Please can you help with a problem I am having.
My web config is set to...
<authorization> <deny users="?"/>
<authenticati on mode="Forms">
<forms name=".COOKIE" loginUrl="login .aspx" protection="All "
timeout="5" path="/"/>
</authentication>
<identity impersonate="tr ue"/>
login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(Te xtBoxUsername.T ext,
"HILLSRD",
TextBoxPassword .Text,
LOGON32_LOGON_I NTERACTIVE,
LOGON32_PROVIDE R_DEFAULT,
ref token) != 0)
{
FormsAuthentica tion.RedirectFr omLoginPage(Tex tBoxUsername.Te xt,
CBoxRememberMe. Checked);
}
but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.
Sharat Koya 3 1935
Hi Sharat:
I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:
<system.web>
<authenticati on mode="Windows"/>
<identity impersonate="tr ue"/>
<authorizatio n>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards.
--
Scott http://www.OdeToCode.com
On 13 Aug 2004 08:12:33 -0700, sh*********@add enbrookes.nhs.u k (Sharat
Koya) wrote: Please can you help with a problem I am having.
My web config is set to... <authorization ><deny users="?"/> <authenticatio n mode="Forms"> <forms name=".COOKIE" loginUrl="login .aspx" protection="All " timeout="5" path="/"/> </authentication> <identity impersonate="tr ue"/>
login.aspx uses advapi32.dll to create the token and authenticate the user using the code.. if(LogonUser(T extBoxUsername. Text, "HILLSRD", TextBoxPassword .Text, LOGON32_LOGON_I NTERACTIVE, LOGON32_PROVIDE R_DEFAULT, ref token) != 0) {
FormsAuthentica tion.RedirectFr omLoginPage(Tex tBoxUsername.Te xt, CBoxRememberMe .Checked);
}
but when I want to enable NT group security but when I go to access User.IsInRol e it always returns false? I digged a little deeper by live debugging and found that m_roles array is always empty. What am I doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.
Sharat Koya
<identity impersonate="tr ue"/> means to impersonate the iis authenticated
user, in your case because you are using forms authentication, the iis user
is the anonymous login.
because you are using forms authentication, its your job to fill in the
roles. you will need to do this on every request.
-- bruce (sqlwork.com)
"Sharat Koya" <sh*********@ad denbrookes.nhs. uk> wrote in message
news:8e******** *************** ***@posting.goo gle.com... Please can you help with a problem I am having.
My web config is set to... <authorization> <deny users="?"/> <authenticati on mode="Forms"> <forms name=".COOKIE" loginUrl="login .aspx" protection="All " timeout="5" path="/"/> </authentication> <identity impersonate="tr ue"/>
login.aspx uses advapi32.dll to create the token and authenticate the user using the code.. if(LogonUser(Te xtBoxUsername.T ext, "HILLSRD", TextBoxPassword .Text, LOGON32_LOGON_I NTERACTIVE, LOGON32_PROVIDE R_DEFAULT, ref token) != 0) {
FormsAuthentica tion.RedirectFr omLoginPage(Tex tBoxUsername.Te xt, CBoxRememberMe. Checked);
}
but when I want to enable NT group security but when I go to access User.IsInRole it always returns false? I digged a little deeper by live debugging and found that m_roles array is always empty. What am I doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.
Sharat Koya
You could create locked down local accounts on the web server and
still use Windows authentication. If the server doesn't recognize
thier current credentials the browser will prompt for then to enter a
username, password and domain (machine name) to log in with.
--
Scott http://www.OdeToCode.com
On Fri, 13 Aug 2004 11:37:03 -0700, "Sharat Koya" <Sharat Ko**@discussion s.microsoft.com> wrote: The reason I am using this method is that it allows users to be logged in on a secure locked down account whilst allowing them the option to log in as them selves and change between users without logging off the account. Is there a way of perserving this idea without implementing database stored roles?
thanks
"Scott Allen" wrote:
Hi Sharat:
I'm not sure what the requirements are for your application, but I'm thinking you could save yourself a good deal of code if you let Windows manage the authentication and impersonation with a web.config along the lines of:
<system.web> <authenticati on mode="Windows"/> <identity impersonate="tr ue"/> <authorizatio n> <deny users="?"/> <allow users="*"/> </authorization> </system.web>
This will avoid you having to use LogonUser in your code. If you do go this way - you need to use the token given out by LogonUser to do the impersonation, and pass the token to CloseHandle for proper cleanup afterwards.
