Asp.net - Is Forms Authentication Totally Necessary
Aug 18, 2011
I'm writing an internal web application right now (with ASP.Net Web Forms), and it presents an odd problem. I have to be able to impersonate the currently logged in windows user, and execute a command based on their Windows Authentication to log in.. AND ... if they don't have Windows Authentication set up in the application I have to use to log them in, I have to be able to accept a user name and password. I also have to write the application in .Net 4.0, and secure it as much as possible. I got this to work by NOT utilizing Windows Authentication or Forms Authentication in the web.config, and instead setting session variables to guard against user accessing pages in the web app other that the log in. I did this by creating an oddly name session variable with a value based on their user name (windows auth or not), and then a secret session variable. The secret variable is in the web.config as a 256bit encrypted string, in which I decrypt, and set as the session secret. In order for the page to load, the first session variable can't be blank, and the second variable has to equal the decrypted key value... if the variables don't pass inspection, it redirects them to the login page. I set this up on every page, generic handler, and webservice method in the web app. I make the session timeout after a few minutes of no activity, and on log out, I set all session variables to nothing, and expire all cookies. (I also disable all cache).
My question is... Does this offer comparable security to that of Forms authentication? I have always used Forms authentication, but can't use it here. If I did, the users would have to reconfigure settings in IIS and in he web.config to toggle login procedures (From my knowledge, you can't use both Forms authentication, and windows authentication to manage the security of your pages and other web resources). With the method described above, I can accomplish the best of both worlds, but am curious about the security of my methods. Is there anything else I can implement here to assure the utmost security other that using forms authentication? Is it possible to accomplish the same level of security of Forms authentication without using it?
View 1 Replies
ADVERTISEMENT
Jun 24, 2010
If I wanted to make sure that AUTHENTICATED users were denied access to Enroll.aspx and UNAUTHENTICATED users had access how should my "allow/deny users" tags be set in the web.config?[code]......
View 2 Replies
Mar 20, 2011
I have an issue with my .NET application and it can only be reproduced sometimes and only on client's location, which makes it extremely difficult to resolve. In the application the forms authentication is used. There is a login page to which every anonymous user is redirected. After user enters username and password, it redirects to DefaultURL or some predefined page. The problem is that sometimes when user enters correct username and password, it doesn't login, instead it just refreshes the login page without any error messages. After several tries of inputing username and password, user is able to login to the system.
See my login page Submit_Click code below:
Dim userName As String = tbUsername.Text
Dim password As String = tbPassword.Text
Dim returnUrl As String = Request("returnUrl")
[code]....
View 2 Replies
May 14, 2011
We have an application in Access for UI and MS Sql server as Database server. We now decided to build a new application in web application for UI. This web application is only used by the employees who work for the company. But later we decided to host this web application on outside server. So the user (from this company only.) can able to login anywhere in the world. First I thought creating the web application using 'windows' authentication thinking we may be using it as an intranet web application. But now my manager asked me to use both 'Forms' and as well as 'Windows' for using this application and this web application will be hosted on outside server. I really don't catch his point of using both types of authentication.
View 1 Replies
Aug 29, 2010
I am using Forms Based Authentication I have extended the Forms Authentication Tables creating a custom table called Profile_Contact that holds the user's GUID, username, email address, and other information. I have another table called Profile_Account which holds company account information such as Company Name, address info, phone numbers etc. This table has a Key Field called IDProfileAccount.
[Code]...
View 6 Replies
Mar 9, 2012
The Intranet was done with forms authentication and stored in a SQL database. how I go about (if possible) authenticating a login in a vb.net project that queries the user settings from the ASP.Net database that was created on the SQL server for the forms Authentication.
View 5 Replies
Apr 6, 2009
I am reading the article at: [URL].. Forms Authentication in ASP.NET 2.0". I am using VS 2008 and .Net Framework 3.5. I don't know if this makes a difference, so please let me know.
A user logs on to our system in the morning Based on their Windows Authentication, they can access several intranet applications. For a particular application, the user has to select their Organization or Position or Location.
Based on the user's Windows Authentication, once the user selects one of the three above and clicks a "Submit" button, a second page is launched that shows certain information about the selection based on the User's authentication.
For example, if User selects Organization, the following information will be returned based on the Organization THEY are a member of. They can not access information from OTHER organizations, ONLY their own based on their login credentials. This information returned as a result of the dropdownlist selected value includes: street address, city, state, zipcode, Bus. Unit #, etc. appears in labels on the second page.
