I have set up Symfony with LDAP authentication and it works just fine.
Since people are logged in on their computers with just the same credentials, I'm wondering if there's a way to pass those credentials through to Symfony so that the user doesnt have to log in manually anymore.
Hopefully, someone can help me out. :)
Thanks in advance
What you want to do is called SingleSignOn or SSO. It usually uses something like Kerberos which in turn can use LDAP as backend to store the passwords and the user-informations.
But it usually requires specifically adapted WebServers and Browsers to work out as expected. If you are working in a plain Windows-Environment with IE as Browser and IIS as Webserver it might be easier to implement than in a mixed environment.
I'd suggest you ask your favourite search-engine for SSO or Kerberos and I'm sure you'll find some solutions. I've done a quick search myself which turned up this:
Kerberos authentication with Symfony2
http://share.ez.no/forums/general/automatic-user-logon-sso-with-active-directory-ldap-ntlm
Authentication into Symfony 2.0 from an external System
Related
I have a demo site that requires a simple login security similar to basic authenication. When a url is entered, a login popups and prompts for username/password. Unfortunately, basic authentication is not available in Azure. Something that requires very little code and I can just store my username/password in the webconfig.
First, basic authentication is always customizable, it doesn't necessary mean that Windows accounts are used. You can pretty much plug your custom membership provider here, as I've blogged once:
http://www.wiktorzychla.com/2013/11/basic-authentication-module-with-custom.html
Second, using forms authentication with a custom membership provider is always a simple option. In your provider, passwords can be read from anywhere.
I am hoping this will be a simple question. I am using IIS 7.5 / Visual Web Dev 2010 Express.
I know why this error appears :) it's a security/user issue. The problem is, I don't know what account/permissions this intranet is using that's causing the issue.
I use a simple authentication method that detects the user ID. If they're on that list, they are allowed to look at the page. This is done through:
[allow users] and [deny users]
(Brackets substituted for arrows.)
Authentication mode is set to Windows.
There is another intranet site that users can access- I have read and write permissions on that database that this web site uses. That intranet site works for me, but this gives me a security error.
I'm thinking that by using this authentication method, that it switches to a system profile which tries to access it and gets denied. Is there a generic system profile you guys know of that would cause such an error? Is that even a right assumption or is it a security setting that's related to my username?
Thanks in advance...
Well, maybe this could be helpful for someone in the future who is also facing the same problem. I am not sure where to find this, but apparently I had left out or there was not a tag called identity impersonate. By just having the authentication mode set to Windows, I thought it would take care of everything.
I am assuming that if you use Windows authentication, a system account will try and access the SQL database. Because that system account (whatever it may be, there is one defined somewhere but I forgot the name of it) does not have access, that permission error gets thrown.
What will make the web page use the user permission is with this tag:
[identity impersonate="true"/]
Substitute brackets with arrows.
I am working on a project of developing a web UI. The project requires .NET implementation. I currently published the website on Windows server 2008 with IIS 7.5 for testing. The project asks for and login/out page as the entrance to the main UI. The login/out page should asks for username and password with some security questions. And it also enables user to change and save the password. The authentication technique has to be implemented using digested authentication.
I have already tested the digest authentication after enabling it in IIS. It works good with popping up a window asking for the username and password.However, I have a doubt whether the digest authentication allows for customized login/out page and ability of changing and saving the password (which will most likely be realized with form authentication to the best of my knowledge). I believe there might be (or not?) some ways of doing it, anyone can guide me to some references or sample codes?
Try this article: http://www.eggheadcafe.com/articles/20030701.asp
And maybe this one: http://msdn.microsoft.com/en-us/library/Ee817643%28pandp.10%29.aspx
I am trying to figure out how to implement an ASP.NET page with Windows Authentication without getting that annoying IIS login box.
I currently have 3 domains in my network so all the people logging in would have to prefix their user names with the domain. This is not user friendly. I would like to have a custom login page that would have a domain combo box.
Most examples I found implement this using Form security, however I need Windows Authentication since I want to connect to the SQL server using Integrated Authentication rather than a hard coded user name and password.
Does anyone know of a good article or sample code that shows how to implement this?
The following links to an article that explains how to authenticate a windows user using forms authentication, it uses a call to the native win32 api function LogonUser to acheive this. This way you can design your own custom login page with a drop down list to select a domain. Take a look, perhaps it will help.
Windows Authentication using Form Authentication
To get this setup so you don't have the authentication prompt, you are going to need to have the domains trust the accounts from one another. This article should get you pointed in the right direction:
http://technet.microsoft.com/en-us/library/cc787646%28WS.10%29.aspx
i wish to require a popup window for users to type, to access my website. For the username, password .. i was hoping to have a few hardcoded names/passwords in some file. I was told that Digest Authorisation could be used, to do this.
If i've got a stock standard ASP.NET website, where can i define the username's / password?
please note, this username/password only 'unlocks' the site .. but doesn't log them INTO the site. they will need their website username/password for that.
i hope that makes sence.
please help!
Depending on your access to the machine, a really simple option is a program called IISPassword, some providers have this installed, which allows you to use apache style .htaccess .htpassword files.
Once this is installed, setting up takes about 5 mins, just find a unix crypt function to handle the passwords, and it just works, don't have to touch aspnet at all.
Have only used this on IIS 5 and 6, but might work on 7.
Hope that helps.
I think that your users will not appreciate having to enter two passwords to use your site. I think you would be better served to stick with the web site login as the sole means to access the site and simply redirect non-logged in users to the logon page. You may also want an "about us" page that is publicly available for potential future users if your site is public.
You can find a pretty comprehensive guide to authentication in ASP.NET here. According to the article, Digest Authentication requires that you store user ids/passwords in Active Directory.