currently I have a website with authentication using Microsoft.IdentityModel.Web.WSFederationAuthenticationModule. It redirects me to login page (single sign-on outside my website) and upon login, I am redirected to default page.
Now, when I was using CreateUserWizard asp.net control, it seems that upon creation of user, the control tried to use my machine name to login to db server (i.e. '\$') instead of using SSO login which has just been done.
Does anybody know how to customize the control to use federation login to connect to db server? In addition, how to set so that the control will use certain specified sql account to login to db server?
When you rely on federated identity, you typically won't "create users". Those would be handled by the identity provider. You might want to consider rethinking your app a little bit. For example: given that users will be provided for you (through the IdP), what does it make sense to do in your app? (e.g. associate users, manage authZ, etc). But likely not "create ones".
Related
I have an existing ASP.NET site with user authorization and authentication for several roles implemented in the built-in ASP.NET Identity framework. After login, each role is directed to its own set of pages. All works fine. Now, for only one of those roles, I want to hide (skip) the login procedure on the UI but maintain the role and all logic behind the role. In other words, the users in this role will be "converted into guests": they can access their own pages without seeing the login page and without providing a username and password. The other roles will continue going through the login procedure for the usual authentication/authorization. Security is not a concern, looking for a simple solution for user convenience. How can I achieve this?
I have a WebForms app using external login (Microsoft and Google) and ASP.Net Identity 2.
I want the external login to persist when user comes back to the web site. Currently when user comes back they have to login again using the external provider.
I understand one way to do this is create persistent Application Cookie after locating the user like answered in this SO question.
But this is not acceptable since the requirement is that the user should be signed out if they sign out from the external provider.
If I create persistent "Application Cookie", Is there a way I can validate if user is still logged in externally.
OR
Are there any other ways of achieving this?
I am trying to find the best authentication type for my asp.net MVC 4 web application. What my requirement is something MIX between form-based and windows-based.
The requirement is to allow the company employees to automatically login to the application if they already login to the company active directory.
If a company employee accesses the application from his own PC outside the company network, then he should also be able to login (but I think he should enter hi username and password).
Also we have external customers (that currently do not have an active directory username) , they also need to be able to access the mvc 4 web application.
So which approach I should set and implement for managing my asp.net MVC authentication ?, as I find that form-based alone will be able to achieve ONLY part of the requirements and same apply to windows-based ?
Best Regards
I had this scenario at a previous place of work.
Here's what I did:
Implement Forms Authentication, have your own custom table to store user's details. Have a property in the table to indicate whether it's an Active Directory account or not.
When someone logs in, if it's an Active Directory account, authenticate it with AD. If not, just authenticate it with what you have in your table.
As for signing up, you should allow someone to enter their AD credentials, authenticate with AD, then add them to your database. If they don't specify AD credentials, you should just add them as a user in your database and then set them as a non Active Directory user.
We have an ASP.NET website set up using Active Directory as the Membership Provider. The site uses the Forms authentication mode and the .NET Login control. We recently merged with another company and now they also need access to the site, but they are of course on a different domain. Our IT people have set up the two Active Directories in a two-way trust.
I can log on to their domain using a test account from our network. But when I use the same DOMAIN\username + password combo on my website it does not work.
How can I make our site able to see users on the second domain? Is this not possible using the Login control? Or is there something else I'm missing?
I don't think it's possible to authenticate against a remote AD domain, via a trust with the built-in provider. You could setup a second provider which is configured to point at the other domain, and then add addition logic to your Login control to pick the right provider to authenticate against. I use a similar approach to support "pass-through" authentication of domain users while also support non-domain users with standard forms authentication.
If I create a public facing internet site using SharePoint as the backend, how do I change the login process so that it doesn't use AD / Local Windows accounts?
I want to have a registration process for logins which the admin will approve before giving out access to users.
You can use forms based authentication with users stored in SQL Server tables. See: http://blog.summitcloud.com/2009/11/forms-based-authentication-sharepoint-2010-fb/
The first must-read is this : Plan authentication methods
However, why don't you use an anonymous enabled page with a "request access" form ? The form can then start a workflow which one actual "CreateLogin" activity. This activity then creates the login on AD, SQL or any authentication provider. It can also push the request to any external login creation process.
HTH