The labels can be dynamically created at runtime. (I dont know if a User control can be created to do this, since the "Position" and "Location" will contain the same address information, and it doesn't matter at the moment). I just want to populate the labels on the second page (or on Postback) based on the User's log in credentials after they click the "Submit" button. Or, if they don't have to click a button, just have the information complete based on the selected value of the dropdownlist control.
View 1 Replies
Feb 27, 2010
[Code] When I run this on my visual studio 2008 dev server it runs fine and works well. When I publish to IIS I always get Http 403 Forbidden Errors when trying to access any page on the site. There is 1 folder within my site that should be login protected called 'administration'.
View 2 Replies
Mar 28, 2011
as topic, i need to send an e-mail without outgoing authentication becouse server hasn't outgoing authentication.. how i can do this??
View 1 Replies
Apr 30, 2009
Imagine i have two form frmOne & frmTwo when i load my application , frmOne load , than there a button to go frmTwo , upon clicking the button ,frmOne doesnt hide or close when in the code i put ( me.close) also tried (me.hide) upon button click
Than From frmTWO , there a button to go back frmONE( i use the code frmOne.ShowDialog() )i click it throw a error saying :
"Additional information: Form that is already visible cannot be displayed as a modal dialog box. Set the form's visible property to false before calling showDialog. than i tried to set visible to false before .showdialog still got error saying :
"Additional information: Form showDialog tried to set an ineligible form as its owner. Forms cannot own themselves or their owners."y is this so , is there any other way to close a frm etc etc ?
What i trying to achieve is : when i choose to go frmTwo , frmOne muz close , than from frmTwo if i wan go to frmOne ,Frmtwo muz close
View 3 Replies
Feb 26, 2012
i m creating a key logger in vb 2008 for my home computer that can send keys records & screen shoots at my E-mail. It has a textbox, 3 buttons, a picturebox and some timers,
actually the process is that in every 3 minutes button1 take a screen shoot (at 2.90 minutes) OK, then button2 save it in "C:/mydir/hidden folder/" (at 2.95 minutes) then button3 send it via Email as a attachment (at 3.00 minutes), its work
fine in first round or first 3 minutes.
but in Repeating Process or in 2nd round or after 3 minutes it give error that means image is in use, I want to break the link between image and my program (key logger) there for my keylogger can delete or REPLACE old Screen Shoot With New On.
and the process repeat again & again, and send Screen Shoots With NO error.
View 16 Replies
Nov 29, 2009
I'm currently working on an application that detects a color on a defined area on the screen and together with a panel that displays the color I show the values in a label and represent them with a vscrollbar. (The goal of the project is to output the color of the computer screen via an usb to dmx interface to create an ambilight effect) Now I don't want the user to be able to move the scrollbars up and down so I figured disabling them would do the trick but then the little square you click on to scroll it up and down isn't visible anymore.
Vscrolbars enabled:
Vscrolbars disabled:
View 4 Replies
Dec 22, 2010
How to operate menu items through keyboard....
View 1 Replies
Aug 23, 2011
I have a TabControl placed on Form. which is a VB.net windows application. I want to set tabcontrol border totally invisible similar to the formBorderstyle = none I am unable to find any settings for the tabControl to remove the visible border.
View 1 Replies
Dec 15, 2010
How can I improve this bit below to make the items in the TreeView to sort faster or something totally different to sort them easier?
[Code]...
View 4 Replies
Jul 4, 2009
I have a class that needs to create another class (that inherit from window). This second class build a set of controls in a new open window.
Because the process of building this new second class it quite long
I need to open this new window in a different thread
I am trying to do this with a backgroundworker but as soon as the new class starts to build the interface (textboxes etc) it casts an error saying that the thread must be static
View 14 Replies
Aug 26, 2009
I'm writing vb.net code with MS Visual Studio 2005.When running my application I get "foo.exe is already running on this machine".(Even though I'm running faa.exe instead
View 14 Replies
Jun 22, 2011
I have a problem I want to make a server and client where the server is password protected and will make the client display files/folders in a designated folder which will be in the server's current directory and the client will ask what IP and password to connect to and if the password is correct is allows the client to access the files/folders in that folder in C.D. of the server and the client can download any file within the folder by clicking a button, yet don't even know where to start.
