Each user of my asp.net forms app logs into a PC with their Active Directory credentials.
How could the ASP.NET forms app get the user name and the email address currently logged into the PC?
There is no guaranteed way to find out which user they are logged into their computer with. However, you can:
Enable Windows Authentication so they need to authenticate with your website with an AD account
Add your website to the Trusted Sites in the Internet Options on their computer (this can be done in group policy) so that IE and Chrome will automatically send the credentials of the currently-logged-on user account. (Firefox uses its own network.negotiate-auth.delegation-uris setting)
If you skip step 2, then the user will be prompted for credentials. If the credentials sent in step 2 fail for whatever reason (for example, they are logged in with a local account instead of a domain account), the user will be prompted for credentials. Then they can type in whatever AD account they want, which may not be the same as what they are logged into their computer with. That's why I say that there is no 100% guaranteed way to know what account they are logged into their computer with.
If only some of your users have AD accounts, and some don't, then you can use split Forms and Windows authentication. I've done this before and described how I did it in a past answer.
Get User Name with HttpContext.Current.Request.LogonUserIdentity than Query to AD to get Email check How to get a user's e-mail address from Active Directory?
Related
I am trying to get details of a AD user that logged in a directory pc. I mean that when a user logged in a pc (in AD) by his account and then open a site that's working on intranet, i'll automatically detect his account name, sAMAccountName etc.
Is that possible or i've gotta use an agent or something installed before?
I'm confused about it. I don't want to make a log-in screen for it if possible ofc.
Thanks in advice!
I want to use the Windows Live Id Authenticaiton in my Asp.Net/MVC web application, but I do not want to use the Login screen provided by Microsoft.
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
Is this possible?
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
You missed the point of single sign-on authentication. Using that, the user does not provide their credentials to your site, but to the SSO provider. That provider gives you a token which lets you act on behalf of the authenticated user.
The user's credentials are never received by your site.
So no, you cannot, nor should you want to, do this.
I am creating an asp.net web application with "Remember Me" option during Login and it has an Edit Profile module where users can change their passwords. Here is the scenario.
I logged into the website from Machine A clicking "Remember Me". So I am logged in and since a persistent cookie is created I dont need to login the next time
until my forms authentication times out.
I logged into the website from Machine B using the same account details I used above and from this machine, I changed my password. In this case How can I make the user in Machine A to login again? (Since my credentials have changed). The same scenario can happen if someone gets any user's credential and uses the application.
Thanks
You have to save the last credentials modification date in your database.
When a user try to consult a page of your website, you have to check the date specified in the cookie.
You can also make an AJAX system that verify each minute if any changes are done and, in that case, verify the validity of the credentials.
If the latest date is the "last credentials modification", then delete the cookie and ask the user to log by himself.
I have used used the Intranet template to create my site and I have set up some AD users and groups. I have configured Internet Explorer to add the site to the local intranet so that I log-in automatically. When I have an Authorize attribute set to specific Users, the user is logged in automatically. But I when use roles such as [Authorize(Roles = "MyADGroup")], the user is not logged in automatically, he needs to enter the password again and then he is logged in.
I cannot understand why this would not work with single sign on. Do I need to add some other configuration to enable this?
Turns out ... I just needed a machine restart. Something was being cached somewhere
Is it possible to give a user an email address on the local machine when they signup for an account with asp net forms authentication.
So say bob signs up on the website "foo.com" can i give him an email address like "bob#foo.com".
The account will only be accessed by the program and does not need a GUI.
If a user provides their unique name and password when signing, you can use the API for whatever mail server software you are running to create an email account for them.
ActiveX and Admin rights have nothing to do with this process.