I always read that basic authentication is unsecure. Still on the apache tomcat doc https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html it is described how to login using basic auth. Is there another way to implement the login to the manager?
You can use other methods for authentication with tomcat manager.
Example here: Tomcat Manager - Active Directory Authentication
I also remember doing this once using Waffle. Discussed here for instance: https://code.dblock.org/2010/11/30/waffle-configuring-tomcats-manager-application.html
Related
I need to set up my .Net 5 web app so that it can connect to a SAML 2.0 login server at this internal site: [login.antares.eng.edu].
I am using this library to help me: https://www.itfoxtec.com/IdentitySaml2
I followed the directions on that site and added the required code to my Startup.cs and added an AuthController.cs controller,
but now I am unsure of how to proceed next.
To try and educate myself on how to work with SAML, I loaded up a website at
[starmaps.cosmos.n.edu] that I know uses the same SAML 2.0 login server that I need to use [login.antares.eng.edu].
When I first load the website, starmaps.cosmos.n.edu, it automatically goes to the SAML server at: login.antares.eng.edu
Using the browser developer tools, I can see the following is being sent:
https://login.antares.eng.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=aZZAbsIwEEV%2FJwI%2BcUh5pWQgUVBVJNpGhHbRTWWcASwltuaZ9PH3dYBWdNOVrdHc11NnPEbZ1E4MWjqYNby3gBQsFxP2msut2g3VVZzK4SDu96GK81F6He%2F6w1GeVpm82gKLnsGjtmbCsiRl0RKxhaVBkoZCKc2yuNeLs3zTuxaDXKSjJO2%2FsGgRHtFG0lF4IHIoOHcS0VlPidNECVQt15XjztudroGXs%2FtVxtdQaQ%2BKeFk%2BsujWegVH8AnbyRqhAyiCjX6H30rhLVll6xttKm32E9Z6I6xEjcLIBlCQEp25CAHE9tSE4m6zKeLisdywaIYIvkOdW4NtA74E%2F64VPK1XF%2FAd88EiQZU4aawjmyjb8YT0D%2BcekHesfRT52iQS3SeLPpvaoDhu4H6wd02BpuOuWxwH7S%2F0%2F4vlTwY1LQLpmWrML3xOxk21BPFyUdhaq69oVtf2Y%2B5RRhgo%2BTbMk09Psr9fZvoN&RelayState=https%3A%2F%2Fstarmaps.cosmos.n.edu%2FMapperRun%2FPages%2FMain.aspx
I am not exactly sure what is going on, but I need my web app to do the same.
How can I get my web app using the ITfoxtec library to do this?
Thanks!
You need to decorate the controller or action with the [Authorize] attribute to require authentication and automatically start the login sequence.
Like this in the sample:
https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Controllers/HomeController.cs#L15
Alternatively, you can add this requirement generally in Startup.cs/Program.cs.
I'm creating a very simple forums application.
My current problem is i want the user to be prompted with a setup page (what they'll use to set initial settings such as MySQL credentials) if the website has yet to be setup. When they attempt to go to website.com/login, it should redirect them to website.com/setup until the setup is fully finished.
Should i just use an interceptor for this, or is there an alternative? Also, if i use an interceptor, is it possible to "unregister" it when the website has been fully setup?
I have an ASP.Net side that right now works with Forms Authentication. I'm implementing several Rest webservices with Web API and, in order to use them outside the browser context (e.g. a console app) it feels like I'll need Basic Authentication (refer to http://www.asp.net/web-api/overview/security/forms-authentication)
However, when I try to enable both Forms and Basic Authentication at the same time in IIS, IIS Manager tells me the following: "Challenge-based and login redirect-based authentication cannot be used simultaneously".
What should I do and how can I enable Basic Authentication so I can use Web API services outside a browser context?
Thank you.
Check this post which solves your issue http://kevin-junghans.blogspot.com/2013/02/mixing-forms-authentication-basic.html
While using Windows Organizational authentication in the ASP.net MVC project, I am unable to access the /Manager portion of PirahnaCMS. Whenever I attempt to login, it just redirects back to the login page. Is there a solution to this problem, or a workaround?
Someone asked this question, but no one posted a solution: How to get to Dashboard
Best Regards,
Saad
The Piranha CMS manager uses forms authentication. If you've configured another form of authentication in your main web.config the manager login won't work. In the upcoming version (2.3.0) the authentication mechanism will be replaceable, but in the current version the manager needs forms authentication.
You have two possible solutions:
1) Try configure the manager area to use Forms authentication by adding a separate web.config to this area.
2) Set the "front-application" to run in passive mode, i.e. disable the manager. Add a different web without the front-end and just the manager pointing to the same database.
Regards
HÃ¥kan
I would like to apply a basic 2nd level of security by adding some form of web folder password protection, so that we only allow users with the global username and password to be able to access the logon page, where we are using forms based authentication.
I am not sure whether this is done from the IIS Manager (Windows 7) or by editing a web.config file ?
If you google for "Forms Authentication IIS", first item returned is this:
http://msdn.microsoft.com/en-us/library/ff647070.aspx
This does a good cover of the issue.
If you need to apply that to a particular folder, use location and authorization in web.config as below:
http://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.100).aspx
I have been in the same situation. Given that you can't enable forms authentication and basic/windows authentication at the same time in IIS we ended up using Helicon Ape and .htaccess files for the digest based authentication and configured the web app itself to use forms authentication. It works well so far. We needed this because of client requirements. I wouldn't really recommend this in practice. It's fairly annoying for users having to log in twice.