=XXX;initial catalog=ABC;"
it works fine.I don't understand what is the issue here as web application works fine with this datalayer.
View 2 Replies
Mar 17, 2010
If I am on a website#1, and I enter my username/pwd for website#2 on a login page that is on website#1, and website#1, behind the scenes, makes a httpwebrequest to website#2 and posts to the login page. If I then navigate to website#2, should I be logged in? website#2 uses formsauthentication and I call a httpHandler that is on website#2 and pass it the username/password via the querystring. Should this work?
View 6 Replies
Aug 2, 2010
So we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works. We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working. Using forms authentication, I set up in the web.config
<add name="ADConnectionString" connectionString="LDAP://10.1.XXX.XXX"/>
and
<!--<authentication mode="Windows" />-->
<membership defaultProvider="MyADMembershipProvider" >
<providers >
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXXXBrown.Eric"
connectionPassword="XXXX"
connectionProtection="None"
/>
</providers>
</membership>
It connects to build the membership provider just fine, but when I tryto use the exact same username and password to login on the forms login page (the stock asp.net stuff) it fails to login. same user, same password that's being used to connect with the membership provider. If I change the password in the web.config, I get an error that it's incorrect, so I know that the membership provider is getting connected with those credentials. What I can't figure out is why can't I use the same credentials to login? I've checked:
The user is not locked.
the user is not set to change password on next logon.
The user is not expired.
View 1 Replies
Feb 19, 2010
We are developing a browser based intranet application. All users have active directory account, so obvious choice would be use Integrated Windows Authentication. But there will be multiple users accessing same client machine so we decided to use form based authentication (but authenticated against AD). In this scenario what is the best way to authenticate between my ASP.NET application (IIS) and WCF Services (another server IIS 7). I don't want to use asp.Net Compatibility mode or certificate. I am thinking to create another domain account to authenticate ASP.NET and WCF. I am also passing the information about the current ASP.NET user to WCF as header info. Is this the right way to do? The following code will call from ASP.NET to access and get each service method.
// Call WCF service from ASP.NET Application using a new domain account for each call.
proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";
ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient();
proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account";
proxy.ClientCredentials.Windows.ClientCredential.Password = "password";
Is there any better way to authenticate WCF from ASP.NET?
View 4 Replies
Apr 1, 2011
I'm using Asp.net c# language programming. What is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
View 2 Replies
May 24, 2010
I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site. Right now once a user logs in it keeps them logged in for weeks at a time. The use of the application is being opened up to users who share computers that use logged in service accounts. I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.)
View 3 Replies
Jun 8, 2010
I have an asp.net app. It has a page that requires authentication. The authenticated user can view the page because he/she is authenticated. The page makes a jQuery Ajax call to a WCF service. The WCF service checks that the user is authenticated via HttpContext. I have a user that is using WinXP and IE8. This user can authenticate to the page, but when the Ajax call is made from the page to the wb service, the user recieves my "session not authenticated" message on the page, generated by the service and displayed on the page. When I use the same OS/browser combo, the page and service work just fine, as expected; no errors.
What option in this user's IE settings would cause this behavior?
View 1 Replies
Dec 22, 2010
How can we authenticate user in web services like i want that a user with valid id and password should only be able to consume my web service.
i am using .net framework 2.0
View 1 Replies
Mar 10, 2010
I am having a issue with my form authenticating the form. I checks to see if there is a password but does not authenticate. Here is my code.
[Code]....
View 5 Replies
Dec 14, 2010
I´m building a home page where logged in users shall buy products. To be able to get to the buy page the user already has to be logged in. But when he shall execute the buy he has to reenter his password again to check the user a second time. How do I check if his entered password matches his user password? I´m using the ASP Membership library and I have passwordFormat="Hashed".
View 3 Replies
Jan 27, 2011
working sample of logging in using Twitter (OAuth) for .NET I'm currently using this one [URL] but it only works if I set the callback url to "oob", if I set a real callback url I get "401 unauthorized".
View 4 Replies
Oct 28, 2010
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
View 2 Replies
Jan 12, 2011
I have a ASP.NET website which uses the standard ASP.NET Login Control for authenticating users. The user information is stored in a SQL Server database which is not accessible from client side. I want to write a standalone desktop windows form application which requires user to login with the same credential (username and password) used on the website. For the web-based form authentication, it's simple just to use the login control. Howerver, I have no idea for how to deal with the login for windows form application. My naive idea is to create a login web service which windows form application can utilize.
View 4 Replies