I need to secure access to all pages in a .NET webapp - EXCEPT requests from:
local network (the network IIS is running on) IPs listed/netmasks listed in a database all other requesets should be redirected to a login form I was thinking in the direction of a HttpModule - but never wrote one.
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
which i added one sitemap in whcih i added all the pages n i want to retrive that sitemap in masterpage based on login in whcih suppose admin hs login then display only admin pages with sitemap n if normal user hs login then it ll display only normal user pages with sitemap. here i didn't use login control but i create login page manually.
View 1 RepliesWe have created a windows application which is distributed amongst our clients. The application uses SQL Server 2008 as the back end and each client uses their own database on their own server. The databases are all exactly the same but each clients data is specific only to them.
We would like to offer our clients the ability to log-in to our website which would then login to their own database so that when they are out in the field they can perform similar tasks to what they can do with the windows app.Each of the clients databases has a user table containing their login details, permissions etc.
Our server is running on IIS and has SQL Server 2008 installed but it only contains our data and nothing of the clients.How should we go about this?
What I mean is do we need to make each client have an additional login to our main server which would then hold each clients individual connection strings etc which would then be used to connect to there specific database and then they would need to login again?? Seems like a nightmare for the user.
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
I'm working on a project that requires an in process web server to run the web based UI. The best option I have come across is CassiniDev
EDIT: did some tests and noticed that issue isn't synchronous way of processing requests, it has to do with tcp-connects. fiddler shows 1 second as the tcp-connect time.
These are the main criteria: must be in process, or at least usable without any installation.must be able to process request
asynchronously.distributable for free with an open-source project.I will also accept a patch to fix CassiniDev as an answer ;)
i am using asp.net membership. when users arrive at my sight they can enter user name and password.
I then want to redirect them to a page called "MyAccountPage.aspx" which is unique to them. could someone post the c sharp code that I can use to capture the Unique Id of the user is it best to then pass this as a parameter to a control on the aspx page that displays data for that user. am I correct in thinking that I need a UserId column in my data table as well.
I set the impersonation to true in web config. First time accessing the page, it implements the impersonation to access Sql sERVer. However the second request and so on to page, it does not implement impersonation, rather it uses NT AUTHORITYIUSR user account.
I need to impersonate based on the user login all the time.. How can I achieve this?
Which of the following answer is true and why?
Question: Which type of .Net application can be used to automate tasks and does not require a user to login?
a. Windows Form
b. Windows service
c. XML Web Service
d. Net remoting object
I have a zealous network administrator who insists that we must use https on an intranet web application in order to safeguard user's credentials. The app is an asp.net web app that uses Windows Authentication to automatically identify users and log them in. There is no login dialog and user's never enter their login or password. The application does not process any confidential data, and the only rationale for requiring https is to "safeguard" users credentials. Additionally he stated that ntlm can be easily hacked.I responded with some information from an MS white paper on Windows Authentication that said it was the recommended way of authenticating users, and that user's credentials were safe because their passwords are not transmitted across the network when the application authenticates them since it sends a hash of the password.
View 1 RepliesReposting my unanswered in technet.microsoft question?
MSDN "ASP.NET Delegation" article tells:
1) "When you configure to use a particular account as the process identity, ASP.NET attempts to delegate that account. If it is a local account that is identical (including password) to a local account on a remote machine, delegation is possible. If such an account does not exist on the remote machine, to the network it appears as the Windows anonymous account (NT AUTHORITYANONYMOUS LOGON). In addition, delegation is also possible if the account is a domain account that has access to the remote machine, in which case it uses the domain network identity of that account."
The same frequently repeated story as in case of manually/interactively accessing remote computer (server resource) in workgroup - it is necessary to create local account with the same username, the same password. But why?
If a workgroup Windows client process cannot access resources on server machine without having duplicate of such (local) account on target machine already pre-created,does it mean that client (process, machine, or user) can access server resources only by/after having logged (opening logon session) into server machine? Or, how to understand that such access is impossible without having corresponding duplicate local account on server machine?
