I have an Asp.NET 3.5 application with security/authentication. I have a second application (built using GWT and running on Windows Tomcat) running on a different machine.
I need to make the second application available to the user via a link generated from the .NET application. This part is easy, I have constructed the link in the asp.net page and the user can click on it to start working in the GWT/Tomcat session.
My question is this...
How do I set it up so that the Tomcat/GWT application is Only Accessible via the link in my asp.NET application?
I don't want the user to be able to copy the link from my asp.net page and then share that with someone else who is not authenticated within my asp.net application.
Your tomcat application will be passed a cookie that is the .NET authentication token iff the client has logged in to your .net application.
Your tomcat application can get this cookie from the request headers, and compose another request with this cookie to check with your .net server and see if the cookie (token) is valid.
Related
I have various AngularJS single page applications running in a single ASP .net MVC project.
In one of my AngularJS SPA's I need to create a login page which would show then show another page of information when successfully logged in. The username and passwords are stored in a database.
I am very new to ASP .net and would like some advice on the best way to (using my angular form) login and have some kind of session cookie so the user remains logged in for the duration of their session.
If you build SPA you with high probability use WebAPI. Reccomended way to authenticate API user is slightly different than usual cookie authentification.
To see how it works create a new project. If you have last VS2015 go to file -> New project -> ASP.NET Web Application -> Web API (Authentification: Individual UserAccounts).
If you just return Json(someData) in your MVC contollers and already have authentification it should work fine on tradition cookie authentification.
I have the following requirement: if a user in domain 2 goes into an ASP.NET site that is in domain 1, then the site should display a customised login form to validate the user. But if a user from domain 1 surfs to same the ASP.NET site (on domain 1), then Windows authentication (using Active Directory) takes place, so the user should goes straight through to the site content without seeing the login form.
How would I go about doing that?
Would I first need to detect the request domains? I have tried HttpContext.Current.Request in Page_Load() but have not yet been successful in detecting which domain a request is from.
Also, how should I setup the site authentication mode? Would I need Windows authentication for domain 1 users, and forms authentication for domain 2 users? I have also not been able to succeed in this, since IIS 7.5 complains that I cannot have both Windows and Forms authentication turned on.
Thanks.
Surely not an answer but due to the length, I am adding it as answer not comment.
AFAIK, IIS 7.5 allows both authentications to be enabled but no through web.config, you have to do it through IIS Management console, furthermore the scenario you described is handled through claims authentication (windows for intranet and forms for extranet) in Sharepoint 2010. I think same approach can be used in ASP.NET application since Sharepoint is also built on top of ASP.NET 3.5. More over you can look into Federated Authentication APIs present in .Net. You can explore the following links Claims Aware ASP.NET Applications and Federated Authentication and Enabling Federated Authentication for ASp.NET in Azure. Hope this helps.
I'm trying to read a cookie created by a Java app from Asp.Net but not having much luck
I'm using this line of code:
string CoockieValue = Response.Cookies["Cookie_Name"].Value;
Is this possible at all ?
We basically have an authentication web ui developed in java and there is a url that takes to an Asp.Net page that needs to read this cookie
Please advise
Thanks!
Is this possible at all ?
Yes, if both applications are hosted on the same domain. If not, then, no, it is not possible.
When setting a cookie there are 2 properties: path and domain which could be specified in order to limit the scope of the cookie.
So for example when in your Java application you set the cookie with domain="foo.com", all application on any subdomain on foo.com will be able to read it. So if you Java application is hosted on java.foo.com and your ASP.NET application is hosted on asp.foo.com it will be able to access it.
I need to integrate my sharepoint site and ASP.net site. So, First login will occur in the SharePoint site with Active Directory authentication and from there i need to traverse to ASP.Net site through a link. Now my question is whether its possible to pass my SharePoint Active Directory credentials to ASP.Net site? Will i be able to do this through a query string? Will i be able to navigate to and fro between SharePoint and ASP.Net sites.
The main point here is the user should not enter his credentials twice ( ie.. He should be authenticated automatically while navigating between two sites.)
What are the options available for me?
Do these things possible to achieve? SharePoint will be hosted using Windows SharePoint Services 3.0.
Thanks in advance,
ReplyQuote
Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).
See How to: Use Windows Authentication in ASP.NET 2.0
I have an ASP.NET 3.5 site that exposes web services as part of the web project for jQuery HTTP/POST calls to access. The site is using forms authentication. I currently have the web services denied to anonymous users. By using Firebug, I can see the ASPXAUTH cookie coming across on every web service call from jQuery, and I would like to use it to fetch the membership user from my ASP.NET membership database in the web service code. Is this possible? I'm having trouble both finding how to access a cookie on an HTTP/POST in the web service code & how to take that cookie and get the membership user.
Looks like it's a simple as just using Membership.GetUser();! I was having a brain fart and not realizing that it was that simple.