Integrated Authentication
I’ve got an ASP.NET 2.0 web application that requires SSL. In addition, the pages are configured to use Integrated Windows Authentication. I am having a problem getting automatic authentication to work for internal network users.
If they try to access the page using an internal server name in the Url, the authentication takes place automatically but they must first deal with a warning page (in IE7) that alerts them to a problem with the site’s security certificate since the names don’t match up. However, if they access the page using the fully-qualified domain they get a dialog box asking them to authenticate.
View Replies
ADVERTISEMENT
I'm running IIS 6.0 on Windows SErver 2003 that is also a DC.
I have an asp page (default.asp) I am trying to access as my hom page for my
site. I am trying to use Windows authentication.
When I select only "integrated Windows authentication" I get prompted for
user information and then get an error: "The page cannot be displayed."
However, if I change the authentication method to "Basic authentication" and
enter the exact same logon information, it works without a problem.
I do not want to send passwords in clear text. I need to use Windows
authentication.
View Replies
View Related
Can someone direct me to a good tutorial on Windows Integrated Authentication and Active Directory. I am creating an intranet site and i want anyone that can sign on to our domain able to go to the intranet and not have it prompt them for username/password. I can't seem to find much info on it.
View Replies
View Related
What I'm trying to do: I'm using LDAP to check and see if a user that is trying to view my page has network credentials and I am also trying to see what User Groups they are in. I have been told that the code that I'm using does indeed work.
Problem: In IIS I have unchecked the Anonymous access option and have checked the Integrated Windows Authentication option. When I try and view the page, I keep receiving the Windows login box with my domain/username and password filled in.
This puzzles me because the code that I'm using is supposed to strip the domain, yet that continues to show. It also looks like this code is supposed to redirect me to the requested page once my credentials are recognized, but I can't seem to get past this Windows login box that is similar to a login box for an FTP site. Any suggestions?
View Replies
View Related
I developed some simple ASP 3.0 pages to add some operative functionality to my app. I configured IIS to use windows integrate authentication for this pages and it's working just fine.
For security reasons (audit) I need to trace down the username that requested this page. I already have a custom service called from ASP page that trace down some data I need. It's there a way to find out what is the windows username that requested the page so I can pass this information to my audit function?
View Replies
View Related
We've recently moved to new servers (Win2k3, IIS6) and when setting up the intranet I've run into some difficulties.
The original intranet is split down into departments with security as below:
Intranet Home - anonymous access allowed.
IntranetFinance - anonymous allowed.
IntranetIS - Integrated Windows Authentication*
So the problem comes down to the IS folder. Integrated Authentication is set up so we can have an IS corporate directory where each user maintains their own details.
On the new server however, I've set up the web root as Intranet (anonymous access allowed) and set the IS folder as a new application folder. I've removed anonymous access and added only Integrated Windows Authentication and Digest Windows Authentication.
However when connecting to any page on the new server, no authentication kicks in at all. Connecting to a page IntranetISinfo.asp that returns only the "Logon_User" information, returns a blank field...
View Replies
View Related
I'm trying to view a .aspx from a Win2003 server. When "Integrated Windows Authentication" is enabled, I can view the .aspx file. If I uncheck IWA, I get an HTTP 401.
Does anyone know why "Integrated Windows Authentication" is being forced and how I can disable it? I just want anonymous access. Code:
View Replies
View Related
I'd like to know if there is any robust FTP solution out there that
integrates well with ASP applications. In particular, it has to allow huge
uploads over 3 gigabytes in size. It must have the ability to resume
incomplete uploads by the users.
View Replies
View Related
I want to create a site management (admin) web application in ASP under
W2K/IIS5/FPSE2002. It will be used to modify the content of XML files on the web
site it manages. Any changes require authentication. When a file is to be
modified the operator should check it out so that it is marked for modification,
preventing others to change it. The file is checked in after changes are made.
I'd like to be able to check in/out documents from the web admin using IIS
integrated SCC. Is it possible? Or should I implement my own file management
system?
