Security :: How To Provide Credentials To A Web Service
Apr 12, 2010
have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
I'd like to use built-in IIS authentication with non-Windows accounts. There's this module that does that for basic authentication, but it in fact does both the authentication and credentials checking.The problem is I also need to support digest authentication and I could try to do it, but it would be a lot of hassle - I need to generate challenges ("nonces") securely, store them and check for replays, etc. - lots of things I can screw up and make determined attackers happy. So I'd prefer to reuse the digest authentication functionality in IIS, but use my own module for credentials validation. How can I do that?
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
My WCF Client calls my WCF Service which then calls ASMX Web Service. The problem is i have configured my wcf client and wcf service to windows credentials type but when wcf service calls asmx service the user credentials (default windowsidentity) is not passed to asmx service.
In WCF Service i am able to get user identity by using : Thread.CurrentPrincipal.Identity.Name; WCF Service - i have disabled anonymous access and enabled windows authentication. ASMX Web Service - i have disabled anonymous access and enabled windows authentication. WCF Service Config [Code]....
I am currently working on a project in which I am assigned to provide e-mail features to the users of our site. unlimited users can create there mail accounts dynamically with our servername say if the website address is www.xyz.com then the users of this site can create their mail boxes like firstname.lastname@example.org. My clients want to provide e-mail service like yahoo, gmail, aol, hotmail, rediffmail, zapakmail, etc...
I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only .
In my application I need to get Service status from differnt servers.I usedSystem.ServiceProcess class for implementation.Now,I got service status from my local machine. My current requirement is to get service status from different servers with credentials.Conside I host this webapplication in One server A. I need to get service status of ServerB,Server C. We can't install or copy any dll or exe in that server(Server B & Server C)<Webservicesalso we can't host in Server A &Server B >.But, we have credentials.I tried to pass credentials.But getting errors<authentication problems>. Please help me to do the same. Have any other solutions by dos net sat commands..
My scenario is this - I have two ASP.net websites. Both sites run on the same machine and I have implemented single sign on relatively simply using the default asp.net membership provider (Forms based authentication).I have a new WCF service on one site, which will be called from the other site. A user will be logged into the site, but the call to the service will be made from the codebehind following a postback.Can somebody point me in the right direction so that I can pass through the Forms based credentials of the logged in user to the WCF service on the other site? Presently it's passing the NETWORKSERVICE windows credentials.
I have a silverlight application that uses WCF service and i need to provide windows authentication using wcf.In order to achieve this i am trying to retrieve the client's credentials (windows credentials)inside wcf.
am developing website in that website no.of users are there every user contain related data, the data should be in xml files ,how to provide authentication every user by using xml files .how to write xml file names in web.config in sql we can use connectionstring ,in xml how we can write them give examples.
I have a custom security module which is retrieving the applicationName of the defalut Membership Provider. I am using this value for convenience only. I mean, sometimes, I will authenticate the user as per "Windows Authentication" where there is no Login Form, and yet, I need to access the "applicationName" of the membership provider.So, in some of my applications, I am not using a memberhsip, and I leave it empty. And I found out that if the <membership> is not defined in web.config, it will default to "AspNetSqlMembershipProvider" type "System.web.Security.SqlMembershipProvider".I can add an key in <appSettings>, but I like to using the applicationName of the default membership provider, becuase in other applications I am using Forms Authentication, with a custom membership provider.If try to setup a dummy memberyship provider, I will get error that the connection string is empty.How I can set the "applicationName" property in web.config if I am using "Windows" authentication, and I have no membership provider ?
I am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.
Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.