473,699 Members | 2,401 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.NET Basic Authentication programmaticall y.

I am currently working on the application that need to simulate basic
authentication programmaticall y using user's credentials that are known.
Basically, the need is for a single sign on with a third party application.
The scenario is the following: a third party application (iChain I believe,
from Novell) is used to authenticate the user against Novell eDirectory. Once
authentication is complete a user is taken to a portal from which they are
able to access application A. Application A is a ASP.NET application running
on IIS 6. Right now I am thinking of having developers of portal to pass
user's credentials either as form fields or header value and then use those
credentials to simulate basic authentication in ASP.NET portal without the
password popup screen that is usually seen by users when entering a website
with Basic Authentication setup. I would assume that changing the header
value and adding "Authorizat ion" header with username:passwo rd value in
Base64 would do the trick, however I realized that the Request is a read only
object within the application and cannot be modified. Right now I have the
following chunk of code that does what I need, however, its only does it when
called this way. since the request object I've created is a seperate request,
the only way to pass credentials is using that request object, however I need
to be able to authenticate user once and then permit browse of entire ASP.NET
application as authenticated user. I am not sure how to do it and I need some
help.

// I am getting user name and password for testing purpose
username = ConfigurationMa nager.AppSettin gs.Get("usernam e");
password = ConfigurationMa nager.AppSettin gs.Get("passwor d");

Response.Clear( );

string usernamePasswor d1 = username + ":" + password;

// Request is created that will call a page named "Authenticated. aspx"
// Authenticated.a spx page contains a code for accessing Northwind database
using integrated security.
// This is done in order to use Basic Authentication with delegation to SQL
Server which will execute queries and stored
// procedures as that user. Currently, the code below works, but it only
works using the HttpWebRequest object I've created
HttpWebRequest req = (HttpWebRequest )WebRequest.Cre ate("http://"; +
ConfigurationMa nager.AppSettin gs.Get("reqUrl" ));

CredentialCache mycache = new CredentialCache ();
// Credentials are specified here
mycache.Add(new Uri("http://"; +
ConfigurationMa nager.AppSettin gs.Get("reqUrl" )), "Basic", new
NetworkCredenti al(username, password));

req.Credentials = mycache;
// This header is not neccessary for the peice of code to work, however, I
was thinkng that it might actually
// stay with all of the request therefore making the basic authentication
work. It does not stay with all requests and response
// only with this current request.
req.Headers.Add ("Authorization ", "Basic " + Convert.ToBase6 4String(new
ASCIIEncoding() .GetBytes(usern amePassword1))) ;

HttpWebResponse res;
// I am calling getResponse method to get the response for the request
created above
res = (HttpWebRespons e)req.GetRespon se();

//Response.Write( res.StatusCode) ;

// Here I analyze the Status code and if it was OK then I am using
Server.Transfer to transfer
// the control to a different page. As I understand server.transfer keeps
the existing headers
// while Response.Redire ct clears them out. I was thinking that by doing
server.transfer the header
// create above, "Authorization" , will persist and allow the authentication
to stay for the session,
/// however, this does not work. Once I stop using res object, the
application is no longer authenticated
// and page fails to access the database since there are no credentials there.
if (res.StatusCode == HttpStatusCode. OK)

{

Debug.Write(Res ponse.StatusCod e);
Server.Transfer (ConfigurationM anager.AppSetti ngs.Get("reqUrl Virtual"));

}

else
Response.Write( "Error: " + res.StatusCode) ;

I need to know how to make this scenario work. I need to enter ASP.NET
application and authenticate that user based on credentials passed to me
whichever way. If you know of a different solution, please let me know.

Sincerely,

Konstantin

Apr 10 '07 #1
0 16004

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
9285
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. # No warranty express or implied for the accuracy, fitness to purpose
1
1988
by: Oran | last post by:
I am trying to integrate an application into our extranets. The extranet technology has its own authentication system requiring a domain user but uses anonymous authentication (from the perspective of IIS). I can get the username/password, but IIS is not aware of the user. The application I am trying to integrate (to get the features I want) relies on either basic or NTLM authentication. The sites use SSL, so basic authentication is...
4
11841
by: Joseph | last post by:
I have an intranet application that I setup using windows authentication through IIS basic authentication. Is there a way to set a timeout, so that after ten minutes the user will be prompted again to enter their login ID and password? I have not been able to find anything on microsoft or google. Other than this, the only way a user will be prompted again is if they are forced to open a new browser window for getting to the web page. ...
4
4831
by: Dave | last post by:
Hi, Is there anyway to mimic forms authentication's loginUrl and RedirectFromLoginPage functionality using Windows authentication? We are developing intranet sites using basic authentication and we want to always redirect a user to a default 'splash' or welcome page that is set to anonymous if they are not logged in. This page would have
4
2067
by: Barry | last post by:
The MS fix for IE broke how users access our site (if they patch their browsers), so I need a solution to get users logged onto our site transparently. Basically we used to log on to the site by: http://username:pwd@www.mysite.com/main/ which uses basic auth, but now that doesn't work. I would like to find a way where I can still use basic auth and tell the people hitting our site to modify their url to:...
10
13863
by: Will Gillen | last post by:
I have an ASP.NET application that is using Windows Integrated Authentication (IIS) (as opposed to Forms Authentication). When the user first logs into the application, IIS prompts the user for their credentials. Once they are "authenticated", their credentials remain active while their web browser is open. Now, I want the "authentication" to "timeout" in 3 minutes. This way if they browse to another page after 3 minutes, they are...
3
2537
by: sefe dery | last post by:
hi ng, i try to create a asp.net 1.0 website on windows server 2003(Servername: ServerX) with iis 6.0. PROBLEM: The user should login with his windows credentials in basic.aspx and automatically redirect to his own files. i have the following file-structure:
7
7616
by: Stanley | last post by:
Hi all! When I go to some web site, I have to provide username and password, like my router's web site. The question is the how can I programmatically capture the 'realm' (Like 'level_15_access'), and provide username and password in vb.net? Thanks!
3
15852
by: Martin | last post by:
How does one set up basic authentication on an HttpListener? I know I need to set the HttpListener.AuthenticationSchemes to AuthenticationSchemes.Basic but then I'm unsure how and against what (users on the PC?) the Authentication is occuring. Is there a way for me to receive and control the Authentication attempt myself? This is probably obvious but I've found nothing describing it.
0
9185
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9050
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8893
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6540
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5879
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4636
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3069
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2359
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2015
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.