View Replies
View Related
I would like to know if there is a chance to make a login form, username/password, with
Integrated Windows Autentications IIS 5.0, I'm trying to implement an Intranet with this
type of autentication.
View Replies
View Related
I'm trying to bypass a Windows 2000 Integrated Windows Authentification within an ASP page...
Let me explain :
a user will login through a form on the web. The fields ar the username / password of an actual windows account on the server.
What i'm trying is to send the user to a secured folder and instead of the IWA popup, I want to "feed" the info of the user directly to the popup so he doesn't have to login through this popup. I should be all automatic..
View Replies
View Related
I have a logon field including user name and password, which is stored to an access DB. Many websites have a logon and password field integrated into the page.
I have a complete web page and I want to stick the code from the working logon field, etc in the page w/o redesigning it around the existing logon.asp page.
I am asking if this is something I can do with the skills that I currently possess? Remember, I'm a novice .asp programmer, but an experienced web designed. We're working on the "dynamic" in web page design.
View Replies
View Related
how would an intranet user be nt authenticated using asp?
View Replies
View Related
i want users to login to my web application using SQL authentication i.e whenever the page opens, it should display the SQL server login window. i know Login feature is in dreamweaver MX that i use, but unathurized users can lookup the password in your database.
View Replies
View Related
Is it possible to authenticate a user who is trying to access a certain Div on a page???
I know how to authenticate a user accessing a standard ASP page, but is this possible with a Div!
View Replies
View Related
I have a page that authenticates users by reading
Request.ServerVariables("AUTH_USER") and
Request.ServerVariables("AUTH_TYPE"). When users try to access this
page from windows NT/2000, it works fine (prompts them for their
credentials when they're not on the same domain, and then lets them
in). Now, some of the users got XP boxes, and can't get in to the
page. It prompts them for their credentials but when they enter them,
just keeps prompting them. The credentials they are entering are
correct. What is different on XP that is causing this problem and is
there any setting I can modify on the server side to prevent this from
happening.
View Replies
View Related
I have an asp page on IIS 5.0 and I''m trying to get a dialog box to pop up and ask for username password and domain to authenticate against NT. I have anonymous logins unchecked in the IIS properties page and access restricted on everything but it won''t ask for a username and password no matter what
View Replies
View Related
I had to transfer an ASP Web Application (developed by another person) to a different web server. It seems to work but not completely.
I have some problems with authentication: it is based on a username and a password stored in a SQL Server's table. These data are requested via basic authentication (not a IIS level but I think it is used to create the authentication window in which put username and password). The problem is that it doesn't accept username and password and, after three times, it redirect me to a page telling "You don't have rights to see this page". What could I do? .....
View Replies
View Related
I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?
What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?
View Replies
View Related
I have an intranet asp application that sends emails that contain a link to an intranet page.I have a case where one user is forced to login to the windows domain when he clicks on the link,even though he is within the firewall & his Outlook security settings specify automatic login with the current name & password.
This doesn't happen with any other users unless they go through the firewall.The site is also recorded in the trusted sites section.
View Replies
View Related
I'm developing an Internet site that is going to be password protected. I have one windows 2000 domain on the Internet side of things, and another on an Intranet side.
Is there any way to authenticate a user that hits my Internet pages against the Intranet user database?
I just want users from the Intranet to automatically be able to access the Internet pages without having to create a separate user on the Internet-side domain.
View Replies
View Related
I have written a simple login script that checks a username/password from an Access database. the login.asp page sets a session("loggedin") at zero. The username and password are checked successfully and the user is redirected to admin.asp. The admin.asp page has an if-statement at the top that checks the session variable to 1, which is set after successful dB check.
The problem is that if you go directly to admin.asp without going through the login process, that is, without ever going to the login page.... simple typing something like http://localhost/admin.asp . you are given access to the page and not redirected back to the login page. What could I have missed? It simply checks the session variable....that should never be set to one when all sessions are reset...and the user can still gain access?
