I have to create a site that uses the active directory from another server to auth the user. First my page should try to auth the user automatically with his windows login and if this haven´t success it should ask him with a form for username/pw.
This is what i have so far in my Web.config, just a few code snippets. The web wasen´t as helpful as i hoped :-(
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com" />
</connectionStrings>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="testdomain\administrator"
connectionPassword="password"/>
</providers>
</membership>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
There is a very good article on mixing two authentication schemes here. Also see related question here
Related
How can I disable forms authentication? Every time I navigate to a page, the page tries to authenticate through an SQL instance on server. I have set forms authentication to none, but still no change.
http://go.microsoft.com/fwlink/?LinkId=169433 -->
<system.web>
<httpRuntime maxRequestLength="65536" executionTimeout="3600"/>
<compilation debug="true" targetFramework="4.0" />
<!--<authorization>
<allow users="*"/>
</authorization>-->
<!--<authentication mode="None">
<forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
</authentication>-->
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider,
System.Web.Providers, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection" applicationName="/" />
Okay, so I went with leaving Forms Authentication enabled, and rather setup IIS to have access rights to an instance of SQL Express installed the server. All pages work fine now.
I am deploying Asp.net Application at IIS server getting this error, But when i run this application my server its fine and give no problem .I have one html static web site in that html site folder i made tool folder, In that tool folder i deploy my asp.net application ,
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Here is my Web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<authorization>
<allow roles="administrators" />
<deny users="*" />
</authorization>
</system.web>
<connectionStrings>
<add name="ConnectionStringName" connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source='|DataDirectory|\mfaridalam1.accdb'; Persist Security Info=False"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.web>
<httpHandlers>
<add verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit" />
</httpHandlers>
</system.web>
<system.webServer>
<handlers>
<add name="AjaxFileUploadHandler" verb="*" path="AjaxFileUploadHandler.axd" type="AjaxControlToolkit.AjaxFileUploadHandler, AjaxControlToolkit" />
</handlers>
</system.webServer>
<location path="AjaxFileUploadHandler.axd">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Here is SS of error
Can you please try deleting the website from iis and restarting iis? at the same time clean your project and rebuild it. then try publishing it in the right location. Are you creating virtual directory?
This is quite a general error which does not give us details of what went wrong.
Possible checks you can do is:
1. Check web.config and make Custom Error Mode off
2. Try to host application locally
3. Check all files have been deployed on server or not?
4. View page locally on server
5. Add stacktrace to find exact issue.
6. Do logging on request
if you have access on server and using windows server, try to open the website in browser and if it fails then look into Event Viewer -> Windows Logs of windows to see the error.
Well, to be honest, problem is why 'currentUser.Identity.Name' is blank.
Options are:
`<authentication mode="Windows">
</authentication>
<identity impersonate ="false"/>`
And IIS 7 Integrated Windows Authentication is enabled, 'Anonymous access’ disabled.
(It was mantioned here)
App is executing on local computer, in the same domain.
When I'm trying to write:
<authorization>
<allow users="MY_USER_NAME"/>
<deny users="?"/>
</authorization>
I get page 401.2, access forbidden.
And now, i think, options are inhereted from somwhere, and 'Anonymous access’ is still enabled. So, how i need to check the actual value in code.
UPDATE
Role manager is this:
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/"/>
</providers>
</roleManager>
I'm attempting to retrofit an intranet-only ASP.NET webapp with some rudimentary security.
I have a database table of authorized users, keyed on their AD ID, and I have a method which reads the AD ID from the Request object and matches it against the table. I would like to use the web.config "authorization" elements to call this function, something like this:
<location path="/">
<system.web>
<authorization>
<allow method="checkDatabase()"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I realize this syntax is invalid, but is there an equivalent that functions in this fashion?
You can use AD membership provider. From MSDN example:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.3600, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
I have my config setup like below:
<configuration>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://myldap/CN=Users,DC=nevco,DC=local"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" loginUrl="Login.aspx" defaultUrl="Default.aspx" />
</authentication>
<membership defaultProvider="DomainLoginMembershipProvider">
<providers>
<clear/>
<add name="DomainLoginMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
</configuration>
I can attempt to log on but every time it says I am using the incorrect username/password. Does it look like I am doing anything wrong above? Is there any way for me to find more information on why it's not finding my username/pass?
UPDATE:
Do I need to provide a Username and Password in my membership/providers section?
Ok, I ended up using an LDAP browser to examine the structure. After a little fudging around I changed my LDAP url to this:
LDAP://myldap/DC=nevco,DC=local
And it started working. Hope this helps someone!
Why make the user login in at all?
Try this provider
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
you can then do something to see if they are authorized Roles.
Roles.IsUserInRole("someGroupInAd")
Your web site would have to be setup with Integrated Windows Authentication in IIS