I'm publishing a public ASP.NET website. I'm assuming the visitor is using Windows and Internet Explorer. I want to display the Windows username on the front page, is it possible?
I have already enabled Windows Authentication in IIS and on a development environment everything works fine. On production it keeps asking the Windows login credentials.
For Windows Authentication, the user must supply credentials that can authenticate to the server/domain in which the website is running. If the client is running within the same domain and authenticated, Internet Explorer will automatically handle the credential exchange; this is why it works in the dev environment. However, when accessed from the public side, Internet Explorer tries to hand over the credentials that the user is currently using (some other Windows domain), but those credentials cannot authenticate to your sever, so IE prompts the user to enter credentials that can authenticate to that domain.
If it's a public website then you can't do it. Why? Because you would need to verify the user credentials against your AD and you can't do that on a public web page. (Which makes total sense, after all how would you know who I am otherwise?)
If you ARE doing this in an internal network where each account is in your Active Directory, then people just need to add the site to their Trusted Sites or Local Network Zone in IE for NTLM to work transparently.
Related
I have a website that is hosted on an IIS web server. Within this site, I would like to access the username of the person logged on to the computer that is being used to access the site. However, I don't want them to have to log in. I have enabled windows authentication and identity impersonate in the web.config file. I have also enabled windows authentication and disabled anonymous login within IIS manager. I am receiving a login prompt from the browser and when i enter my credentials, they do not work.
I would like to know how to get rid of the login prompt and allow anyone to access the site while still being able to retrieve their windows username
According to your descritpion, the only way to achieve your requirement is modify IE setting to access your web application.
The IE has the security setting which will send the current login in windows user name and password automatically.
More details about how to modify the IE setting, you could refer to below article.
1.Open the IE and find the internet options.
2.Modify the user authentication
I am writing an iOS application that I would like to send a login and password through a WCF service residing on an IIS server developed in C#. I would like to verify that the USERNAME and PASSWORD is a valid Active Directory account. If so, then I will log them into the application on the iOS device and continue on. Is this possible? My ASP.NET application that will be hosting this WCF service could be either in Windows or Forms authentication mode depending on the client. Any code example that would allow me to use the passed credentials to verify that they are valid AD user credentials would be great.
Thanks
I'm working on a web application that works with the TFS API and I would like to make sure that any users that use it have the proper authentication to use TFS.
To do so I use the following code:
TfsTeamProjectCollection teamProjectCollection = configServer.GetTeamProjectCollection(collectionId);
teamProjectCollection.EnsureAuthenticated;
I'm going to host the website on IIS.
When a user uses the web app, will EnsureAuthenticated use their credentials, or will it use the credentials of the remote desktop I'm hosting the application on?
It depends.
If you have configured ASP.NEt to use impersonation, it will use the account of the logged user.
If ASP.NET is configured with default settings there are a number of things that can happen
If there is a credential stored in the Credentials Manager it will use that
If the application pool is running under a real account it will try to do that
If the application pool is running an application pool account, it will probably try to authenticate with the System's account (COMPUTER$)
I'd say, try it and look at the IIS logs of your TFS server or use something like fiddler to capture the traffic.
I have a Windows Phone application which is reading and writing data from a WCF Data Services service which is hosted in and ASP.NET MVC 3 application.
I can configure both client and server as necessary. I'd like to use OpenID if practical, and once a user is authenticated on the phone they should be able to browse through data which is associated with their OpenID.
How should I configure client and server to make that work?
To use OpenID in your app you should look at using an embedded WebBrowser control which connects to the provider site (or your site which can redirect). When the OpenID provider returns to your site (embedded in the browser control) you'd pass necessary identifiers back to the app.
There's an example of doing this with a twitter app (using OAuth) at http://blog.markarteaga.com/OAuthWithSilverlightForWindowsPhone7.aspx
OpenID is an awkward choice. It sounds like the user already has data associated with their account, which means that the user would have to login to the server at some point in time to set up this data, and then login to the app with the same credentials to access this data. The issue is that of securely verifying that the client app has indeed authenticated the user in question. Assuming that the client app (somehow) has the user's OpenID is not enough because the server can't implicitly trust what the client app tells it.
Off the top of my head, I'd say, what could be done with OpenID is as follows.
First, set up OpenID authentication on the server. Then, when the client app needs to authenticate, it should use the WebBrowser control to point to a server URL that, in turn, lets the user authenticate with their OpenID provider, and points the browser back to the server with the authentication info. At this point, the client app is unaware of the user's authentication status, but the server knows who they are. Now, the server can generate a single-use auth key for the client to use. It can redirect to a special URL with that key in it, at which point the client detects said URL, extracts the key, hides the WebBrowser control, and uses that key to talk to the server. I believe that would be a secure way to do such authentication, but like I said, this is just off the top of my head.
I'm writing some load tests against a restricted web server on our local domain. The webserver requires entering network credentials to be able to access sites on the server. How do I automate my network login? Again, this is a server login, not a website login form.
Found the answer. This MSDN ariticle explains how to set credentials for a web site that uses basic authentication or Integrated Windows authentication.
http://msdn.microsoft.com/en-us/library/ms182548.aspx