View Replies
View Related
I am attempting to access WMI data on a remote machine. I have been able to get this to work, but there has got to be a better way, I hope.
set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set WMIServices = GetObject("winmgmts://" & cn & "")
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
WMIServices.Security_.ImpersonationLevel = 3
Then in my IIS snapin, Directory Security, and then Edit. I have this set Anon Access with my username and password as well as Windows Integrated Authentication checked. It does the job, I can pull the data, but it poses a security risk. I don't want to have my password and username as the authentication options.
View Replies
View Related
I'm using legacy ASP pages on IIS 6.0 to validate users through ADO
Active Directory objects (AdsObject & AdsCommand).
When I use the page from the server itself with "localhost"/page as
servername, it executes fine. But if I call the site with
"servername"/page, the exection fails. AdsObject throws "Table does not
exists" errors.
Currently, the server is configured with Integrated Windows
authentication. I tried changing to Anonymous authentication with
IUSR_machninename user. Again it fails.
View Replies
View Related
I would like to be able to automatically authenticate a registration. Meaning:
A registration occurs
email is sent to registering party
Party clicks a link to authenticates.
or something to that effect.
Does anyone know where I can find something like this?
I would use a forum (i.e. webwiz, phpbb.....) the only problem is they are asking way too many questions for what I need.
I have built a database to hold the party's information, I have built an asp page with form that inputs the info I need into the DB, which all works, but now I would like to be sure that the person registering is a real person and it is a valid email address.
Any Ideas on how to get started?
View Replies
View Related
I'm facing a situation where my team leader wants me to create some ASP code that will pull the user's ID (which is no problem - request the LOGON_USER server variable) and THEN pull that user's NT Permissions to determine what kind of permissions the user will have when he/she comes onto the website. There is to be no logon screen at all. The permissions cannot be determined via a database or through cookies. Only NT Authentication can be used.
I have a small hunch that the HTTP_AUTHORIZATION server variable might provide a clue, but the value of that variable is a bunch of (encrypted?) gibberish that means nothing to me, except probably the NTLM part at the beginning. Is there a way to decode the value of that variable into something coherent that I can use in my code?
View Replies
View Related
I want to get diffrent query from a table .I want that diffrent usernames
can get diffrent queries.How can I do it with asp?
View Replies
View Related
I have an XML file which I access from a remote server like
Set http = CreateObject("MSXML2.ServerXMLHTTP")
http.open "GET","http://www.andrewlouis.co.uk/viewcountries.xml",false
http.send
strXML = http.responseText
The real server is password protected with, I think, with basic
authentication. How do I pass it the username and password.
View Replies
View Related
I have seen on many websites the use of some sort of program to generate a
random character string distorted and warped with lines making the resulting
graphic ideally only human readable.
The theory is to prevent automated login programs.
I don't know what they call this type of component so I really don't know
how to google it. Do you know any source for this type of thing?
View Replies
View Related
i have setup authentication on my website by setting session variables and it works but every once in a while the variables are lost and my users are logged out of the site
can someone tell me why this happens and how to fix it?
View Replies
View Related
Can someone tell me how I create a login page which
authenticates users against the servers user manager. I
want the login to be a form in my website not a pop up
window!
I would be grateful for any advice relating to this
subject. I have a script for windows 2000 active directory
but was wondering if you could achive the same with
windows NT 4 and IIS 4 Code:
View Replies
View Related
In my CMS application (authentication = windows), I've tried to force a reauthentication after a button click by returning:
Response.StatusCode = 401;
However instead of reauthenticating once, I'm asked for 3 times despite the correct userid and password.
Is this due to certain configurations? Or is there any other alternative available to achieve the same effect?
View Replies
View Related
I have a site that currently is password protected, using a combination of ldap authentication and asp session management.
So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page.
BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication).
So, my problem is, how do i protect these pages using my existing framework?
View Replies
View Related