I have a windows auth. in my .NET MVC application.
How to achieve that browser always ask for user credentials?
Thanks.
Prompting for user credential is pure client-side behavior so the only way to achieve this is set IE->internet options-> security->select your zone->custom level->Check "Prompt for username and password".
By default, web browser will pass user credential automatically only when you are in an intranet so for the public website, you don't have do anything on web browser. For intranet, you need to apply "Prompt for username and password" via group policy.
It is unavailable to control the prompt on server side.
How to make the windows authentication login prompts for user credentials in browsers
Related
I've setup an MVC C# web application with Windows Authentication using MS Visual Studio 2013 authentication mode="Windows"
It works as expected when the user is on the corporate network (CN). The authentication is automatic, seamless and totally transparent when the user goes to the web app in IE or Chrome. If the user uses Firefox, a popup requests the user's network credentials, which is fine... as long I don't have to manage usernames and passwords anymore. By the way the popup is an integrated part of the browser reacting to the response from the web app, I do not control this.
My problem happens when the user tries to connect to the web app from home, through the use of a secure VPN. Once authenticated on our network, when the user opens up IE to go the web app, the authentication is not "automatic and seamless" anymore...a popup requests the user's network credentials...but that is not all, the user must prefix his username with the corporate network (CN) else the active directory will not recognize him (cn\jorion) because the user's domain name is different from the corporate network (CN).
I do not have control of the LDAP/Active Directory but I do have control of the web server (IIS) and the web apps.
I've done a bit of research trying to find a parameter I could set in the web.config to pre-set the [domain name] in the popup or force it to be the value I want it to be for authentication with the LDAP but to no avail. I found that I could do exactly that only if I switch from authentication mode="Windows" to authentication mode="Form" but then every user on the corporate network would have to login as well where right now they do not have to.
Is there a way I can set it so the user does not have to prefix his username with the corporate domain name (cn) for authentication when using VPN?
I am writing a windows C#.Net application using .Net3.5. I am trying to download emails from Gmail using Google's Gmail API ( a requirement). Is it possible to get user credentials in a user friendly way (browser page popping up requesting credentials, supplying username and password directly into my application, or whatever), rather than having the user obtain the credentials himself ?
You should be able to pop up a browser window with the required URL for the user to grant access (or even embed a browser window in your application!) The user should then simply just see the requested permission and click OK and then your application can get the access token.
See:
https://developers.google.com/accounts/docs/OAuth2#installed
Better to search/tag on [google-oauth]
I have a web application that users windows authentication NTLM, my app will check if password has expired and forces users to reset password or just passes user straight through if password is ok.
So doing the password check is ok I just need to know how to redirect WITHOUT re-authenticating, is this possible programmatically. I have read it seems to be easy enough using basic auth but wondering if it can be done on windows auth.
So basically I need to redirect a user to windows auth website with a set of credentials I have programmatically specified so the user gets no additional logins.....Is that possible and if so point me in the right direction!
Thanks
I'm trying to achieve the simplest functionality related to windows authentication in DotNetNuke. What I need is just the user to be authenticated using windows authentication when accessing DNN site (no need for user to be logged in within DNN) and read his username (HttpContext.User.Identity.Name).
How can I achieve this as simple as possible?
Is it possible without using any 3rd party authentication providers e.g. DNN Auth: Active Directory?
If you need the user to be in the domain to get to the site, but don't want them in the actual DNN site as a user, simply deny "anonymous" access to the website and require windows authentication. IIS will handle this for you.
This is all configured in IIS under the AUthorization option.
I bet I know what your problem is...
Try this: create a new user in DNN whose username is: DOMAIN\username
Where DOMAIN\username matches that of a Windows User on that machine. As Mitchel pointed out, deny Anonymous and enable Windows auth for the DNN site in question in IIS.
For fun, do cmd iisreset, restart your browser and hit your DNN site.
When prompted, use DOMAIN\username and the Windows user's password, NOT the password you assigned that user in DNN.
We are building an intranet for a client, the client doesn't want the users to log on, as they have already logged onto the domain (Active Directory)
But they do want to know the AD username of each user so that if they post on the blog, their identity can be recorded.
Our thinking so far has been, that our web.config file should say:
<identity impersonate="false" />
so that each user browses the intranet site as themselves and not the App Pool user configured in IIS.
Would this be the right way to go about it?
If so, what IIS authentication should we be using? NOTE: we are not authenticating the user, so we don't want the logon prompt, all users will already have logged onto the domain, we just want to see their username.
Is this even possible? And are we on the right track?
In C#, we can retrieve the username like this:
System.Web.HttpContext.Current.Request.LogonUserIdentity.Name.ToString()
but we just can't find an IIS authentication setting that will not prompt a domain/network login.
You need to turn on windows authentication. After you did that, the identity token will be passed to the server as I remember, and you can manage the authentication with that.
Also note that only Chrome and IE supports this fully, Firefox will ask at least for pressing an ok button before authenticating the user.
Other thing to note is the set the trust levels correctly in the browser, or it wont do the automatic authentication.
You already know how to get the LogonUserIdentity and set up IIS correctly. What is lacking is to get the browser to automatically authenticate with the AD account of the user. To enable that you have to configure the browser to do so, which I think only is enabled for Intranet zone sites by default.