I have made my web site into an application.
I have disabled annonymous, on IIS6
<authentication mode="Windows"/>
<identity impersonate="true"/>
in my webconfig
and i am using both
HttpContext.Current.User.Identity.Name
Request.LogonUserIdentity.Name.ToString
to retrive the username.
The problem is i am being prompted to logon, i don't want the user to have to login as this is an intranet.
I try to install IIS 7 on my Win 7, whenever I check . Net Extensibility . AsP .net under Application Development Feature and run http://localhost I get http error 500.24. An asp .net setting has been detected that does not apply in Integrated managed pipeLine mode
View 1 RepliesI am trying to export crystal report to pdf inĀ asp.net, though the code is working well on localhost but on server I get error
HTTP Error 500.23 - Internal Server ErrorAn ASP.Net setting detected that does not apply in Integrated managed pipeline mode.
The crystal report is showing abnormal behaviors.I am using a CrystalReportViewer on which i have set the CrystalReportSource1 using the viewer Tasks.
The code on page load is :-
cn.Open();
DataSet ds = new DataSet();
string sql = "select * from Test";
OleDbDataAdapter da = new OleDbDataAdapter(sql, cn);
da.Fill(ds);
[Code].....
During the troubleshooting i encountered another unusual issue, where i tried a new crystal report with just simple report. That simple crystal report is not showing data & the toolbar images are not rendered. I googled on this but didn't found conclusive thing.
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
what is integrated security in connection string in asp.net.
View 1 RepliesWhat's happening is when windows authentication/authorization fails the user get's a login prompt in IE6, IE7 and FireFox. Only when user clicks Cancel button in login prompt they are getting to 401 error page. What I am trying to achieve is to automatically redirect the user to a custom error page when getting 401 error instead of getting login prompt. Is this possible to suppress the login prompt in this scenario or is it this way by design?Here is my setup:I have windows integrated authentication configured in asp.net 2.0 web app.
[Code]....
In IIS I have website Directory Security configured to use Integrated Windows Authentication and disabled Anonymous Authentication
I've got Integrated Security up and running.Am I correct that when users initially access the site that they have to enter their user name & password? I was thinking that Integrated Security would allow the user to go directly to the site (it is an on intranet) without having to enter the un/password. My thought was that Integrated Security would eliminate the needs for the user to sign in once they've signed into Windows when they start up their machines.
View 2 Repliesi was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 RepliesIn my masterpage application i have "Integrated windows authentication" enabled and it works fine for Active Directory Users. but i have created some users in my aspnetdb and i want few users to login and use my application. But for created users in aspnetdb i can getting "windows login screen". means when users not on active directory try to access application instead of getting login page, they get windows auth login popup.
View 1 RepliesI've set up an ASP.NET MVC application for my company's Intranet that grabs the user's NT creds via System.Web.HttpContext.User and checks against its own database to perform authentication/authorization.This works just fine on my local machine, and I assume it will also work once deployed to the production server, but the development server is on a different domain than the users. While trying to test the app, Iget prompted for a username and password, which isn't supposed to happen. Worse, entering my login creds still doesn't work. I'm deploying a MVC 2 application to an IIS 6 server.The steps I read to take to get Integrated Windows Authentication to work included putting these lines in my Web.config file:
[Code]....
Then, on IIS in Directory Security uncheck the checkbox that allows anonymous authentication, and make certain that only Windows authentication is checked in the access methods section. I've done these things, but since I'm dealing with cross-domain authentication, it's dead in the water. I tried a Google search, and I'll continue with this, but I haven't found anything yet. I'm not incredibly savy when it comes to domain issues, so I might have seen a possible solution and not recognized it.
I'm not entirely sure if this is the right place to ask, but here goes.
I have a website that uses windows integrated authentication. This is great and the way i want it, BUT, i now have a single .aspx file in that site, that i would like anonymous access to.
I am running this on IIS 6 on a windows server 2003.
How do i go about doing this, if i even can do it? web.config, IIS console or do i need to make a new site for this one file alone?
I have an intranet set up with IIS and it is working fine with windows integrated autehntication. However I have some permissions set and when certain users do not have access they get prompted for their login and I don't want this. I want it to go straight to the access denied page.
I read that "In integrated Windows authentication, the browser tries to use the current user's credentials from a domain logon, and if this attempt is unsuccessful, the user is prompted to enter a user name and password. "
So I understand this is supposed to happen but I was wondering if there was anyway to not have it prompt for a username and password if the first attemp is unsuccessful.
