I'm working on a site which is at the core/ master of a number of sites. We are also responsible for handling the authentication across all the sites under the brand banner. The client has wanted a single-sign-on operation to be included, so if I was to sign into any of the sites I would be signed into all the sites. We're handling the ...
I have a site that requires Windows Authentication the application obtains the credential from the Security.Prinicipal once the user is autenticated the problem is that my credentials on my local environment are different that the ones stored in the DB and the user preferences cannot be obtain. i am doing the following workaround in orde...
...I want to Show the 'delete' button when user is an admin, and show the 'add item' button when user is a contributor: <!-- More code above --> <asp:BoundField DataField="Description" HeaderText="Description" SortExpression="Description" /> <asp:TemplateField ShowHeader="False"> <ItemTemplate> ...
Hi, I have a site behind basic authentication (IIS6). Part of this site calls a web service that is also part of the site and thus behind basic authentication as well. However, when this happens the calling code receives a 401 Authentication Error. I've tried a couple of things, with the general recommendation being code like this: ...
What possible reasons could exist for MySQL giving the error “Access denied for user 'xxx'@'yyy'” when trying to access a database using PHP-mysqli and working fine when using the command-line mysql tool with exactly the same username, password, socket, database and host? Update: There were indeed three users in the mysql.user table, eac...
From Wikipedia: RSA SecurID is a mechanism developed by RSA Security for performing two-factor authentication for a user to a network resource. I just read about this device, and it seems interesting to me. However, I'm not sure how (or even if) software (networked or non-networked) can utilize this method of authentication. I'm making...
How exactly can one implement a Log off function when using ASP.NET Forms Authentication on an intranet application? How will this work if I am an administrator and want to log in "as someone else" into the application? Please share your ideas ...
I have a blank test app created in VS 2005 as ASP.NET application. MSDN says that By default, ASP.NET does not use impersonation, and your code runs using the ASP.NET application's process identity. And I have the following web.config <configuration> <appSettings/> <connectionStrings/> <system.web> <!-- ...
We are deploying our ASP.NET 3.5 app to a production server for beta testing. Each page is secured using SSL. On our homepage (default.aspx) we have web services which populate flash objects. I am getting an error: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from ...
Hi Our company makes the web based application which is priced per workstation. That means that user/pass credentials should only be used from one particular machine. Currently what is happening that several users are sharing credentials and we do not have any way to prevent this if they are not doing it concurrently. The nature o...
When designing user table what would be the must have fields from the security/user authentication point of view for a Web based Application (.NET and SqlServer 2005) I came with with the following fields: userID username -- preferably email passwordHash onceUsePassword -- to indicate that the password should be changed after login al...
What design pattern should I use to handle both forms authentication and active directory? (Administrative setting will allow you to chose either one of them). From what I know, .NET membership provider only has forms right? ...
Since version 1.5 Subversion supports to have a local caching-proxy for the main Master-repository. I got the slave synced and the master replaying the commits to the slave. Everything works fine so far, but now I am wondering how to do the authentication (working with this guide). When both, the master and the slave, have authentica...
I want to generate a Kerberos ticket using .NET with auth credentials supplied through a login form on a web page (this will authenticate user against in a sql db) and then use this ticket to authenticate the user as a single sign on across several other web apps. Is this possible? I have had a look at WSE and it seems to assume you alr...
Hi, Im developing an Intranet Application in ASP.NET that uses Windows Authentication. I have created an AD class that gets information from the Active Directory Domain Controller. This is what I use to get things like User Groups that the currently logged user is in. The problem is in the ASP.NET Roles that the user is in. Seems funny,...
There are 3 web apps. Site A and B are both ASP.NET Web Application with FormsAuthentications configurations, and there is a protected folder in site B which also configured correctly in the web.config. Site C is a classic ASP web which keep authentication status with Session. Now please consider the following steps: 1, There is a lin...
How can I deploy a custom authentication provider in MOSS 2007? Is there any provided functionality to do this (like a Sharepoint feature)? Or do I have to install it in the GAC on each box in the farm manually? ...
I have a unique situation where I need to implement client certificate authentication over HTTPS between IE browser and IIS 6. The browser and IIS are separated by a firewall that only allows the browser to connect to IIS on the SSL port. We have an internal certificate server on the same network as IIS. I've generated an SSL server c...
I'm not looking for the whole ACO-ARO implementation... I just want to use Auth, and check against the user's role.... What do I put where in order to simply deny users from a given controller unless they have a certain role. I'm trying to use the $this->Auth->authorize = 'controller'; ... but I don't even know where to put that?? An...
Hi folks, We have a .NET web service API. Currently, people use the SOAP definition to consume the API, because we require authentication through a custom Authentication element in the SOAP header. Works perfectly. fine. SOAP requires the request to be a POST. We want to allow the users to use a the GET verb (so it can be cacheable). ...