Way To Best Authenticate Users Using .net And SQL Server On A Web Site
Mar 25, 2011
I'm new to asp.net and SQL Server and I'm trying to research and implement a good way to authenticate a user using those technologies. Would you have any advice as to best approach this? I've read some of hashing but I couldn't find a good tutorial or website describing the best way to approach that
I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site. Right now once a user logs in it keeps them logged in for weeks at a time. The use of the application is being opened up to users who share computers that use logged in service accounts. I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.)
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.
I am working on an app where users are only allowed access if they click through from certain URLs. I.e. I need to authenticate by using the referral url and I am using Request.UrlReferrer to achieve this.
I am guessing that the Request.UrlReferrer can be tampered with by malicious users to gain access...
I have been asked to use the login control to authenticate users to use the website. I have a master page which has header pictures and a menu down the left. I have created a login form and configured my web.config file to use form authentication but when I run it, it does not show my master page just the content page. Should my login page not be a content page?
The behaviour I would like is for a user to be able to visit a custom built website and if they are already authenticated against sharepoint for the custom website to know who they are and give them various rights. If they are not recognised by sharepoint then I would like them to login to sharepoint and be directed back to the custom website. Sharepoint picks its users and groups up from Active Directory. I don't know much about the internals of the server, but the custom one will be in a separate domain (I think) though I have full control over the custom and moderate control over the SP infrastructure.
I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database using kerberos (so the NT user has permissions in the DB). This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any/much additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions for simple website config)
So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP.Net already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it.
I need to authenticate users based on three parameters such as username, password and officename instead of just username and password. User name is unique only across the single office and not across the application.
Can I achieve this using Membership class and if yes do I need to write any custom code for that?
I am trying to integrate authentication for a cloud-based application with an Active Directory forest behind my cilent's firewall.
I am a Python developer from the open-source world... needless to say, .NET is not my forte and I'm not familiar with authentication technologies provided by IIS/WIF/etc.
I have installed DotNetOpenAuth and gotten the sample MVC OpenID provider working with the included ReadOnlyXmlMembershipProvider.
I have scoured Google for a sample config/implementation or any documentation at all that describes the appropriate membership provider to use. The only thing I have found are hints - "It's included out of the box," or "create a .NET app that authenticates off of AD and expose OpenID."
How can I query off my client's AD? Is there a provider included with DNoA?
we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.
We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using
Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?
I've been using an asp 3.0 widget for this purpose , but it been broken for a while and rather than get it back up, I'd love o get a native asp.net solution, can any one point me in the right direction pleaseI once wrote some asp.net code to do this, but the permissions on the server, which I found to be common every where prevented asp.net native picture upload, perhaps i got it wrong, well now I wanna fix itI need the code to work in a shared hosting IIS 7 environment. I use vb.net, but can usually convert c# to vb.net
I am trying to develop a internal corporate portal that will be hosted external either on company leased decicated server or by hosting service like godaddy. The company portal is going to have links internal and external resources like Outlook Web Access and Sharepoint, Great Plains, our CRM software, etc, etc. I am basically creating intranet site for the company but the intranet is going to be hosted externally.
How do I authenticate user against the Active Directory, when the intranet site is hosted remotely?
I have an application that uses the ASPNET role provider.My SQL Server crashed so I took a backup of the database and restored it to a new SQL Server and changed the db connection string to that server.The web site runs but no users can login to the site.Is there something that I should have done when the db was on the other server?
I have looked and so far not been able to find the answer. When a user creates a new account i want the user to be automatically logged into the site as opposed to just being redirected to the log in page. I am able to create the users but am unsuccessful at finding logging them in.
i lunched an asp.net web-site. the main idea in the site is that:the site shows the same page, but on each next button the user clicks, the pictures in the site change randomly. im working with postback and sessions.
i noticed that when a few users try to log into my site - their sessions are merging. meaning, the first picture presented is diffrent but the second picture is the same for all the users, and so on... (moreover, pictures that appears in the begining appearing again even thow i don't allw it in my code)when i tried to debug the site locally, the random function works perfectly and there were no such problems. it haapens only when 2 users and more log into my site.
I want to find out if users have visited my site in the last couple of days. i did not put Google analytics so I was wondering if there are any logs of IIS which log if a user has visited or not?
I am creating an ASP.NET site, based on a single master page which creates the header and footer of the page. On each page there is a content placeholder where I want to allow certain users to manage in order to place their own content. On the site I am replacing, they are using sharepoint designer 2007 to connect to the site and edit the pages visually; now I just want them to edit the contentplaceholders content.
My problem is I can only see the anonymous template in sharepoint designer 2007, where I of course don't have any placeholders. If I could get it to show the loggedin template that would solve my issues, but if that's not possible, is there any other existing tool out there to do this with an ASP.NET site?
My fallback plan is to use the codebehind to fetch from an SQL table; they can create the content area in a WYSIWYG editor, and then I will build a tool for them to insert it to the database, but I don't like it as it complicates the process & I figure there must be an easier way.
I want to login my SQL Server by using SQL Server Authenticate but this i fail to do thatI have already configurate "sa" account and change to "windows and sql server authenticate" still not workingCan someone tell me or show me the tutorial how to properly configurate to using "sa" to login by "SQL Server Authenticate"?