I have created an application service run on my IIS server.
That is based on REST (web server).
The service want to access a remote FTP server.
The service is related to application pool, with the "localservice" user.
I want to access the FTP server with no anonymous user available to connect.
How can I connect with c# to the specific ftp server using same credentials as the current running user (local service) without need to save the user and password in a configuration file?
What is the best practice for doing so?
Thanks.
Related
Hi I was able to host an API application an Azure but unable to access the network of my database which is located in a different server under my network
I was wondering what things should I set up to make this happen
Generally, you could enable the networking of app service to allow web app in the app service to access in a private network then connect the azure VNet and on-premise network via a site to site VPN gateway. You could get more details from this article.
However, in this case if you just want to access the database in another network, it's recommended to use Azure Hybrid Connections, it's a simple way without VPN gateway.
Azure Hybrid Connections enables you to connect your Azure App Services (including Azure Functions) to existing on-prem services/APIs. See How to Add and Create Hybrid Connections in your app and more reference.
I am trying to host an ASP.NET web application in my local, which is connected to various other computers via LAN. I have a single DB in SQL server, but I am unable to set the connection string for multiple users. I use windows authentication for my web application. Please help to set the connection string for multiple users.
This can be done in one a few ways;
You create a SQL account and put the login details in the connection string
You create a SQL account and an ODBC connection and connect via the ODBC connection (has the virtue of not putting the password in the connection string)
You create a Windows account and use those credentials for the application's IIS App Pool when the site is deployed.
Any of those approaches will allow you to have your Windows auth turned on but still allow the application to use only one identity to connect to the database.
I'm using
WCF service (Windows authenticated and impersonation)
SQL Server (Windows authentication)
Console application (client)
All are in the same domain.
I'm consuming a Windows authenticated WCF service from a console application as the client. However, when I try to access SQL Server from the console application using the WCF service, I get an error:
Exception In Account Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
My scenario is: my WCF service and SQL Server are on one system (System A) and my console application (my client) is on another system (System B).
When my client from System B sends a request, it hits my service successfully, but when the service tries to access SQL Server
WCF service(Windows Authenticated and Impersonation)
Sql server(Windows Authentication)
Console Application(Client)
This scenario requires Kerberos constrained delegation. You cannot do this, you must enlist the help of a domain administrator to set it up for you. Read and follow How to Implement Kerberos Constrained Delegation with SQL Server.
Note that impersonation and delegation will flow the credentials of the original client (the console app) to the back end database, which means that you will need to grant SQL access to the actual users of your service, not to the WCF service account.
I think your connection to WCF service has no problem but the SQL Server own security system perceives the client as a user beyond security barrier(like firewall) because the client is really from outside, not the administrator of the machine.
Why don't you apply the common idea that SQL authentification mode and asymmetric Encryption of Web.Config of WCF?
If you have to face situations that clients connect to Server from outside, Encryption(Security) is strongly recommended.
I have desktop application(WPF) on clients side and WCF service on Cloud service connecting to Cloud SQL Server.
I have created a web service using ASP .Net. My web service contains a web config file, which stores security information of our Microsoft Dynamics Axapta AOS server, username and password for Axapta authentication.
My web service calls a Dynamics Axapta web service and exchanges some data. I have deployed my ASP .Net web service to IIS 7.0 which is located in DMZ zone. Now i have to give web service address to a payment service. This payment service should only know the web service address and the methods of this web service. This is my first time, i am developing such a service stored in IIS:
My question is:
How i need to configure IIS? (Authentication)
Which security tips i need to follow?
What should i do, to make my web config file to be secure?
How i need to allow this payment service to my local server?
Any suggestions and explanation will be huge help to me, because i am newbie to this topic.
Thanks a lot, sincerely, Ilkin.
Your IIS Application Pool should run as custom account identity (like domain\svc-ax-payment-user). Then add this Active Directory user to AX users and grant / add it to role with access to required roles. In this scenario password is saved securely in IIS.
Another option is to encrypt password with machine key (eg. your IIS server is not trusted in AX domain).
aspnet_regiis.exe -pef "appSettings" C:\web_app_dir
Run this command as administrator.
Check How To: Encrypt Configuration Sections for more information.
You can also create your own Machine Key for your application. In this case your web.config is portable and not bound to one specific server.
I need to use a Windows application running on remote clients that will connect to a web service. The web service will access an SQL database to verify users, and roles, and perform other tasks. I am using ASP.NET Membership to manage the users and roles. I have ASP.NET Membership, and the web service working on the development machine. I have a windows client with a service reference that works when I access methods that do not access the database, but when I try to access a service method that access a database method I get The user is not associated with a trusted SQL Server connection. I get various permissions errors depending on what I am try to fix this, but this is the gist. I don't want the Windows client to need DB permissions. I want it to send a user name, and password to the web service, then the web service wraps Membership.ValidateUser(userName, password)
Can someone tell me how to set this up?
You should consider setting up SQL Server to use SQL and Windows Authentication (mixed mode). It's most likely running in Windows Authentication mode only. You can take a look at this link to get started.
It sounds like, by the way you have it designed, is that you would have to set up an account for each user. In my experience it's best to just create a specific SQL account with the necessary permissions, and have each client use that account. You could specify this in the connection string.
Assuming you have named pipes authentication enabled in SQL, your SQL connection string in your ASP.NET application could be configured to use integrated security (Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;). Then in SSMS, give the appropriate ASP.NET user privileges to the database. The user that IIS uses depends on what version of IIS you're running, and can be seen in the App Pool configuration for the server in question.