I want first page available to everyone and through form (no popup) and Active Directory authentication.
Everything is fine if I use Windows authentication but as I said I don't want popup and I do want first page aviable and with login form fields. Is this possible? If so how to achieve that?
Yes it is possible. You can setup your login controller's login function with [AllowAnonymous] which will make it visible to user even if user is not logged in and rest of the controllers you can specify [Authorize] ... Infect if you create a new template project with type of project as Intranet which will automatically setup your project with windows authentication.
Related
I created a new ASP.net core project using VS2019. I did not modify anything from the automatically created weatherforecast controller. My problem is, everytime I just try to debug, the browser pops up asking me to sign in. Is there a default user and password created? How to solve this?
It is probably you are using Windows Authentication while create your Asp.NET project, try uncheck Authentication it will allow getting into the landing page of your application
Make sure that during the creation of the project you didn't add authentication. There's an option to add authentication by default.
am new to groovy am created small login page and landing page in grails using GGTS its working fine but if i copy paste any url its directly redirecting to the page my requirement is without login its should not redirect to any other page except login page
i created 2 pages for login purpose first is username if its valid then that goes to password page, if that valid that shold redirect to landing page
now if i paste password page or landing page url that should not work without login with username, that should show error message like plz login in to proceed..how to do this one???
Install Spring Security Core. I don't know if you're using grails 2 or 3, but Spring Security Core is available for both, you just need to get the right version.
By default Spring Security Core allows only access to the index page, the other pages will be forbidden. To allow access for logged in users you would need to add #Secured('IS_AUTHENTICATED_FULLY') annotations to your controller's actions. You could also allow access without logging in by adding #Secured('permitAll') to some actions or views.
I typed the following code and i got the login sorted.
s2-quickstart com.app User Role UserRole
Now, i want to get the View and Controller for the Login Screen. How can i get it. Should i generate it?
It's suppose to be there in auth/ controller and the action is login.
But i don't even have a auth model class. All what i have is User model class, which has attributes Usernmae, password etc.
2.) After successful login how can i redirect the view?
You are probably using spring-security-core:2.0-RC2, in this plugin version there is no loginController or logoutController in controllers folder like previous version, all about plugin are in target > work > plugins > spring-security-core-2.0-RC2 > spring-security-core-2.0-RC2
There you can find loginController, logoutController and auht view, i order to overwrite auth view, all you need to do is to create in app views directory a new directory and call it just like the plugin view in this case login and inside login a the views auth.gsp and denied.gsp
I hope this can be helpful
About your other question After successful login how can i redirect the view? , grails spring security core has two behaver.
First you can provide a default target it is done by setting grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/someurl
Second and default behaver if someone try to access some url in your app, SSC will intercept the request ask for credentials if user successfully authenticate then user will be taken to that url else SSC will ask again for credentials and so on.
Both behaver can coexist
A simple view example in this repo in github
A simple example how to set defaultTargetUrl in the same repo
i hope it help you
I am fairly new to mvc and I tried mvc4 when it was still in beta. I remember that when I started a new internet project, I got a popup dialog for log in and registration by default. I don't see that when I start a new project anymore, is that gone from the internet project?
I believe the popup dialog you're referring to was just the jQuery UI Dialog that the sample project used to use:
The project was built to support both a straight request to /Login and one via the jQuery UI dialog which was slimmed down to look like it was only a popup. It did this by making the Login action return a different View based on it being requested through the frame or not as detected by a value in the query string.
You can of course have this again, you'll just need to do it manually (or dig out one of the older templates) as it's no longer in the default templates.
To help you out, here's a couple of somewhat related questions that contain the sample code (ContextDependentView is one thing I remember from this template) and probably some hints on how to recreate it:
Generating a modal jQuery partial view with MVC4 does not work
ASP.NET MVC 4 and ContextDependentView
MVC4 - ContextDependentView - What does it mean?
It was removed from the Internet project templates in the final releases of MVC 4. The popup was pretty slick but I imagine there were issues/complexities they decided to eliminate by just keeping the view/page for logon and registration. In the older versions that had the pop-up they still had the view/page for logon because of how forms based authentication works. If the user is not authenticated/authorized for a web site/page MVC does a redirect to the logon page. This will not work with a JQuery popup dialog on the same page. The popup only worked if you clicked on the Logon link for the page. I am guessing that they decided since they need the view/page logon anyway to simplify things and keep it consistent by eliminating the popup dialog.
I have implemented an MVC Single Page Application (SPA) that only uses a JQuery dialog for a popping up a dialog for logon, and eliminates the need for logon page. But it required a fair amount of customization to authentication/authorization process on the server and used basic authentication on the client.
I need to capture user's X.509 certificates from their cards and map to a user table for forms authentication in ASP.NET MVC. I have created an MVC (ver 2) project in VS 2008, configured to run as a virtual directory under the Default Web Site in the local IIS on Vista using the default template but added RequireHttpsAttribute to the Account/LogOn ActionResult. No other changes. Using the local IIS Manager, I created a self-signed cert and applied it, then set the Account/Logon.aspx page to Require SSL and Require client certificates.
Running in debug, when I click the 'Log On' link from the Welcome page (Home/Index view), it correctly routes to Account/Logon.aspx using https but no prompt for certificate. Using Dynatrace (awesome, http://ajax.dynatrace.com), I can see that the response status is getting set to 403 but again, no cert prompt.
As a sanity check, I set up a default asp.net web app project to run in a virtual directory in the default Web Site (same as MVC project above) in Vista and configured the default.aspx page to Require SSL and Require client certificates, as done in the MVC project above. Ran it, works fine, I get the certificate prompt and can choose cert and enter PIN for card and read my X.509 from request.clientcertificate object in the code behind.
The application pool for both virtual directories is set to Classic .NET AppPool in integrated pipeline mode.
Help?!
Update:
Super kludgy workaround in progress. I added a folder 'Auth' and an 'GetCert.aspx' file to it that is marked SSL/Require client certificates to the MVC project and then added "routes.IgnoreRoute("Auth/{*pathInfo}")" to the global.asax. The codebehind of the GetCert.aspx response.writes the data I want from the X.509. Then I added a jquery.get call in LogOn.aspx which calls GetCert.aspx and returns the cert Subject results as a string to a div in LogOn.aspx. I now get the cert prompt and get the results in my MVC view, but this can't be the way to do this!
I have a working solution using forms authentication and the authorize attribute on my base controller class so all non-authenticated requests go to Account/LogOn. The logOn page post button routes to an action called Authorize which is decorated with the RequireHttps attribute which correctly triggers the prompt for the client cert. Once the cert is selected the Authorize action handles parsing the HttpClientCertificate for the user info I want and doing a match lookup in my users table and writes an authentication cookie. I then have an HttpModule that reads the cookie to create a custom Principal in the AuthenticateRequest event. This all works great. I'm opening another question for the next issue regarding IIS configuration of 'ignore client certificates' here: https://stackoverflow.com/questions/4141272/iis-6-ssl-client-certificates-configuration