View 7 Replies
May 25, 2012
I have a vb.net web application running on a local server with IIS6 installed. I was using Integrated Windows authentication for allowing uses to access the data in the application which is a combination of flat files on a local directory and db information. That worked great until another dataset was brought online and incorperated into the existing application. The problem is the flatfiles for the second dataset are stored on another server. So, although user could see the file files in the application window, if they attempted to open one it would say access denied on the directory.
I explained this to our network administrator who explained the users didn't have access to that server (even though both servers had the same permissions) and that the application wouldn't work. The only way in which I got it to work was I had to
Enable Anonymous access and use a windows user account for that access, which works. However, the application requires the users NT account for various reasons. How can I get this to work with Integrated Windows Authentication?
View 3 Replies
Mar 24, 2011
When I try to use Windows auth, the pop-up tells me: X website required login for Y domain.How can I hide the website name? And only show "You are required to login first" text on that pop-up?
View 2 Replies
Feb 1, 2012
I have a .NET application (mix of C# and VB.NET) where I would like to display a Windows Login Dialog box (or my own dialog box) and authenticate the user using Windows Authentication. Per requirement, I need to ask the user to authenticate after AT LEAST a minute of being idle. I would prefer a .NET native way of doing Windows Authentication but interested in other ways...
View 2 Replies
Sep 18, 2010
The following code works when I run the project exe with admin credntials. How could I pass the credentials in the code?
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim HN As String = Me.TB_HN.Text
[code].....
View 2 Replies
Jan 17, 2009
The user must submit his username and password. After 3 unsucessful trials, the program must terminate. It is required that I use the for loop structure. I don't know if i'm making it right. Here's the code I've done :
Public Class Form1
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim c, d, f, g As String
Dim a As Integer
[code]....
View 2 Replies
Sep 12, 2006
I have a LDAP Server ("Test.dir.svc.mytest.com") and i want to check if an user with UID a PWD is certified. How to do it?
View 5 Replies
Oct 5, 2009
how to use Windows Authentication in a WPF app. I wouldn't have thought that it would be any different than in any non-WPF app, but it seems that it is. I want to go into my project Properties -> Application and ensure that Windows Authentication is on, but that option is not available in a WPF app (as the following document confirms).
[URL]
If I ignore all that and just look at My.User.Name (VB), it is empty. This tells me that somehow Windows Authentication is not enabled.My plan is to use a PrincipalPermission attribute to restrict access to certain parts of my app (or perhaps the entire app, by applying it to Application_Startup()).
View 2 Replies
Mar 11, 2010
I want to use windows authentication in my c-sharp desktop application.where I cloud use windows create new users service and allocate local storage space.
View 1 Replies
Jun 28, 2011
I have a application that prints labels on a community computer.I would like to add a Windows authentication login form to allow any of our employees to access a configuration screen.The request would bring up the login form if the login passed (meaning the username / password was correct) the configuration form would open.Otherwise the user would just get a warning Msgbox.So far all of the examples I could find either apply ASP.NET or use the logged-in user. Not for additional access as I'm trying to do.
View 7 Replies
Feb 28, 2012
I am working on a windows application and I am developing application using VB.Net. I want to create one form for Username and password and I want to create a table in database which will contain all the user details with UID and Password. So I am planning to use either Windows authentication or SQL authentication on database side for allowing user to connect database with my application But I am curious to know the best practices which are widely used across. Can anyone share the blogs,articles or your own experiences.
View 10 Replies
Jun 13, 2011
I write a dll some time ago that authenicated with a Windows Server 2003 Domain controller. Every thing worked fine. The IS group upgraded the domain controllers to Windows Server2008 R2 this weekend, now I can not authenicat anymore. It seems to have the correct LDAP path, when I get to the function that does the check for the user name i get the following error.
?_dsEntry.NativeObject
A first chance exception of type 'System.DirectoryServices.DirectoryServicesCOMException' occurred in System.DirectoryServices.dll
{"Logon failure: unknown user name or bad password.
"}
[code]....
View 3 Replies
Feb 26, 2010
I am currently developing an application in VB.net that opens up a web document via Web Browser Control, parses the HTML, and sends back the data I need. This is not a problem.However, one of the sites requires basic authorization to access. I know the following code will workThe dialog box will come up with in the User Name box, but the window focus will be on the password box.
View 3 Replies
