I am in the process of placing federation authentication to a WebDav feature which I am trying to implement using the IT Hit Web DAV library. From the library documentation under Adding webdav to existing project, it mentions:
Neither Microsoft miniredirector nor Mac OS X Finder nor most versions of Microsoft Office support Forms/cookies authentication.
In addition to that, I had a look on some sources (from 2010) and read that a cookie cannot be sent through Windows Explorer.
However, I am using Windows 7 and I have mapped a WebDav folder to Microsoft SharePoint as well using Microsoft miniredirect and I can see (using Fiddler web debugging tool) that a cookie with the federation authentication token is sent along with the request.
From research I understood that I should be using Internet Explorer to achieve this. Not sure if I am misunderstanding something, Is there a way to attach the cookie to the request from Windows Explorer?
PS. I have logged in to the Webapp from internet explorer which then logged in to the federation gateway successfully.
Ok here are my comments and process so far. Might be helpful for someone also working on this.
I am using Internet Explorer, added my web app host to the trusted sites.. I have switched to forms authentication to persist the cookie. When I login to the web app first and then try to access the webdav from windows explorer, it picks the forms authentication cookie of the web app
Related
Good day everyone!
Background: I have old legacy ASP.NET MVC on premise application running on local windows IIS. I'm investigating ways to integrate this application with Azure AD authentication. As far as I can understand (Windows IIS integration with Azure AD) it's not possible to do it directly because of the Azure AD authentication can be added at the application level only. So I'm thinking integrating one of the MSAL library for adding Azure AD authentication.
Using this windows manual (Quickstart: Add sign-in with Microsoft to a web app), I've downloaded sample windows application (ASP.NET code sample) from this learn page and tried to run it within the Visual Studio 2022 in debug mode on my azure virtual work machine (based on VDI platform).
And Azure AD authentication does not work. When I click "Sign in with windows" button on the start application page, I get the error:
Server Error in '/' Application.The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /login.aspx
This sample works fine on my local laptop in exactly the same state. I suggest that any security utilities might be the reason, but I don't know how to check it. I can't disable security apps on my working machine, and maybe there are any restrictions on the network level I don't even know nothing about.
Could somebody suggest any ways to solve this problem? Or maybe still ways to find the reason of this problem?
Thank you in advanced!
I'm a contractor working remotely on a legacy ASP.NET application. I'm struggling to stand up a local instance of the project due to the error SQL Exception - SQL Server does not exist or access denied. I suspect this is because of the use of Windows Authentication for the SQL databases backing the project.
Before I launch into a lot more detail I'll ask my question: what are my options to pass Windows credentials to an SQL server in an ASP.NET project built on OSX?
I believe I've proven this is possible with some steps I'll detail below, but the actual implementation in an ASP.NET project is escaping me due to my inexperience with everything .NET, and the many-fold differences between my setup and the typical dev.
Standard Dev Setup
The devs I'm working alongside are using Windows machines housed in their corporate domain, running Visual Studio 2012. Because they're already logged into their machines with the appropriate credentials, the use of Integrated Security=SSPI in the SQL connection string "just works".
My Setup
I'm running a Mac Mini outside of their corporate domain, and using Visual Studio in conjunction with Mono to support the .NET Framework-based project. Passing the SSPI option won't work out of the box because I'm not connected to any Active Directory. That said, I do have valid credentials to log into their network.
What's worked so far
I've proven that a connection to their network resources is possible:
When logged into a virtual Windows machine, I can connect to a shared drive on that network with the credentials I was provided.
I then set up that same shared drive on my Mac Mini with those same credentials.
Using SQL Pro for MSSQL, I was able to connect to the desired database using my credentials.
As I understand it, what I'm looking for can be accomplished on Windows with Credential Manager, so bottom line I think I'm looking for the equivalent solution on OSX that plays nicely with ASP.NET project as compiled by Visual Studio.
I have an Azure website (built using VS2015 Community) which uses "social" login for authentication.
I have successfully deployed a working PoC to azure which happily authenticates the user using the Google+ or Microsoft Account authentication services - i.e. the Azure app service is configured correctly to support social login from these two providers.
The problem is that I don't know how to replicate this for development on localhost; when clicking on one of these links (e.g. the MS one) the browser navigates to http://localhost:60380/.auth/login/microsoftaccount and I unsurprisingly get HTTP Error 404.0 - Not Found.
Question: is there a way I can configure my solution/local environment to authenticate using social authentication whilst running on localhost? Service providers such as Google seem to have no issue letting you specify localhost addresses.
My website has some very basic authorization checks that I want to perform, and I obviously want to do this on my dev environment first.
