How To Disable Anonymous Authentication And Enable .net Impersonation
Feb 12, 2010
I been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.I have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database I try to connect tThis is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;errormessage
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
I am running ASP.MVC 2 with LINQ2SQL on IIS 7.5. I have enabled Windows Authentication with ASP.NET Impersonation. Application pool is running on different domain account [AsiaTestWebUser] is part of windows group [AsiaTestUserGrp]When i enable Asp.net impersonation on MVC web site. Once i hit LogOn from the default page , it's throwing me with below error message
I have a Win7 Pro laptop that I do my development on and it is in Domain1.I have a Win2003 server that has a shared folder on it and it is in Domain2. I have an impersonation routine in my code that allows IO to occur between my laptop and the server, it works.When I move the code to my Win2003 hosted servers the impersonation does not authenticate to the shared folder.Is there some kind of domain policy, IIS or Windows 2003 setting that prevents impersonation from occurring (there no impersonation in my web.config, only in code)? I saw in the security faq something about running the -ga command in order to grant the permissions. What is this referring to exactly?
I'm trying to enable passthrough or impersonation authentication inside an ASP.NET website that uses the TFS2010 API.I've got this working correctly with Cassini, however with IIS 7.5 (Windows 7) something is going wrong.I found this blog post on the subject, and tried the following:
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
I have an Intranet which is on IIS 7.0. I want to authenticate my users and know who is logged in. What options do I have to set in IIS Authentication part that my users do not need to type their user name and password to login to Intranet. I have set the Authentication to Basic and Impersonation, but it is asking user name and password.
I have a web page that calls a WCF service that makes a sql database call using Integrated Security. I get an error saying, "Login failed for user 'CorpDomainServerName01$'". I want it so that it all layers will execute under the user's AD credetials (working in an intranet), ie: "CorpDomainAlbert". On the server (Win 2008/IIS 7), I have Windows Authentication turned on and everything else off (including Anonymous) under Authentication for both the web client and the WCF service. Here's my client web.config:
I have been looking for code samples on how to do impersation with forms authentication for the current logged on user. I have found samples on the internet and this site and most seem to refer to windows authentication not forms. I am wanting to run specific blocks of code under the current user's credentials to access lists of files on servers on the internal network and display them in the page.I found this article on MSN for using impersonation in various ways, http://support.microsoft.com/kb/306158 and I was able to use the section of code where it describes how to Impersonate a Specific User in Code. This works quite well with forms authentication but requires a service account in AD with login and password. One the same page is a sample of how to impersonate the authenticated user in code, but this only seems to work with windows authentication. As have all other samples I could find, such as the article here,http://www.codedigest.com/codedigest/9-identity-impersonate-at-code-level-in-asp-net.aspx. But trying those with forms authentication results in the error "Unable to cast object of ype 'System.Security.Principal.GenericIdentity' to type 'System.Security.Principal.WindowsIdentity'" Since there is no windows identity with forms authentication.Can anyone point to an article that describes how to do impersonation with forms authentication at the code level?
So I have an asp.net Web Application (Not Web Site) that I am trying to support profiles for anonymous users. I have a form and I want anonymous users to be able to enter their name and email only once, and have that information automatically accessible on the next load for them.
In my Web.config I have anonymous ID setup like so:
Finally, due to my app being a Web App and not a Web Site, I am using the profiles via this custom object:
public class UserProfile : ProfileBase { public static UserProfile GetUserProfile(string username) { return Create(username) as UserProfile; } public static UserProfile GetUserProfile() { return Create(Membership.GetUser().UserName) as UserProfile; } [SettingsAllowAnonymous(true)] public string FullName { get { return base["FullName"] as string; } set { base["FullName"] = value; } } [SettingsAllowAnonymous(true)] public string BuildEmail { get { return base["BuildEmail"] as string; } set { base["BuildEvmail"] = value; } } }
This code is based off of this reference. The issue is that that code does not support anonymous users, or if it does I don't know how. I can't use the GetUserProfile() method with no parameters because if the user is anonymous, Membership.GetUser() is null. I could pass in the anonymous ID token into the first GetUserProfile(string username) method but I cant' find any way to get the anonymous ID token for the current user. Does anyone know how to get this information? Google doesn't seem to be returning useful results.
I am using windows authentication in my web application. All we need is when the application will be executed it will launch login.aspx page. If users put correct userid and password(checked from active server directory) it will be redirected to a difference page. But if any unauthenticated user tries to access any other page in the application by typing the Url on the address bar it will be again redirected to the login page. We have to do this by changing our web.config file.I can achieve this using form authentication but not windows. But our requirement is windows. The requirement is very basic but all effort is just not working.
I have a web site that is using Windows Integrated Security for authentication. Under the site in the IIS there is a virtual directory that inherits these security definitions. Assuming I have several pages under the virtual directory, is it possible to apply anonymous access on on 1 (one) of them?
I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:
[Code]....
I also tried using the LogonUser method to create a user token and backend the authentication that way, and it doesn't work either.
We have a weird issue found during setting up a new Windows 2003 Server with IIS6.0 & ASP.NET 2.0, our site is built using ASP.NET forms authentication with general authorization to deny access to all users & allow explicitly to static, home pages etc, -- web.config setting for forms auth looking as below:
I have a problem with using login controls form authentication ! as my website serves some pages for guest users(Anonymous user) and some pages are for only secure user(they must have to login for those requested pages)...... my problem is this that when i apply form authentication in web.config file to login control then visual studio directly shows only login page where i want that in general case only : guest user pages must be shown and if user clicks on login then after login the requested page he may open !
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
I am getting following error in the Test which is in the same Box but IIS requires Https to view the Page. I have change Web.Config to accept https. I was able to add the Service References without any problem but while call the method I get The HTTP request was forbidden with client authentication scheme 'Anonymous'. this error message. I am trying to use userNameAuthentication.
I'm trying to create a setup in my ASP.NET website that allows me to enable/disable logging while the application is running at any point. I figure some of you have already done such a thing.
So how would you set up the boolean value ShouldBeLogging to be able to be turned on/off while the website is running without getting any serious performance drawbacks(seeing how its going to be accessed frequently)? I was thinking about putting something in the web.config, but wouldn't a change to that kick my user sessions if i wanted to turn it on?
using c# I am entering two types of string in a text box for eg "so-123456" or "12345678" only this two formats are allowed to enter, when i enter only 12345678 i.e, without "so" next textbox in that page should be enabled, if i enter "SO-123456" textbox should be disabled. without any click event i.e, while entering text in 1st textbox if it contains "so" textbox2 should be disabled, if textbox1 contains only integer(123456) textbox2 should be enabled.
I am using template field in a Gridview. I have a button in that. I also have a method which returns bool. Now I want to disable the button in the gridview if my method returns true. And enable the button if my method retuns false.
I am rather new to MVC applications, and one thing I am trying to accomplish is enabling or disabling stylesheets based on a Session value.I have stylesheets referenced in my Site.Master page in this manner:
So if the 'cssRule' Session value is null, no CSS loads. Currently this is working fine, but it is not exactly what I am looking for. Right now I set the Session value in the Controller when the user logs in, but ultimately I need to set the value of theSession variable depending on if a user clicks the enable or disable button.