In an ASP.NET web app, using Integrated Windows Authentication, is the session tied to the windows identity? In other words, if I login (using IWA) to the app, and the app stores some "stuff" in my session, is this stuff accessible by session id alone? For instance, if a malicious someone managed to steal my session id, but NOT my creden...
I am using JMeter to load test some pages that reside in a SharePoint 2007 Site. The farm that contains the pages resides in a different domain than the machine running the test, and uses Windows Authenticiation. The connection to the server is over an unencrypted (non-SSL) connection. Because of this, I need to pass login credentials...
I'm currently trying to set up a website that uses both windows authentication and forms authentication. I am using ASP.NET MVC and both IIS6 and 7 need to be supported. How would I go about letting known AD users into the app (their AD id is stored against their user record in the application database) and directing everyone else to a...
I have a COM object written in Delphi, which uses Active Directory Services to return the current logged on user. This is the code I use : var SysInfo : IADsWinNTSystemInfo; begin SysInfo := CoWinNTSystemInfo.Create; Result := SysInfo.DomainName + '/' + SysInfo.UserName; end; CoWinNTSystemInfo is just a wrapper around Active...
I need to get the current logged on username? I need this to work properly when I call the code from ASP.NET which is working in Windows Authentication mode. i.e. I do not want to get the ASPNET user in that circumstance, but the impersonated user. This is related to my earlier question. Everything I try returns ASPNET. ...
My application does not have any roles. However I use windows authentication to stop anonymous users from accessing the webpages. I need to test different users using the system. I do not want to know different users passwords and I cannot set up dummy users in Active Directory. So how do I do this? ...
I am accessing an SQL Server database using Windows Authentication Do I need to encrypt the connection string in the web.config? Does the name of the connection string (or database) matter in terms of security? (viz: ApplicationServices? ...
I need to authenticate user's Windows credentials, given a userId, domain and password. Our Active Directory contains multiple domains, some which we can list using the following code: var domains = System.DirectoryServices.ActiveDirectory.Forest.GetCurrentForest().Domains; However, we also have users that belong to domains outside th...
Hi Guys, I have an ASP.NET application using Windows Authentication. At the moment the only way for a user to log-off the application is to close the browser (it is a pain because closing the tab itself is not enough). I would like to have a log-off button so make it easier to log-in as a different user. Is it possible at all (IE and/...
I'm using WinHttp to do POSTs in a VB6 activeX control as follows Set WinHttpReq = New WinHttpRequest WinHttpReq.Open "POST", strUrl, False WinHttpReq.SetAutoLogonPolicy AutoLogonPolicy_Always aPostBody = 'Sometext' WinHttpReq.Send aPostBody UploadFile = WinHttpReq.ResponseText This works great on windows XP (all versions of IE), but ...
I have a Sql Server that uses Windows Authentication. I want to connect to the server from a Delphi application. By default, SQL Server will assume the credentials of the user that launches the connecting process. This means that to change the login, I currently have two options: Log off and Log in as the desired user, then run my a...
I'm using RESTful WCF services to serve data to a client. The application hosting the services requires integrated Windows Authentication on the server, making testing locally in Cassini quite difficult. I use the following behavior configuration for my service, which works great when deployed to IIS with Integrated Security turned on. ...
I'm trying to get an ASP.NET website running on Vista (IIS7), using SQL Server and Windows Authentication. No matter what I do, when I connect to the database, I get the exception: SqlException was unhandled Login failed for user 'MyDomain\MachineName$'. It doesn't seem to matter what settings I apply, I cannot get IIS7 to pa...
I have an ASP.NET application where only users authenticated by Windows (i.e. logged on user) have access to most pages. Now, my client wants to be able to 'log on' through this app, with a custom login dialogue/page. Is Authentication the way to achieve this, and how do I go about it? ...
Hello, I have a flex app that allows the user to upload a file. The flex side uses the FileReference.upload method that goes to an .aspx page that handles the upload. It works only intermittently when I have IIS set to integrated windows authentication. That said, for testing purposes,I wrote a separate aspx page that does a file upl...
Hello All, I am developing blackberry application, which retrieves data from webservice. This webservice is hosted on windows authenticated server under private network. Does anybody knows how can I connect to integrated windows authenticated webservice without entering user id and password ? Or is there any way where I can send windo...
We have windows authentication set up on our staging server for our clients to help prevent google from indexing our staging URLs. We recently found out that one of our sites is seemingly ignoring our IIS settings (anonymous authentication is disabled, windows authentication is enabled). We ended up figuring out that removing the setti...
Here is the background. I had an .NET MVC v1.0 project that I was trying to secure it by using Windows authentication mode. So I set the web.config to: <authentication mode="Windows" /> And then went into my controller and did the following: [Authorize(Roles="IT")] public class LicenseController : Controller In AD we have a group c...
In the project that I currently work for, there is exposed a WCF service which returns an array of a business entity, let's call it Invoice : Invoice[] GetInvoicesByTypeAndTime(InvoiceType invoiceType, byte startHour, byte? endHour); The authentication mechanism used is Windows Authentication, the WCF service is hosted in a Web Appli...
I am wondering what the effect of setting <authentication mode="windows"> in the web.config is in different version of IIS. I believe that in IIS 5, it has little to no effect, as all of that is integrated and controlled by the web server. On IIS 6 and 7, I believe that I can set the web server to Anonymous access and then each hosted ...