we have multiple local IIS (asp.net) websites in our local server that can access via static IP from Internet. Each website has own authentication for itself(forms authentication).
We need a master website that our static IP redirect to it, and after authentication(forms) can access to another sites by link(after second authentication for each site that opened).
I tried virtual directory and got error for WEBCONFIG, after that use applications under master website, also got error because of multiple authentication(without master authentication works perfectly).
Is there a way to have multi form authentication for that?
Thank a lot.
We use firewall accounting for it. When an IP receive by firewall, redirect to a login page that use AD for authenticating.
Related
I have a web application that uses SimpleSAMLphp for single sign on using ADFS to authenticate users inside a company.
When a user needs to access the web app from within the company (under the federation server domain), it is automatically authenticated and redirected to his main dashboard inside the web app. So till now, all works very good and the user is correctly bypassed the web app main Login page when he is in the company.
I'm facing a problem: when a user needs to access the web app from outside the company (not under the federation server domain), I need to automatically redirect him to the main Login page of the web app (to enter his username and password), and not to the federation service URL. Because if he tries to access the web app from outside the company, he receives an error (page cannot be displayed or not found) after the SimpleSAMLphp redirects him to the federation service URL which is not publicly accessible.
Maybe I'm missing some simpleSAMLphp configuration or others.
Can any one help me out in this issue.
Thanks in advance.
It doesn't seems as SSP issue, however more information would be appreciated.
Is your internal web app user is trying to access publicly hosted to internet?
From what you describe, it seems that your site is internal site and won't be available outside of your network. You would need some kind of VPN access to be able to view it from outside of company network/building.
I have ELMAH setup on an ASP.NET site and I would like to use the elmah-loganalyzer on it remotely, while still keeping ELMAH secure from prying eyes. Basically, I want to be able to search the logs from home in an emergency without busting out the work-laptop and using the super-slow VPN.
I know I can secure ELMAH using forms authentication and/or IP addresses via the web.config as addressed elsewhere. The problem is that the elmah-loganalyzer can't login with forms authentication (that I know of) and I would want to check it from a dynamic IP address, so those options are out. The elmah-loganalyzer can login as a Windows user, but the website is not using that form of authentication.
Does anyone know of another way to secure ELMAH that the loganalyzer can use, or a way to secure just this one section of the site with Windows Authentication?
Just use it to connect directly to the database. Forms and Windows auth are used for protecting the web-based handler but the log analyser can connect directly to the DB (obviously with the appropriate credentials).
I have an ASP.NET web forms application that requires that requires that a user log in.
I have had the application running on a live server with an IP address pointing at it, to allow external customers to test it. e.g. http://1.2.3.4/application
Last week the customers decided that they were happy to switch their users to my application, and asked us to switch the existing URL across to it e.g. http://www.applicationurl.com
As soon as we did this, the login page stopped working:
- if you log in with an incorrect username or password, it correctly tells you that you have made a mistake
- if you log in with a correct username and password, no error message displays, but instead of redirecting to the next page, the user is redirected back to the login page
Just to be clear, no changes were made to the application - it is still running on the same server with the same config settings. If I log on using either the internal or external IP address then the application works fine - once logged on I am redirected to the default page; it is only when using the external URL that I keep getting redirected back to the login page. The .css and images all load correctly for the login page.
This is .NET 3.5 running on IIS7 on Windows Server 2003.
Could you check web.config file's forms Element for authentication:
Check the path attiribute. is it "/".
Check the domain (if set).
On consultation with our IT team, I learned that the company that supplies us with DNS names was proxying the calls to our web server. When we switched the domain name to directly calling our IP address, the issue was resolved. I guess the proxy must have been modifying the HTTP calls or blocking cookies or something.
The way to check whether this is happening is to ping your domain - in our case, it was returning the IP address and domain name of our DNS supplier rather than the IP address of our web server.
More specifically, I am writing a web request handler that forks requests to different processing pages for separate, distinct ASP.NET web applications. Specifically, this handler's purpose is for handling Paypal's Instant Payment Notifications.
I'd like to know how I can expose those custom processing pages to localhost only, so that my forking handler's POSTS will go through, but remote machines cannot post to those pages directly.
IIS can be configured to only allow certain IP addresses to access a site. These settings can be found on the directory security tab for the site (IIS6) or in the IP address and domain restrictions option (IIS7). You can restrict this to local requests only be specifying the only allowed address to be 127.0.0.1
In IIS Manager, in the Bindings action panel for the site you only want to allow local access to, change the IP address to be 127.0.0.1.
For more than one application, set up several aliases in your Windows hosts file (system32\drivers\etc\hosts) for 127.0.0.1. Back on the Bindings action panel, set the hostname for each site to be one of those aliases, and use that alias in your GETs or POSTs from the other sites, such as httpx://mylocalsite/default.aspx.
If you can't isolate an entire site, then you can write an HttpModule, and in the BeginRequest event, throw an error if Request.IsLocal isn't true for the pages you're concerned about.
Well, i do not know how to do it in IIS, but your pages can check
Request.IsLocal
What is the best way to authorize access to sections of the external facing website based on internal(inside company network) or external(web) user.
Is IP Address sniffing the only way(dont really like it. :S). Can we use Active Directory to check for internal users at the same time not affecting web users?.
The website does not need authentication(we dont have a login screen).
(ASP.Net MVC3, .Net 4.0)
I'd suggest you think of it as two separate websites - an internal intranet and an external site. This gives you more flexibility in deployment, and reduces the risk that a problem on one site will affect the other. If you deploy your internal site to a server without an external IP then it will by default be restricted to only those users within your network.
Without using a login, then IP address detection is the easiest, but not foolproof way of achieving what you ask.
You could also deny anonymous access but allow integrated auth to the internal sections. That would mean only folks authenticated to your domain could access the site. anyone else would be denied & you wouldn't need to add any sort of login to the app.
Simon