-- Scott http://www.OdeToCode.com
On 13 Aug 2004 08:12:33 -0700, sh*********@add enbrookes.nhs.u k (Sharat Koya) wrote:
>Please can you help with a problem I am having. > >My web config is set to... ><authorization ><deny users="?"/> ><authenticatio n mode="Forms"> ><forms name=".COOKIE" loginUrl="login .aspx" protection="All " >timeout="5" path="/"/> ></authentication> ><identity impersonate="tr ue"/> > >login.aspx uses advapi32.dll to create the token and authenticate the >user >using the code.. >if(LogonUser(T extBoxUsername. Text, > "HILLSRD", > TextBoxPassword .Text, > LOGON32_LOGON_I NTERACTIVE, > LOGON32_PROVIDE R_DEFAULT, > ref token) != 0) > { > > FormsAuthentica tion.RedirectFr omLoginPage(Tex tBoxUsername.Te xt, >CBoxRememberMe .Checked); > > } > >but when I want to enable NT group security but when I go to access >User.IsInRol e it always returns false? I digged a little deeper by >live debugging and found that m_roles array is always empty. What am I >doing wrong - why aren't the roles avaialble that are on the domain? > > >many thanks for any help on this. > >Sharat Koya
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Chris Gatto |
last post by:
Hi,
I'm having what should be a minor problem but has turned into a 2 day slug
fest with ASP.Net. I am simply attempting to authenticate my asp.net
application users against users in an AD group set up on our domain. It
seems to me I am missing something very simple and obvious, but none of the
MSDN articles I have read are indicating what this might be.
My setup is ASP.Net running on a Windows 2003/IIS 6 server. IIS security...
|
by: Mike Logan |
last post by:
Questions about Role Based Security in ASP.Net:
I have a few questions about role based security in an ASP.Net application.
Below are some points about our system:
- We have a hierarchical roles system stored in a database.
- We are also using Windows for authentication.
- Page - Role relationships are also held in a database.
- We have created a shared assembly for ease of use in applications.
|
by: david |
last post by:
I have the following questions to ask.
For example, there are two roles, A and B to grant to users UA and UB
respectively.
UB in not in role A and UA is not in role B.
A can access to Apage and B to Bpage by typing their passwords, resp..
However, when A has accessed Apage and know the URL of Bpage, A can access
to Bpage. Right now I hard-code it in codebehind functions to protect the
system from this case.
|
by: Archer |
last post by:
I was making a role-based authentication but it does't login with
correct password.
the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.
in the cs files, i write the code below
protected void SubmitBtn_Click(Object sender, EventArgs e)
{
|
by: |
last post by:
One thing I did a lot of in Classic ASP involved showing page elements
conditionally based on whether a user was logged in or not. Logged in users
or "superusers" would get more content and/or more controls if my pages
detected their login. Non-logged in users would also get some page content
at a given URL, but the protected content was hidden from them.
I would like to know generally how this is done in ASP.NET. I'm particularly...
| |
by: Joey |
last post by:
I have a web app with many users and their associated values (hashed
passwords, first name, last name, etc...) stored in a Microsoft SQL
Server 2000 database. My app uses stored procedures and forms-bases
authentication to authenticate users. Currently, in my <location> tags
in web.config, I have to manually specify user names to control access
to content. I want to learn how to implement roles to do this. I am
sure this would be a much...
|
by: xke |
last post by:
Using web.config authorization settings, is it possible to allow my
users to access default.aspx but not default.aspx?action=edit ??
<location path="default.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
|
by: PaulG |
last post by:
Hi
I'm trying to implement roles onto a .NET2 enviroment running IIS using Form Authentication. Using default aspnet login screen working back to a SQL server.
The Web. config for directory is as follows
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow roles="Full" />
|
by: mark4asp |
last post by:
This is a simplified version of my site.
There are Premium users who have access to the Premium directory.
Anyone else attempting to access it should be logged and then
redirected to the Premium.aspx - which explains the advantages of
being a Premium member and provides examples of content.
The default page for site visitors is "News/Default.aspx" but only
those with cookies set should go there otherwise visitors need to
login to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |