I actually want to create/list/edit asp.net membership users from a page authenticating with Windows-Authentication, the website uses ASP.Net MVC4. This is the administration website for another website using the forms authentication with asp.net membership on an SQL database. So this should allow company users to administer external users.
I can't use Membership-API, because the actual context does not support the asp.net membership.
Using the stored procedures requires manually hashing the password etc and this is not recommended. Also inserting the users directly into the tables would have this problem.
So is there a working example for administering asp.net membership users from a windows forms authenticated website?
I just managed to solve this problem using a webservice to decouple Windows-Domain authentication from asp.net-Membership:
Windows Domain Website for administration uses Webservice
Webservice offers functionality to manage users of asp.net membership
Webservice access has to be restricted to local server (so only the Windows Domain website can use it) and allows anonymous access (or with a special account).
Webservice needs to be configured like an asp.net membership website and to use the same membership database like the "normal users Website"
Related
I have to create a new ASP.Net MVC web app. This web app will accessed by company users internally and externally. Users are already in active directory.
When accessed externally, authenticate using their AD username and password from login page.
Any reference would be helpful.
The easiest way is to use Windows authentication when creating the ASP.NET MVC site.
This requires your web server to be in the same AD as the users, so if you plan to have it hosted somewhere, that is not an option.
If you plan to have the server hosted somewhere outside your AD, you should take a look at ADFS or sync to Azure AD (you don't have to use Azure for anything else).
The built-in authentication methods are described in the Microsoft docs
I need to integrate my sharepoint site and ASP.net site. So, First login will occur in the SharePoint site with Active Directory authentication and from there i need to traverse to ASP.Net site through a link. Now my question is whether its possible to pass my SharePoint Active Directory credentials to ASP.Net site? Will i be able to do this through a query string? Will i be able to navigate to and fro between SharePoint and ASP.Net sites.
The main point here is the user should not enter his credentials twice ( ie.. He should be authenticated automatically while navigating between two sites.)
What are the options available for me?
Do these things possible to achieve? SharePoint will be hosted using Windows SharePoint Services 3.0.
Thanks in advance,
ReplyQuote
Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).
See How to: Use Windows Authentication in ASP.NET 2.0
I have an ASP.NET 3.5 site that exposes web services as part of the web project for jQuery HTTP/POST calls to access. The site is using forms authentication. I currently have the web services denied to anonymous users. By using Firebug, I can see the ASPXAUTH cookie coming across on every web service call from jQuery, and I would like to use it to fetch the membership user from my ASP.NET membership database in the web service code. Is this possible? I'm having trouble both finding how to access a cookie on an HTTP/POST in the web service code & how to take that cookie and get the membership user.
Looks like it's a simple as just using Membership.GetUser();! I was having a brain fart and not realizing that it was that simple.
If I am using Windows Authentication in an ASP.NET app, and I want to use custom roles instead of using Windows security groups as roles, do I need to write a custom Role provider? The solution needs to be able to map Windows users and groups to application specific roles.
If I understand your question - no you don't need to use roles from Active Directory security groups as roles for your ASP.NET application. And you dont need to implement a custom Role provider. The default one simply retrieves the Roles from the ASP.NET application database.
You can simply have application defined roles in this database, that you create with the aspnet_regsql.exe utility (in the .NET 2.0 framework folder).
Probably the greatest collections of resources/information on this topic:
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Actually you CAN use the built in ASP.NET security configuration web site. You have to temporarily switch to Internet Mode, Then you can add users DOMAIN\username as username, enter some password (it won't be used once you switch back), you can then assign these to roles. Once you switch back to Windows mode these users will be used automatically.
Here's my situation. I have a DotNetNuke application. I want to link to an existing ASP.net website from within the DNN website, and have decided to use DNN's IFrame for that.
The existing ASP.net application uses Forms Authentication for security - only authorized users can access the pages. This asp.net application also requires user roles for authorization to different pages.
I don't want users to have to sign on twice, and I'd like the asp.net page to use the user membership and role data from the DNN application - it shouldn't require it's own membership database.
Is this possible? According to the MSDN website:
"ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate when switching between the applications."
Does this apply to DotNetNuke applications linking to asp.net applications? Both are on the same domain, too.
(I tried modifying the config.web of the asp.net page to work with the DNN config.web, matching machine keys and forms settings - but it didn't work. I could be doing something wrong, but before I pursue, I want to know if it's even possible.)
Thanks for any help!
I don't know if what you're talking about is possible within DNN. We're on DNN 4.0 and they do some weird things with the ASP.NET membership tables which may cause trouble.
What I can tell you is an alternative way (assuming you have control over the ASP.NET application). There is a project called MADAM (Mixed Authentication Disposition ASP.NET Modules - I know a bit of a mouthful) that can be used to provide a method other than forms authentication for application logon.
What you could do is set MADAM up on your ASP.NET application and from DNN pass user credentials to the ASP.NET application. The end result appears to the user as single sign on.
If you need me to elaborate on anything, let me know in the comments.
Actually i am displaying some aspx pages in a iframe module present on a dnn page. Now since inside the iFrame i am displaying aspx pages hosted elsewhere but on same server. I am just want to authenticate the dnn logged-in user before loading the page inside iFrame.
Do dnn provide any API which i can call from apsx pages hosted elsewhere in order to restrict access to ony unauthorized user.