We have asp.net web application running on Domain A with working Windows Authentication.
Our customer now wants to authenticate users from Domain B to this website, but we are not allowed to have trust between Domain A and Domain B.
Windows Authentication is not required for the users from Domain B, but Windows Authentication for Domain A should still work.
Does anyone know if this is possible to do?
We are using .net framework 4.0.
what about creating restricted accounts in the domain A for these users?
what about creating local accounts on the server in domain A for these users?
or, you can use Active Directory Federation Services
Related
I have successfully configured forms authentication in an ASP.NET website and able to login using my domain's account. I am now deploying to out UAT server which is hosted on Amazon, UAT server is not part of a domain and it is on a workgroup, I have created a local user and trying to login but unable to login. I am have tried these user name combinations
machinename\username
.\username
username
Can I use forms authentication if machine is not part of a domain?
we have asp.net web application and we need to support "automatic login" using domain credential (windows principal) if users visit the website via intranet or we will prompt user to enter domain credential if visited through external network via HTTPS.
Problem is that this web server (windows server 2008) is a workgroup machine and it's in DMZ. I've been told to research on AD LDS + AD FS to make this happen within limited time, whether or not it is possible to support both domain credential SSO (both internal & external) and automatic sign-in for intranet domain users.
As I read related documentations and discussions in the forums, I understand that SSO is possible with this setup, however I cannot be certain and unable to find related materials mentioning about "automatic signing" intranet domain users with this environment.
Can anyone please advice if it is possible or if there are alternative approaches.
The main thing is that we want to avoid joining that existing web server to the domain.
Many thanks
ADFS will get you what you want. You'll need to modify the app to support claims (look up WIF - Windows Identity Framework). ADFS would be installed in your domain environment and then you'd configure the ASP.Net app as a relying party application in ADFS.
I don't think AD LDS will be of any use to you here.
I have Asp.net website for domain A users with the Integrated Windows Authentication.
Now users from domain B need to access the website.
But Domain B users receive pop-up window to input the authenticated information when they access the website
My question is:
How to configure the IIS or Windows Server to allow Domain B users to access the website without the pop-up windows for authentication, just like the users from Domain A.
Check that you have a trust configured
Verify this by trying to add domains users from domain B to the file system where your IIS site is located.
Verify that the correct user group from domain B has access to file system where your IIS site is located. ( if not using domain users from domain B ).
Verify that the user that is testing from domain B has the correct group memberships.
And if running Kerberos authentication.
Check on client where the user is if you have a kerberos ticket by using command
"klist tickets"
Question - Will I be able to access a Asp.net website on IIS 7 with integrated windows authentication enabled from outside the domain?
Thks
Yes - browser will typically prompt for your windows credentials. User name has to be provided as [Domain Name]/[Login Name] format where domain name will be target domain (i.e. domain known (and trusted) by your web server).
We have an ASP.NET web application that we offer as a Service (it's hosted and it's accessible on the Web). We use Forms Authentication and our users have to enter a username/password to connect to our application. Some of our customers ask that we support single sign-on by authenticating users with their own Active Directory.
Our application has a different URL for each customer
www.ourapp.com/client1/
www.ourapp.com/client2/
www.ourapp.com/client3/
and each URL has its own web.config file (where asp.net settings can be specified and can vary for each customer).
What do I have to change in my ASP.NET application to support that?
What do I have to change on my Windows server configuration?
What will the customer have to do on his side to enable that?
Regards,
Check How To: Use Forms Authentication with Active Directory in ASP.NET 2.0 In short, you configure an ActiveDirectoryMembershipProvider to verify each username/password with the customer's AD. The customer must create an AD account for you that is allowed to perform the verification - which may be a problem with some customers. What's more, your code will handle the actual username/password used by users in their internal network, which can be an even bigger problem with customers.
A more secure solution is to use federation (using ADFS) or Claims Authentication using Windows Identity Foundation. In this case you "only" have to set trust relations between your domain and theirs.