I have a web application hosted on Azure created in ASP.net, that has a user login page and a separate admin login page. The database being used is MySQL. Recently a new requirement was added by client that admin login page should only be accessible on a single machine that will be allocated by client, different from the user login page which can be accessed by any machine.
One solution could have been to get the mac address of the client machine and comparing it with some database entry but after a lot of searching, I found that there is no way to get the mac address of the client machine except, if the client and server are on the same subnet. But that is not my case, since web app is hosted on azure, and client machine can be anywhere in the world.
IP Address cannot be used to restrict access to the admin portal, since the admin client machine is on a dynamic ip address, and that can change. Also cannot use ssl certificates, because those will restrict the usage of the other user machines for user login as well.
The workflow will be like this, admin opens the page on the browser on their machine, and after providing login information, it will be checked if the machine that is accessing that page is the one authorized to access admin portal or not. So, is there any way I can achieve this, to allow the admin login on only one machine?
The solution might be a DB entry for your Admin. So that when the Admin logs into the Admin Portal, you'll update the Entry for the Admin as "logged in". Then you can check on every login if the Admin is already logged in.
Related
I have this application I need to get the user name and machine name of the windows logged user. I hosted this on a server. When I am tested locally this works perfectly but when I hosted on the server the program returns the server name, not the local logged user username. The user is not required to login just launch the web app.
string Machine = Environment.MachineName
string UserName = Environment.UserName;
TextBox_BCAPC_Name.Text = Machine;
TextBox_User_Name.Text = UserName;
From my research I may need to add some code to my webconfig or update the Authentication settings for IIS.
I am wanting to get the user name and local machine name. Without having the user login to the web form.
That is because you cannot get that information from the browser of another computer. All of your code is server-side. You would need something like a client-side script (say JavaScript) to give you that information. To do that, I would look at this post: How can I read the client's machine/computer name from the browser?
Also, it would be a major security flaw to expose the user's logged-in username. You just can't do it unless you force the user to download and install a local program that will then feed the information to you. This is really not a secure thing to do.
I have a local intranet facing DNN library portal site hosted in Windows Server. I have also configured Windows AD in the server and There's one more system connected to the server domain.
Basically, We have 2 tier access. 1 is Logging into DNN as Admin or Super User to manage the DNN and other one is, Logging into Portal as User to manage his account in the library. So, the former login process is handled by DNN itself and the later one handled by us using our DB validation.
Now, we are trying allow library users to login using Windows Authentication. For that, we enabled Windows Authentication and disabled Anonymous Authentication.
The problem is, When I launch the DNN I can login into Portal as User but NOT login into DNN as Admin. Even, accessing IPAddress/Login is just refreshing and stays on the Home page but not redirecting to Login page.
NOTE: I have already created domain\windows user name in the DNN admin user. but still I cannot login into the DNN as Admin.
I'm having a strange problem while using impersonation with ASP.NET MVC. I have a site that checks the status of different servers by reading some configurations files on each one of them. The app can also modify such files. Because the app will be used by several people (all of them with administrative grants in the servers),I need to have a log of all the changes done. I enabled Windows authentication to my site in IIS7 and also enabled id impersonation by adding the following to my web.config file.
<identity impersonate="true"/>
Just to be sure that the impersonation is working correctly, every time a user logged in I use the following to obtain the user that will be sending all the requests.
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
When I enter the site from my Visual Studio environment, everything works correctly, the user logged is my NT id rather than the NETWORK SERVICE user and I'm able to access the remote files without problems. However, when I publish the site to our server it stops working. Even though it does seem that the impersonation is working because the NT id of the logged user is shown as the windows identity, I cannot access the files. What I found even weirder is that if I access the site directly on the server's browser, everything works ok, so I'm not sure where's the problem. In resume, here's what I'm dealing with.
Id impersonation works from development environment
Id impersonation works browsing directly in the server where the site is.
Id impersonation doesn't work when accessing the site from a browser outside the server. Even though the logged user name corresponds to the impersonated user profile, the site can not access the remote files.
Does anybody have an idea of what might be wrong? I'm kind of lost with this one...
In order to access remote files on behalf of an impersonated client, your server needs to be trusted for delegation. See this KB article for more info, or just google "trusted for delegation".
I have made a webform that inserts work items to a tfs 2010server. On the tfs server I need to be able to see which user created the work item. If I run the webform code locally on my machine this works, because my machine is logged in to my user on the tfs server. But after deploying the code on a server I get a (401) unauthorized error message if I don't hardcode in my credentials like this
TfsConfigurationServer configurationServer = new TfsConfigurationServer(configurationServerUri, new NetworkCredential(user, pwd, domain));
(Locally the code below works)
TfsConfigurationServer configurationServer = new TfsConfigurationServer(configurationServerUri);
Is it possible to tell the webserver which user is logged into the machine accessing the webform, or is it any way I can prompt the user for username/password when he/she submits the webform?
thx for any help!
There are several things you need to do and approach this issue
First most likely you have anonymous authentication allowed for your website. Meaning users can access your site without any restrictions and wont need to provide any information. Webserver doesn't know who they are. This will need to be disabled as by your question you need their info. You web app will try to connect to tfs under the webservers identity - either the dedicated account running the application pool or computer account.
http://technet.microsoft.com/en-us/library/cc770966(v=ws.10).aspx
The most simplest method is to enable basic authentication for your website, this will request users to provide username and password, downside is this method transmits data in base64 plain text, as such you channel must be secure
http://technet.microsoft.com/en-us/library/cc772009(v=ws.10).aspx
Forms authentication will allow you to use custom form to collect login info from users, and validate it yourself but works much like basic authentication
http://technet.microsoft.com/en-us/library/cc753252(v=ws.10).aspx
If clients are users in your domain and application is used in intranet the best option is to use Windows authentication, it will try to automatically get users identity from domain, and will issue popup if that fails. Depending how your servers are setup getting this to work may be as easy as enabling it (tfs and your app on the same server) or require configuring your domain controllers for kerberous.
http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx
Once users are in have been authenticated you must make the webserver impersonate them when your code calls tfs. Complexity again depends on your setup.
http://technet.microsoft.com/en-us/library/cc730708(v=ws.10).aspx
Alternativly you can use tfs impersonation to get similar result, this can be also used if for example you dont have users in tfs for each user connecting but instead want to impersonate and ClientCompany, Project or Team account
http://blogs.msdn.com/b/paulking/archive/2010/11/04/using-the-new-tfs-2010-impersonation-apis.aspx
I am programming a web application for a company, they require that the user should not enter any username and password, the user should be allowed to login to the system by their windows identity.
i have tried WindowsIdenity.GetCurrent() , its working on if the application is on the client.
How do i get the WindowsIdenitiy of the Client User to be sent to the server.
Internet Explorer has a mechanism for transferring the client's windows credentials to the server. You'll need to make your clients use IE, and of course make sure they are on the same domain forest as the server.
You can read here a little about using integrated windows authentication with ASP.NET .