I have an ASP.Net webform website that uses SQL Membership for authentication and login. The user's password are encrypted.
In my project I save all exceptions when they happened in a database.
Yesterday I have got this exception which is very wired and I do know about it.
I am assuming that somebody was trying to hack the website.
Error: Global.asax: www.Example.com/citrix/xenapp/auth/login.aspx?CTX_MessageType=WARNING&CTX_MessageKey=NoUsableClientDetected
I have this URL: www.Example.com/login.aspx but why somebody did this citrix/xenapp/auth/login.aspx with some Querystrings.
If it was an attack the SQL Membership is secure enough?
If you have any idea please let me know before something happened.
Thanks
Either someone mis-typed an URL, or more likely, someone was probing your website to see if Citrix XenApp is installed. If it installed, it would probably attempt to make an automated attack on your site.
Related
I am hoping this will be a simple question. I am using IIS 7.5 / Visual Web Dev 2010 Express.
I know why this error appears :) it's a security/user issue. The problem is, I don't know what account/permissions this intranet is using that's causing the issue.
I use a simple authentication method that detects the user ID. If they're on that list, they are allowed to look at the page. This is done through:
[allow users] and [deny users]
(Brackets substituted for arrows.)
Authentication mode is set to Windows.
There is another intranet site that users can access- I have read and write permissions on that database that this web site uses. That intranet site works for me, but this gives me a security error.
I'm thinking that by using this authentication method, that it switches to a system profile which tries to access it and gets denied. Is there a generic system profile you guys know of that would cause such an error? Is that even a right assumption or is it a security setting that's related to my username?
Thanks in advance...
Well, maybe this could be helpful for someone in the future who is also facing the same problem. I am not sure where to find this, but apparently I had left out or there was not a tag called identity impersonate. By just having the authentication mode set to Windows, I thought it would take care of everything.
I am assuming that if you use Windows authentication, a system account will try and access the SQL database. Because that system account (whatever it may be, there is one defined somewhere but I forgot the name of it) does not have access, that permission error gets thrown.
What will make the web page use the user permission is with this tag:
[identity impersonate="true"/]
Substitute brackets with arrows.
Hi have a few DotNetNuke websites that intermittently show the under construction page for no apparent reason. I just load and resave the web.config file and it restarts correctly for a few weeks.
I am looking to find ways to identify the source of the problem, I guess it has somehing to do with the database connection or user, but I really don't know where to start troubleshooting and what tools to use to find the issue.
Any help appreciated.
If you go to http://www.mydomain.com/install/install.aspx when you're getting the Under Construction message that will likely tell you that the site can't connect to the database server.
So from there, you will want to check what is going on with your connection to your database. One thing you might try to start, is change the User Account that you are using to connect to the database server. Maybe create a new SQL user/password and connect with that one, instead of the existing account.
I had a website that had this problem, with a remote SQL server, and unfortunately, come to think of it, I didn't do anything to fix it, eventually it just stopped doing that...
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx
I am building a simple intranet site and I want to get the user's Active Directory.
What steps do I need to take on the IIS side for this to work?
Are any changes required to my web config?
I would appreciate a detailed explanation, as this is giving me a hard time.
I have tryed things like this
Request.LogonUserIdentity.Name.ToString
also
HttpContext.Current.User.Identity.Name
the users will not login the page should be able to get the credentials without them typing their username and password
windows authentication in my web config throws an error and causes my page not to work
This might be a good starting point for you:
Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
or this:
Active Directory Services: PrincipalContext — What is the DN of a “container” object
As #Joel Ehterton said, more details of exactly what you're trying to do would be helpful.
My MVC site was working fine at Webhost4life until they migrated to the new platform with IIS7. Now the Login feature which my site has to allow employees of the site's company to perform back office functionality does not work. It simply does nothing and returns no error. Looking at it in Fiddler does not seem to reveal anything unusual. Is there a config setting that needs to be made to get this to work with IIS7. Support for the hosting company has not been much help. Please reply with suggestions - I'm desperate to get this working again.
Webhost4life tried to migrate my sites but failed so miserably I jumped ship. I assume your mvc app connects to a database? Who knows what WH4L did. First, check the settings in the web.config- maybe they left out some connection data. Here's where your web.config is located ASP.NET MVC and two Web.config files . If this doesn't help post the error message.
The MachineKey has changed unless you specifically set it in your Web.Config. If you cannot get the old MachineKey and set it in your web.config I'm assuming your going to have to reset all your passwords so they get hashed with the new machine key.