I have a local intranet facing DNN library portal site hosted in Windows Server. I have also configured Windows AD in the server and There's one more system connected to the server domain.
Basically, We have 2 tier access. 1 is Logging into DNN as Admin or Super User to manage the DNN and other one is, Logging into Portal as User to manage his account in the library. So, the former login process is handled by DNN itself and the later one handled by us using our DB validation.
Now, we are trying allow library users to login using Windows Authentication. For that, we enabled Windows Authentication and disabled Anonymous Authentication.
The problem is, When I launch the DNN I can login into Portal as User but NOT login into DNN as Admin. Even, accessing IPAddress/Login is just refreshing and stays on the Home page but not redirecting to Login page.
NOTE: I have already created domain\windows user name in the DNN admin user. but still I cannot login into the DNN as Admin.
Related
I have developed an application (asp.net web application) that authenticates using azure ad and asp.net owin. It is a multi-tenant app, so I have registered my app in azure ad as a multi-tenant app. That means that everyone with a microsoft work/school account can sign in to my application. That is fine, but I need to check if the user signing in has a valid license for using my application. How can I do that? Can I interupt the owin login process somehow and check for a valid license, or how is this normally done?
What is normally done is to separate AUTHENTICATION (who is the user) from AUTHORIZATION (what can the user do).
I.e. you do NOT interfere with the authentication - the user comes and sends a token. Your app then reacts by redirecting the user to a "create account" page when he is new. That creates in your app the db entry for this user. You can also send him to a "sorry, you have no rights on this application" page.
This allows you to use the same authentication for multiple applications with separate rights and fully separates authentication and authorization.
I'm working on a .Net application in which user can authenticate with a form using an Id or a Microsoft account (Azure Active Directory). The problem is that a user who doesn't yet have an account on my application can still connect via AD. After authentication, I would like to redirect him to a registration page for his account to be approved first. Since he is already authenticated, is there a way to prevent access to other pages?
I need some help, Thank you.
I have a web application hosted on Azure created in ASP.net, that has a user login page and a separate admin login page. The database being used is MySQL. Recently a new requirement was added by client that admin login page should only be accessible on a single machine that will be allocated by client, different from the user login page which can be accessed by any machine.
One solution could have been to get the mac address of the client machine and comparing it with some database entry but after a lot of searching, I found that there is no way to get the mac address of the client machine except, if the client and server are on the same subnet. But that is not my case, since web app is hosted on azure, and client machine can be anywhere in the world.
IP Address cannot be used to restrict access to the admin portal, since the admin client machine is on a dynamic ip address, and that can change. Also cannot use ssl certificates, because those will restrict the usage of the other user machines for user login as well.
The workflow will be like this, admin opens the page on the browser on their machine, and after providing login information, it will be checked if the machine that is accessing that page is the one authorized to access admin portal or not. So, is there any way I can achieve this, to allow the admin login on only one machine?
The solution might be a DB entry for your Admin. So that when the Admin logs into the Admin Portal, you'll update the Entry for the Admin as "logged in". Then you can check on every login if the Admin is already logged in.
I have a deployed application that is using the Active Directory Membership Provider in order to authenticate users to our domain on an extranet. The application is using the .NET 3.5 framework. If you run the application locally it goes straight to the login page. But if you run the application from its deployed location on the server it first prompts with a Windows Security login prompt and after logging in, you are taken to the login page where you must login again. Why is this?
Your web application seems to be configured to use Active Directory Authentication (and doesn't allow anonymous access). Your users internally are already logged on to the domain and so IIS simply lets them past.
Your login.aspx page is protected by IIS so that you must be a member of the domain in order to even see the login.aspx page. This is a configuration issue in IIS and has very little to do with asp.net or C#.
If you are using forms authentication, you should be able to allow anonymous authentication in IIS and handle authentication using Forms only. However, this entirely depends on the web app and enabling anonymous access may inadvertently expose information you didn't intend to be publicly accessible.
Without knowing more about your application it's difficult to offer any more advice. Good luck.
I'm trying to achieve the simplest functionality related to windows authentication in DotNetNuke. What I need is just the user to be authenticated using windows authentication when accessing DNN site (no need for user to be logged in within DNN) and read his username (HttpContext.User.Identity.Name).
How can I achieve this as simple as possible?
Is it possible without using any 3rd party authentication providers e.g. DNN Auth: Active Directory?
If you need the user to be in the domain to get to the site, but don't want them in the actual DNN site as a user, simply deny "anonymous" access to the website and require windows authentication. IIS will handle this for you.
This is all configured in IIS under the AUthorization option.
I bet I know what your problem is...
Try this: create a new user in DNN whose username is: DOMAIN\username
Where DOMAIN\username matches that of a Windows User on that machine. As Mitchel pointed out, deny Anonymous and enable Windows auth for the DNN site in question in IIS.
For fun, do cmd iisreset, restart your browser and hit your DNN site.
When prompted, use DOMAIN\username and the Windows user's password, NOT the password you assigned that user in DNN.