I have a Website written in Asp.Net MVC.
I have been getting strange requests to my website which I think is a Hacking attempt but I'm clueless at what is being tried.
The requests are like this, but vary in length.
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FMemberInfo%2525252525252FDaddyPat
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FMemberInfo%2525252525252FCumberdum
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FOrgInfo%2525252525252FCGG
I'm not supporting normal login with name and password but only showing a button which allows you to login with steam using the openid.
When I open the link myself it just takes me to the login page and does nothing. Is the bot just stopping as I do not have a Name and Password input boxes?
Related
I'm trying to create an application that mixes windows authentication with forms authentication. The idea is simple: whenever the browser is able to use NTLM and the user has permissions, then he should be automatically logged in. When that doesn't happen, the user must be redirected to a page that shows a login form. I've found an old article (http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication/) and I've also found a sample online (https://github.com/patuww/P2000DemonstrationProjects/tree/master/MultiAuthExample) which should be able to solve my problem.
Unfortunately, it's not working and I was wondering if there's any more info about this.
Thanks.
Luis
We have third party applications I need to link from my application. Where for those third part web sites I have user name and password with us (They are public websites). When the user click on those links we need to prefill user name and password and submit the form. Like single sign on kind of experience for the user. Is anyone tried doing this how we can do it. We need to open the web page with in Iframe or with in DEV ?
ASP.NET, Jquery and Java Script our platform.
I ended up getting the login page into my project and towards the end with jquery I posted the form filling the the user name and password. Not good solution but it works well
I have to create a simple ASP login page. We're not using Windows authentication or anything like that. The project is a conversion from a legacy VB6 program. Login accounts and passwords are stored in a SQL table, not the way to do it, but it is what it is. I can call the old login functions and redirect the window based on the return values.
Is there a decent-looking login form out there I could use? I tried the login control in the toolbox, but that thing seems to be married to Windows authentication.
I really just need an empty control that looks good. Any ideas?
Thanks,
Jason
Google for "Login Templates".. artfans.info/login-page-template-tag-style – Nikhil Bhandari
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx
I am trying to figure out how to implement an ASP.NET page with Windows Authentication without getting that annoying IIS login box.
I currently have 3 domains in my network so all the people logging in would have to prefix their user names with the domain. This is not user friendly. I would like to have a custom login page that would have a domain combo box.
Most examples I found implement this using Form security, however I need Windows Authentication since I want to connect to the SQL server using Integrated Authentication rather than a hard coded user name and password.
Does anyone know of a good article or sample code that shows how to implement this?
The following links to an article that explains how to authenticate a windows user using forms authentication, it uses a call to the native win32 api function LogonUser to acheive this. This way you can design your own custom login page with a drop down list to select a domain. Take a look, perhaps it will help.
Windows Authentication using Form Authentication
To get this setup so you don't have the authentication prompt, you are going to need to have the domains trust the accounts from one another. This article should get you pointed in the right direction:
http://technet.microsoft.com/en-us/library/cc787646%28WS.10%29.aspx