I'm trying to use SignalR with Windows authentication but I canget it to work. If I set site access to deny anonymous users the HTML page loads but signalr/hubs fails to load. If I set the Authorize attribute on the Hub class the server methods never get called.
What I want to do in the end is have the server execute code with the client users Active Directory credentials.
Related
We are currently setting up forms authentication for our web app.
The plan is for users to be redirected to a login page on our main system when they want to access files.
IIS Settings
Setting the IIS "Authentication" to anonymous gives access to the files.
BUT when we change the authentication to "Forms" and disable everything else we are met with a constant 401 error when trying to access the file.
401 Error
There is no redirect. It just throws this error.
The Web config has been changes to allow "?" (anonymous) and allow="*".
This does not change the 401 error.
When anonymous access is enabled (alongside forms auth) there is no redirect. The users have direct access to the files. (As if forms authentication is not even enabled?
Web Config
Please note that I also had to add machine keys to my web.config and also had to add the domain name in the authentication tags (also in the web config). After also adding a cookie.domain in my C# side the authorisation is finally working between domains.
--This has to be done when working with 2 subdomains. Eg: 1.website.com and 2.website.com.
I have already developed front-end application in Angular2 and back-end in ASP.net web APIs. I had used Windows authentication as enabled because I want to detect requesting user. Both applications are hosted in IIS server(Windows Server 2012).
When I load angular app it load login prompt and when give correct user credentials data loading happen correctly.
But I want to know a way to load them without login prompt, authenticate automatically.
This is the way I detect request user in web APIs.
string user = HttpContext.Current.Request.ServerVariables["LOGON_USER"]; //Get the current user...
userID = user.Split('\\')[1];
This is a sample TS script send request to Windows Authenticated Web APIs from Angular Services.
getPersonalInfo(): Observable<IPersonalInfo> {
return this._http.get(localStorage.getItem('WebApiURL') +"api/PersonalInfo/" , { withCredentials: true })
.map((response: Response) => <IPersonalInfo>response.json())
.catch(this.handleError);
}
When restart the browser this login ask every time.
I want to access them with out this login...
Actually, this login prompt occurs because there is communication between two technologies (ASP.net & Angular 2) by passing windows windows credentials. So it need shake-hand authentication when call windows authenticated API.
I was lucky to find a solution by changing privacy settings through browser. So I got ability to call API's without login prompt.
Here is the way to do that.
Settings -> Open Proxy settings -> Privacy ->Sites
In here you can add domain where your back-end APIs are already hosted as in example.
After that it take as trusted domain and further more there is no any login prompt accruing.
I have spent a lot of time on this, and I'm not sure it can be done. If you enable Anon Access then the [Authorisation] on the controllers works fine. But you can't detect the username.
If you disable the Anon Access then you can obtain the username NETWORK//USERNAME but if you access a method with the [Authorize] attribute then you get the popup dialog you have got.
I really don't want to go back to a username/password solution but it is looking like I am going to have to.
I have a website created with ASP.NET and a web service, both using FormsAuthentication (which validates the user's credentials against Active Directory - LDAP).
When I call an action method of this web service for the first time I am redirected to the site's web page that actually logs the users into the system. When I'm logged in I will be redirected to the web service (ReturnUrl), but I'm guessing something gets lost in the way, because I'm getting an InvalidOperationException (in the client), containing the .asmx definition.
This happens on the first call only, the next calls work fine (since I'm going to the right place).
What am I missing here?
How should I redirect from the web site to the web service? Can this be done?
Thanks in advance.
Your web service call is doing a Post, then redirecting via a Get request after authentication. The default response from an ASMX is the .wsdl definition. You can't do web service authentication like this programmatically.
If you are using Active Directory, why not use Windows Authentication and suppress the login?
I have a web application (say app1) which is hosted in a IIS server virtual directory.
This web application needs Integrated Windows Authentication for its functioning.
I need to integrate this web application with another product which does not use supply me windows credentials.
This application sends me an http request in a specific format.
I need to validate the request and redirect it to app1 with valid windows credentials so that it logs in smoothly.
I have created another application for this purpose
This is hosted on a separate virtual directory.
It has IIS anonymous and asp.net anonymous authentication enabled.
the pseudo code is as follows :
app2
parse request
if request sucessful
get windows credentials
get identity using credentials
reponse.redirect(app1.aspx)
But app1 authentication fails, IE asks me for credentials again.
Ideally IE should not ask me for credentials.
What would be the security context sent in the request to app1.
How can I trace the authentication failure at iis and asp.net?
To do this you need a trust relationship between the domains.
The response.redirect just sends a response back to the browser which then makes a request for the page in the redirect. So the identity is the identity of the browser.
I have an asp.net app. It has a page that requires authentication. The authenticated user can view the page because he/she is authenticated. The page makes a jQuery Ajax call to a WCF service. The WCF service checks that the user is authenticated via HttpContext. I have a user that is using WinXP and IE8. This user can authenticate to the page, but when the Ajax call is made from the page to the wb service, the user recieves my "session not authenticated" message on the page, generated by the service and displayed on the page. When I use the same OS/browser combo, the page and service work just fine, as expected; no errors.
What option in this user's IE settings would cause this behavior?
It turns out that I was just being stupid and was violating the "same origin principle". My service was at mydomain.com and my user was probably on a page at www.mydomain.com. The service would fail because the domains didn't match completely. So, I setup some re-write rules on the server so that no matter what variant of the domain that was requested by the browser, it would always re-write to www.mydomain.com. Then, I simply set the the service call to the that domain (or in this case, just used window.location.hostname), and all problems were resolved. Big "D'oh" moment.