Hello, In response to a question I asked about a week ago I changed our database engine to only accept Windows Authentication instead of SQL Authentication. Because our code runs in a different user context then that of the database connection we need to specify the username and password information in order for us to connect to the dat...
I am using Windows Authentication in my ASP.NET MVC application and I am prompted to enter credentials on my webserver which is a domain member [I have domain credentials and can authenticate fine] however when my controller action calls "User.Identity.Name" in an attempt to check a database value against the currently logged in user thi...
To cut a long story short: As part of an online database access system I'm writing I want to use the new BLOB access features in SQL 2008 - this means I have to use Windows Authentication when logging into the SQL Server; however due to it's very nature the website front end to all this uses Forms authentication with the membership data ...
I really want to use SQL-server from a C#/.NET appliaction without using SQL-Server accounts or adding the affected computer to the same domain or to any domain at all or to use the same logon-name as the domain. Isn't there any way? Did someone try to do this using the MONO implementation of SSPI? ...
I have always thought that in order to connect to SQL server using windows authentication with explicitly specified creds, you must LogonUser, Impersonate, then connect. It seems to me that this link suggests that it's possible to connect to SQL server without all this hassle, simply by specifying "uid=...;pwd=..." in connection string....
I've been building a ASP.NET MVC application and using forms authentication. In my controller action I have: [Authorize(Users = "me,joe")] that has been working great. Last night when I published the newest changes and attempt to view my website it started popping up a Windows Authentication dialog box. I've looked at all my code a...
I hope this is not to paradoxal, but I don't know how this should be done... I have a VS2008 ASP.NET MVC Project with the following Web.Config entry: <authentication mode="Windows"> <forms name=".ADAuthCookie" timeout="10" /> </authentication> This makes the visitor logon automatically with their DOMAIN\username login which...
MSSQL Server is in the "abc" domain and have mixed mode authentication. I am connecting from the machine which is not in domain or in a domain "xyz" but with in the same network using MSSQL Jdbc driver 2.0. I have logged in as admin or account in xyz domain. It works fine using following url for connection for "sa" or SQL Mode Authentic...
I have an ASP.Net MVC intranet site which uses Windows Authentication to know who is logged in (no anon browsing allowed). The first time the users visit, I collect some very basic information from them for their Contact object (such as name, email, country) which is then stored in the apps database. I want to make the site role based, ...
I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user cou...
I'm trying to add Roles authentication to an Action in a Controller in an ASP.NET MVC application. The code looks something like this: [Authorize(Roles = "SomeRoleName")] public ActionResult Index() { bool inRole = User.IsInRole("Admin"); If I remove the Authorize attribute and put a breakpoint on the last line in that code sample...
I'm working through a previous webforms application to convert it to MVC and have one big issue that I can't seem to find any good resources about. I want the ability to capture the identity of the user (windows auth set in the web.config) but in the global.asax I can't seem to get access to session (but I can get the identity informati...
We recently moved from one domain to another and now I am trying to figure out how to tell SQL Server to authenticate the users in the new domain to log onto our SQL database. We use SQL Server 2005. ...
I'm going nuts with this one and can't find any decent information ANYWHERE .. There is lots of info around about connecting to SharePoint 3.0 Web Services with WCF and Ntlm impersonation. However, when the client accessing the SharePoint services is remote to the SharePoint network and needs to authenticate, how does one best configure...
I have an application which connects to a database, retrieves a username from a user's table and matches it against the username retrieved with System.Security.Principal.WindowsIdentity.GetCurrent.Name On my localhost, everything works fine. The database exists on the development server but the application lies on my localhost. All of...
I'm using jQuery to call a .Net web service like this: var service_url = "https://mysite.com/myservice.asmx" $.ajax({ type: "GET", url: service_url, dataType: "xml", data: "ParamId=" + FormId.value, processData: false, error: function(XMLHttpRequest,...
I have an ASP.NET MVC app which is completely behind Forms Authentication. However there is one set of routes (/report/%) I need to force integrated windows authentication on, as those pages need to impersonate the current user (for security reasons). If I set the whole site to integrated windows authentication this all works, except t...
Basically I need to serve files from a location that requires windows authentication. Instead of having my client's deal with it directly, I would like to implement a process so that they can simply download the files as if they were on my server, after they have logged in to my system, of course. Here is what I have so far, which does...
Greetings, I'm working with a vendor who has implemented some code that uses a Windows LSA MSV1_0 subauthentication package (MSDN info if you're interested: http://msdn.microsoft.com/en-us/library/aa374786(VS.85).aspx ) and I'm trying to figure out if it's necessary. As far as I can tell, the subauthentication routine and filter allow ...
We use ELMAH error exception logging in our application. I'd like to keep ELMAH secure from regular users while still making it available to administrators/developers of the application. When you set security with forms authentication in the web.config you then lose the ability to access the RSS feed. I'd like to be able to secure EL...