Security :: Create User Account For Web Authentication From Non-web/local Application?
Sep 12, 2010
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
I have a web application. This application needs to perform a search on folders located on 2 different machines. I can use impersonation for this. But -
a. I don't want to use network service account b. I want to impersonate just the search part of the code. c. Specifying encrypted user name / password in web.config is one option. But this would be the last option.
Can I use a custom service account for the application pool for this? If yes, then how to impersonate a specific part of code using this?
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
I need to create individual account for a big group of people (around 200) from an Excel spreadsheet. What is the best practice? It will take too much time to create account using web form. I think there must be a way to do it. I tried to use Stored procedures created by ASP.NET.
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I am looking for a code which does authentication using service account username and password. I mean username and password which has permission to access the active directory and then authenticate the actual username and password provided by end-user. Googled everywhere but could not find any suitable code.
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
How can I configure my web.config file so that my login page can serve domain users in a local group on the server? It's easier for us to modify members of the group on the server than having someone else do it on a domain group that we don't have access to.
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process(); p.EnableRaisingEvents = true; p.Exited += new EventHandler(p_Exited); p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath; p.StartInfo.WorkingDirectory = @"c:mydomain.comworking"; p.StartInfo.UseShellExecute = false; p.StartInfo.FileName = "pdflatex.exe"; p.Start(); p.WaitForExit();
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
On admin side how to create first secure admin account when there is no users/admin exists without manuall entry ?On any website how we can create Super admin account who will handle all the things? Except the entry in db manually. I c# or vb.net
I am setting up a website, and I want to set up a way for select people to be able to create an account. What I want to do is make a field for a security code, that when entered, will take them to the create new user page. I do not want just everyone to be able to set up a user account, as it would expose wholesale prices to the general public.
For example, Business X wants to set up a wholesale account. They contact the business owner, and when the owner verifies the business is legitimate, she can give them the security code to enter. Once the correct security code is entered, it will then take them to the account set up page.
I have VWDEE2008, and have used the Administer Website tool, and am familiar with using that.
I have developed a web application in which i manage details of different companies,,,for that i as admin add companies and their details in my database...right now my role is administrator in my web application
The problem is everytime i have to update company details and other information
I want companies to update their own information...
so how i can create a role and create usernames for companies so that they can login to their individual accounts and update the company information by themselves ?
One important thing of my requirement: One company can have multiple usernames accounts..
I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")
I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).
Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )
Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.
(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.
Is it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
i have an asp.net project in vs2010 i have a db and table inside the app_data folder, i have created a deployment package and have imported the package into an iis server that is installed on my local mechine. now i get this error message while trying to preform an insertion.
Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed the connection string is:
Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|survey.mdf;Integrated Security=True;User Instance=True
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.