For your reference - HTML / Login links:
Microsoft Account
Google Account
Google API Manager Config - Authorized JavaScript origins
https://[my site].azurewebsites.net
http://localhost:60380
According to your description, I assumed that you are using Authentication/ Authorization of Azure App Service which provides you with an easy way to protect your application without changing any code on your app back-end.
As I known, when your app hosting on Azure then you could take advantage of the "Easy Auth" feature. But while developing locally, I assumed that you need to write your code to support "social" login for authentication. For more details, you could follow this tutorial.
Additionally, you could follow this Architecture of Azure App Service Authentication / Authorization and this tutorial for a better understanding of Easy Auth.
The integrated identity support is a feature of App Service that cannot easily be moved to localhost development. If you need to test locally on your dev machine, you'll need to simulate the identity component yourself.
If you are building a mobile app, there is some support for local debugging which might be helpful: https://github.com/Azure/azure-mobile-apps-net-server/wiki/Local-development-and-debugging-the-Mobile-App-.NET-server-backend
Otherwise, I suggest you create a second web app to use for integrated development/testing. It's not as convenient, but Azure App Service does support remote debugging, etc, through Visual Studio.
I've been battling through the same process. Feels to me like this is a gap - I'd love to see the .auth pipeline included as part of the dev environment.
Currently, I use this the method defined here - https://weblogs.asp.net/pglavich/easy-auth-app-service-authentication-using-multiple-providers, and whilst clumsy, it works for me.
I have a .net web application that is hosted in IIS 8.5. The application is accessing Microsoft System Center Service Manager (SCSM) using the SCSM SDK. The site is using Windows Authentication and impersonating the user accessing the site. Therefore I have followed this guide to setup Kerberos authentication.
Kerberos is working fine and I am able to update and retrieve data from SCSM and that the authenticated user's identity is used. However, during testing, I am noticing that using Chrome (40.0.2214.115), the authentication mode used is NTLM, thus it fails to interact with SCSM.
IE (11.0.9600.17501) works fine.
The kicker: If I open up IE and connect to the application first, and then open up Chrome, it works fine in Chrome.
Most of the users are on IE, but I want to understand what is happening and correct it if I can.
What am I missing?
First: what I can really recommend is to use WireShark (or probably some other network sniffer tool) to analyze what is on the wire. This helped me more than often to trace and find weird problems with Windows, networking, WCF development, Kerberos.... It is not easy with hundreds of captured packets to spot the problem, but you can always compare against a known-good configuration.
For your specific problem, I suggest starting Chrome with
--auth-server-whitelist="*example.com"
as described at http://www.chromium.org/developers/design-documents/http-authentication.
Just to complement previous answer: indeed, Chrome requires site to be "whitelisted" and theoretically in Windows it should be picking up values from Internet Options.
For me what solved the problem was adding Registry Keys on my Windows 7 computer as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AuthNegotiateDelegateWhitelist"="*"
My intention is to access the SSAS Database without Windows authentication. The user outside the domain should be able to access the cube and built PIVOT tables around it. Thus I found that we can use HTTP access for this purpose.
I followed each and every step mentioned on the following links
http://msdn.microsoft.com/en-us/library/gg492140.aspx
http://bloggingabout.net/blogs/mglaser/archive/2008/08/15/configuring-http-access-to-sql-server-2008-analysis-services-on-microsoft-windows-server-2008.aspx
When I try to hit the URL in Mgmt Studio --> Analysis Services
http://localhost/olap/msmdpump.dll. I am getting the "Connection time out" and "404 error"
I went to MSDN forums for the same problem but no concrete results.
How do I test whether my SSAS 2008 is accessible with HTTP access.
Please help!!
I don't have a lot to go on from your question, but if I had to guess I'd say you probably didn't switch from integrated to classic in the application pool settings which left your handler mapping disabled giving you the 404.
I would start simple on your local development machine and follow the instructions allowing anonymous access to the site. Make sure that your site uses an application pool that has access to the cube in analysis services. Additionally, you cannot use the integrated pipeline in IIS, you will hve to use classic. When you create your script mapping (under Handler Mappings) in IIS, make sure that you follow the directions carefully from the following URL:
http://msdn.microsoft.com/en-us/library/gg492140.aspx
I just followed the instructions and it worked for me.
Switching on Anonymous authentication will work to grant access to the site, however I would suggest you use at least Basic HTTP authentication or even Windows Authentication. Just note, if you're using a remote SSAS instance (not on the same host), a double-hop authentication is required. For that, you will have to register SPNs and enable Kerberos authentication.
You find out how to do that by following the links referred to under
Microsoft - Configure HTTP Access to SSAS
Greetings,
Remo