I have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domainuser" ... but when the page is hosted on a IIS server, the returned value is always blank.
I am currently developing a web site for our Student Council so members can check in and view the work they've done, sign up for tasks, etc. They will authenticate using their username provided by the school district's AD servers. How can I make it so that only their data shows up when they use their username?
Authentication method:
[Code]....
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
I have an asp.net application which was working fine with the AppPool Identity set to Netwrok Service or Local System or Local Service. But If I change the app pool identity to a domain account (I am using my account itself) I am unable to access the application from any other machine except the web server.I am using Windows Integrated Authentication.I tried resetting IIS, Restart W3SVC, aspnet_regiis -ga . But no luck.
View 5 RepliesI have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
I have inserted a login page using createuserwizard. but RequiredFieldValidator and CompareValidator does not perform at all and even all textboxes are blank, page is submitted and a record created in database
View 3 Repliesis there a way i could find out how to get all the users in a group on my domain, i have a domain called "cot", within that domain we have multiple groups like "RO,Admin,PM,SPM and 2 or 3 more", i need to get all the users in a particular group, i am using vs2008 and coding on webforms with c#, i have tried various example i could find online but none have worked for me so far.
View 3 RepliesI have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
i would like to be able to do is to, lets say i have 10 users running a web application , how can i get the names of all these users. There names , logon times and any other info availabel.
i would like to get this data into a dataset and just bind to a gridview .
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
I am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.
View 3 RepliesIs there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
View 2 RepliesWe have an IIS/ASP web page from a vendor that we have just dropped onto a webserver within our company. The ASP pages do not come with any sort of authentication built in, so I am trying to configure the site to prompt for credentials before being accessible. I would like the site to prompt for the credentials in all cases (ie. I don't want Internet Explorer to pass through the credentials of the logged in user). I want authorization to this site to be allowed only to members of a certain security group with Active Directory.
Is there a way to do this? I'm not really an IIS guy, nor an ASP developer, so I'm kind of feeling my way through the dark here.
Based on some searching, I have tried adding the following to the web.config file:
[Code]....
I have also installed the IIS URL authorization role service, and have tried playing around with the authentication settings within IIS, to no avail.
I am using IIS7 on Server 2008.
I need to perform a validation to check whether a TextBox value is empty on Dropown list selected Index change using validation controls in asp.net
View 1 RepliesI'm trying to write a simple login page, that will allow my users to login to my site using their Active Directory credentials (using their username / password we give them through AD).
I want to do 2 things with the login:
1. I want to check the username / password against our AD and verify the person is a valid user within the directory.
2. I also want to store the entry within a global variable so when the user fills out one of the forms within the site it can Insert the data into a SQL table i have running.
** we are using this site to do Setup Change Request Forms / Termination forms etc. and I just want to verify the person signing off on the form is the person logged into the machine -- use it as an "electronic signature per say".
I'm using a vb.net 2.0 approach - as i only have access to visual studio 2005 and i'm more of a vb programmer then a c#.
If anyone has any examples or can walk me through how to go about writing out this page that would be great.
When sending email using MailClient, is it possible to have the .From property be for an email of a different domain than the credentials passed to the SMTP server? E.g., my credentials passed in are @mydomain.com, but the .From email is @anotherdomain.com. Or, must they be the same?
View 1 Replies[Code]....
View 4 RepliesI have a requirement that whenever a user logs onto a website using forms based authentication [FBA] that the site checks whether they have a related domain NT user record. There will be a matching lookup table between the ASPNETDB membership database and related domain accounts for users.Whenever an FBA user logs in and a related domain account is located then the member should be redirected to an alternative site / URL which is Windows NT authenticated rather than FBA. Before transferring them I would like to be able to pre authenticate them on the windows domain rather than an additional NT Login dialog box coming up and asking them to enter the related NT credentials.Is it possible to programatically preauthenticate using NT credentials before redirecting a user to an NT authenticated site?Note: This isn't technically a single sign on style scenario. The FBA / NT authenticated sites are not related other than the relationship between the original FBA credentials and the NT credentials lookup.
View 1 Replieswe have two identical websites. One located at apac.ourdomain.com and the other at eu.ourdomain.com. The only differences about these websites are one is hosted in Australia, and the other is in London. The databases they backed onto have identical schema, except one is in Australia, and the other is in London, each storing data related to our partners in the region.
What we want to do is implement some form of centralise landing page @ www.ourdomain.com using forms authentication. Once a partner logs on to www.ourdomain.com, we will redirect them to either the apac or the eu server. My challenge is how do I transfer the user credentials from the landing site to the regional site? By Credentials, I mean everything from their username to their roles / permissions. And once a user is redirected to the regional site, how do i get them back to the landing site should they required to modify their details?
I know I will need to have a centralised user details db for the landing site, but it is the communication to and from the regional site afterward that I'm uncertain about.
I have a site where users can register an account. To do this they have to enter various details about themselves (Name, DOB, Email Address, Password, Username etc..).
However, I would like them to just have to enter their Facebook username/password, and have all this information pulled from their Facebook user account.
How is this possible using ASP.NET 2.0?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 RepliesI want to use the Domain Users group to show all the users in a dropdown box. For some or other reason I cannot return all the users when looking for everyone under the domain so instead I was thinking of using the domain users group.This is part of my code:
[Code]....
[Code]....
I am trying to build a login page as follows.On the machine on which i want to host the application i have a windows administrators group in which some windows domain users are.Now on building the login page i only want those people to access the application on login. What is the best way to acomplish this.
View 1 Replies