The same MSDN "ASP.NET Delegation" article tells:
"NetworkService account. It behaves the same as the System account. This account possesses the network credentials associated with the machine account (domainnamemachinename) in the domain of which it is a member"
Does not any Windows have accounts ((NT AUTHORITYNETWORK SERVICE)? as well as many other common pre-built accounts? Why are they installed (before any joining to domain) but cannot be used for remote network access and client identification ? And what is identity used when the process from workgroup Windows under identity ((NT AUTHORITYNETWORK SERVICE) accesses a remote server?
My related questions:
domained LocalSystem vs. non-domained LocalSystem account in Windows-es ? how to check group membership of an "NT AUTHORITY" account ? Is client LocalSystem (SYSTEM) identified by target/server machine? and in which context? Window workgroup LocalSystem vs. domain (AD) LocalSystem [closed]how to better set up machine for development both in workgroup and Windows domain? [closed] interoperating with Windows domain computer from workrgroup Windows [closed] the context of local user of AD-joined machine? Is it of domain machine account or of local machine account? RunAs under domain account from non-AD Windows [closed] how to better set up machine for development both in workgroup and Windows domain? [closed] how to share the same domain machine account with multi-boot workgroup Windows setup?
After reading a book I brought on ASP.net I fould the login controls to be very nice.I have set it up in my application so that customers can login using the standaard login controls and things were going smooth.But in my schema for my application I also have a table for customers (firstName, LastName, DOB, etc).And of course the customersID is used as a foreign key to tables such as Orders, Addresses (Home, Work, Postal).
The thing is how to i associate an asp.net login to a customer name in my table so that the CustomerID can be used through the application by knowing who is logged in.
how to make login control allow users to login by either username or email address
View 1 Repliesi m currently creating an article module, and i want if user wana comment on to the any particular artical, than he should login any of his mail id like gmail, yahoo hotmail etc and than post his or her comment and after than comment should go into the DB.
View 3 Repliesi doing on a 3 tier project a that required a login page, Im not sure how the flow go for the 3 tier...This is my BLL
[Code]....
This is my DAL
[Code]....
And lastly here is the aspx page
[Code]....
When i try to insert my NRIC and password, it's like not passing through the statement, it just say login sucessfully eventhough i put the wrong NRIC/Password/Not valid..
I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
View 2 RepliesI've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?
A Login.aspx has been created to enforce security on several forms of a web site.How can it be best called by each form at page load and return to that form after succesful login? How could that requirement be declared in web.config?
View 3 RepliesI am using Membership with Login control.
It worked just fine untill this week, but now it fails to login.
the odd think is that it do login from localhost, but when trying to login through the profuction site it fails to login. this is happens to all users.
Let's say I have 2 computers and has internet connections. let's say in computer 1 I visit the my page and i log-in as User1 and I go now to computer 2 and i do the same thing in computer 1. All i want to do is to kill the session in computer 1 because i log-in in computer 2.
how to do that in asp.net?
I'm new to ASP.NET. I have a custom login form on my web with login and password fields and OK button. I use my own MembershipProvider to authenticate user. The login control form is in the upper right corner of page and if user is successfully authenticated, I need to display his name and html link "Logout", instead of it.
How can I get programatically user status and use it in condition for displaying login form/login status?
I have built a login form that does not use the asp.net 'login' control.
in my code behind i have this:
[Code]....
but this does not seem to maintain my user loged in... as soon as the user navigates to the next page he is loged out again...
[Code]....
the page on submit will try to check the credentials on database instead of my web.config like i need. How to achieve that.
While i was using asp.net2.0 login control on IIS6.0 (WINDOWS SERVER2003) ON INTRANET FOR Login it shows login failed even it was working right on asp.net development server. i was using asp.net membership provider for this
View 2 Replies