My web application need to list the network share information. The return code is '5' after I call NetShareEnum[Netapi32.dll] in windows integrated authentication.
I found that currently I am using Kerberos protocol to authenticate the access users and the token is grenerated with [TokenImpersonationLevel.Impersonation].
Who know how to resolve this problem? Is there any way to get a token with [TokenImpersonationLevel.Delegation] in Kerberos? BTW, I am sure about that the access user has the Access privilege to list the network share in target server.
I have an existing ASP.NET application and there is a requirement in which i need to use ASP.NET MVC in that.
So altogether i need to mixing ASP.NET Webforms and ASP.NET MVC I am following an article [URL] I am done with all the steps. But its not working as expected.
[Code]....
When ever i add this to the web.config i am getting error. HTTP Error 500.22 - Internal Server Error An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode. ERROR CODE: 0x80070032 My OS is Vista Enterprise Edition.
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Repliesi got a web app where some users can upload to a folder images or files like pdfs.
Those users are authenticated by forms.
Well, in public areas, everyone can see those images and files.
I use for showing an httphandler, changing name, etc...
Id like to know if its possible set security like this:
- Folder with uploads, only with read permission for everyone that is not authenticated
- Folder with uploads, with write permission for authenticated users
Goal is that none can upload files if they are not autenticated and make the upload through the web form created for that.
have a website which as far as I know has the following timeout settings:1) In Web.config, FORM's authentication timeout="10"2) In Web.config, MEMBERSHIP's userIsOnlineTimeWindow="10"3) Assigned in Global.asax on Session_Start(): Session.Timeout =10;In the past I had problems because at least 1) and 3) weren't in sync, not sure about 2).
Do these 3 have to be in sync and if so, is there a way to set the timeout once and to have it applied to all 3? I deploy my website to many clients and each may want a different timeout, so I'm looking for a dynamic method to set this, perhaps after loading the timeout period from the db or settings file.
Not sure if this falls under security but I figured since its about logging in it might. Anyway. I would like to know if my approach is good. I have set up a login, the Login method is under the User Class which uses validation to my own database (not ASPNETDB). I would also like to set values to that user to use on each page such as a simple label on the home page that says "Hello [UserName]". Code is below, should I separate the User values into a different class? Also once i go to another page (called Home.aspx) I would like to set an ASP Panel to have the username in it. I created a new instance of the User class in Home.aspx but unsure what I would need to go to get this to work. Should I have some LoadUser method after a successful login?
View 1 RepliesAfter a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the ASP.net configuration tool that denies them access but the default setting allows them in. How do I go about this?
View 1 RepliesI just launched my application to the production environment. I have a section on my website that is only accessed by users in the role administrator. (Here is the code:
[Code]....
It does fine on the development application. But on the production app the function is not working. I checked the database and everything is the same. What should I do?
Here is my code in the web.config
<
authorization
>
<
allow
roles="Administrator"
/>
</
authorization
>
<
roleManager
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
defaultProvider="SqlProvider"
Computergyrl
>
I am working on a scenario where I need to combine three applications into one (Project Requirement). I link the three applications on a web page and which ever link is clicked, I redirect it to that page.
My application sturcture looks as below
MainPage
- Folder1 with App1 (uses Active Directory group for authentication)
- SubPages
- Folder2 with App2 (Uses Membership roles and users)
- SubPages
- Folder3 with App3 (Uses Other logins for oracle database)
- SubPages
Is it possible to provide authorization only for my App2 based on the role created in membership.
For eg: There is user1 with role1 and user2 with role2 but i need to allow only user1 with role1.
When I was checking this scenario in the ASP.NET configuration settings to modify, it has the allow all permisions which is disabled to modify and it is given that Rules that appear dimmed are inherited from the parent and cannot be changed at this level.
I have some pages that need user to sign in. If not, I need to redirect user to signin page. I know this can be done by using some code like"<system.web><authorization><deny users="?"/></authorization></system.web>" in web.config.
But can I just write some code to do the same function?
like in page load method, I can check whether user is sign in, if user is not signed in yet, how can I redirect user to the login page by using code? and how can I stop sending the content of the page to user?
I've been using the following:
[Code]....
The error that I'm getting in Visual Studio is "Overload resolution failed because no accessible 'GetUser' accepts this number of arguments". I don't understand why it's not working.