Please let me know how can I disable basic authentication on Tomcat 5.5.27
Authentication is there only if you configure it yourself. By default web applications do not use authentication.
But if, as I suspect, you didn't put it there yourself, it would have been helpful for you to be told where to look. In Java, at any rate, there is probably a web.xml file in a source directory (WEB_INF/).
Related
I need to be able to have some web methods (in asmx) require windows authentication to be used, and others to require no authentication at all. Is this possible? If not, what would you recommend I do, best practices etc?
I am fairly new to web development, sorry if this is trivial.
Thanks for the help
Create and host two different webservices and separate your methods based on their authentication need. So you can enable windows authentication in one.
I made a small web application (ASP.NET) that use the DocumentPrint.Print() to use a printer that connected on the server and when run it from the visual studio its work well and print the document correctly,
Hint : the address will be : http://localhost:8080/
but when use the iis server (http://localhost/TestPrintingWebSite) the printer never work and then the website didnt effect to the server printer.
is there any setting must be on the iis to let me able to use the server printer ???
please your help guys ;)
thanks alot
By default in IIS, the account used to run ASP.NET applications will lack sufficient privelages to access the network printer.
In order to access the printer you will need to either use impersonation in your code:
WindowsIdentity.Impersonate Method
Or configure IIS to run the application under a user account with the required privileges.
Here is another article which explains different methods of impersonation security:
Understanding ASP.NET Impersonation Security
Edit
If you do not feel confident implementing the user impersonation code yourself, here is a link to a codeproject article: (the code is in c# but could be easily converted to VB.NET or compiled into a separate class library and used in your application)
A small C# Class for impersonating a User
I want to develop a Single-Sign-On(SSO) or centralized authentication server (CAS) project for SSO between asp.net, php and java.
Is there any Single-Sign-On(SSO) or centralized authentication server (CAS) open source project using asp.net c# ?
If you're looking for something simple, you might consider an OpenID implementation. Since it's all HTTP request based authentication, ASP.NET, PHP and Java will have no problems working and you won't have to worry about creating and maintaining the credentials store, as that's all handled for you.
You can write the code yourself (check out openid.net) or you can use something like rpxnow.com, which is a 'wrapper service', to help you get started.
Hope this helps
I've got a requirement that a ASP.NET web app use Shibboleth for the authentication. Has anyone done this before? Are there libraries out there to support the method calls? Or is this a Java only thing?
It's definitely not a Java-only thing, there's an Apache module available for download on the Shibboleth site.
I don't know if there's anything specific for .NET.
We implemented Shibboleth a while back and we originally tried to use the Java solutions - it was a nightmare. The java apps were badly-written, buggy and badly documented. It was hassle after hassle and we eventually decided to use the Apache module on a dedicated server and forward successfully authenticated users onto our Tomcat app.
The Apache module was a breeze to setup, configure and get working.
Don't know if you've already realised but the Shib documentation and website are incredibly hard to navigate - it's a fight to find any useful information. I did go and look for a .NET implementation on there but gave up!
If our Java experiences are anything to go by I would seriously suggest setting up an Apache server with the Shibboleth module installed and saving yourself a world of pain.
This is a good site for testing your Shibboleth install once you have it set up: http://www.testshib.org/testshib-two/index.jsp
If you do find a good .NET solution then I'd be very interested to hear about it. Good luck!
I know this is a really old question, but I thought I might be able to do a bit better expanding for those who are finding the answers from Google.
As recommended above, you really want to configure your web server to load a module. The hard part of shibboleth is the configuration file, but assuming some one else in your organization has utilized shibboleth you can use theirs as a template and its fairly easy.
For .NET based authentication, you'll need to configure Shibboleth in IIS. The default configuration for IIS creates a directory called /secure, and anything put under there will require shibboleth authentication (i.e. it will redirect to the identity provider). You can configure it to cover other directories or even do lazy authentication.
Once you have the authentication piece in place, you can check headers to "read" the information the identity provider is passing to you. IIS handles things a bit differently then Apache, but its still pretty easy. If you just want username you could use HTTP_REMOTEUSER although there could be better options; i.e. Ohio State University recommends using the eduPersonPrincipalName.
As MatthewMartin says Shibboleth is just a SAML server, Windows Identity Foundation supports SAML as explained in this blog post.
I have created an web service I need to publish this service. I need to host and authenticated users need to access my services using ASP.net 2.0
I'm not sure if you are asking for an alternative, but I've been experimenting with this code that seems to work well on codeproject.com (CP).
If your question is on security, perhaps this article on CP is a useful start.