.I have a server within windows domain. Within that server there is IIS 7.5 installed.
IIS serves requests to one web application for which NTLM windows authentication and impersonation are enabled. App pool is separate and has 2.0 version. Application has single-page front-end part. So user enters front-end part, enters credentials and works with it. Nothing especial here, for sure.
Recently I've added one more web service which is hosted also by IIS on another port in a separate app pool with 4.0 version.
What I need is - sending requests from first app via Ajax to this new app, passing through windows auth. Of course - without additional prompt.
The idea is - front-end from first app should send requests to this new one app via jquery ajax, passing through credentials.
What are the recommendations to achieve it without SSO etc.?
Should I look for something like reverse proxy or there is something more obvious?
Thanks in advance.
Ok. I'll put my own answer here.
So, the idea how NTLM works was absolutely clear. That's why the questions was asked.
As result - to achieve pass through on different web apps using NTLM - not possible. Because of how NTLM works and double-hop issue (http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx)
Finally I came up with such solution:
- Created child application in a separate .NET 4 app pool.
- Sent all the requests from parent to that child.
In this case authentication is passed through without issues, of course.
The only one problem here is related to the fact that two services have to live within one IIS server and have this parent-child relation.
Related
Looking for a design solution.
We are currently migrating our old site installed in Windows Server IIS to Cloud-based Azure App service or Azure Service fabric.
We have multiple clients but one of the requirement is to move clients one by one.
I.e They want us to use the same DNS, but based on brands it should route to the new or old site.
so for example, we have 2 brands
Brand 1 - moved to a new site
Brand 2 - still using the old site.
So we when the request comes
For www.Mysite.com/brand1 then it should call Site hosted in Azure.
For www.Mysite.com/brand2 it should call old site hosted in windows
server IIS.
Is this feasible? If yes what are the options I have?
I saw options to Redirect a Domain by modifying .htaccess file.
Currently looking for options to finalize the design approach i.e moving all client at once or moving one by one. But later is preferred.
It is possible to use an Azure Function to handle the redirect. I have done something similar in order to create our own short urls for text messages. Before redirecting you can inspect the original url to determine where to redirect too.
Check out this link
Most likely a good business case for having an azure application gateway as its made for redirecting traffic based on the route requested. the gateway would need to be register under the domain name you want visible and you would then configure the routing rules on the app gateway resource. your azure resource and your on prem resource would be considered your backend pools
www.Mysite.com/brand1 -> point to my new cloud server pool
www.Mysite.com/brand2-> point to my existing app server pool
Linking the azure docs on this.
https://learn.microsoft.com/en-us/azure/application-gateway/overview
I have a c#-based program that can send messages and files to our SlackWorkspace via my SlackApp (I'm using HttpClient to communicate with Slack).
Now, to distribute this program in my workspace and to make it so that every user will have his own identity, it says that I have to use OAuth and create verification-tokens, specific for each user.
It says in the Slack-documentation I have to use a redirect-URL (as per docs) to my own server.
We have a server that I potentially could use for this. But I have never done anything like this before and I am unclear on what "answer" I have to provide from our server. I thought the verification-process would be handled by Slack.
Anyone has an idea on how to approach this?
And before anyone asks - yes we need to install it for everyone and make them identifiable as themselves. We can't use the "SlackApp" as user. :)
I would be very grateful for code examples(in c#) and explanations on how this whole redirect-thing is working.
Slack uses the standard Oauth 2.0 protocol to authenticate apps, similar to Google and Facebook.
So the "verification-process" is indeed mostly handled by Slack (as outlined here), but your Slack app needs to initiate it and handle the responses properly. Also its a multi-step process and includes the user having to login into Slack with their credentials. This why you need a web app to handle the whole process.
To enable a Slack app to generate tokens via Oauth a web app is needed:
can be reached from the Internet
able to handle HTTP requests like a web server
has persistent storage for the newly generated tokens
This is probably easier to implement with ASP.NET Web Pages, which can utilize many functions from an existing web server.
But for this answer, lets look on an implementation in .NET Core. For that we need to create our own web server and some rudimentary session handling. Main concepts include:
HttpListener class for providing fundamental ability to listen and respond to HTTP requests
Handle multiple requests in parallel
Cookies / Session handling
MD5 hashes
The details go a bit beyond the scope of one answer. But I am happy to share a working example implementation on this GitHubGist.
Btw: For the local development of such a web app its recommend to use a VPN tunnel like ngrok, that allows one to expose a local machine securely to the Internet and Slack.
I'm writing a new desktop app as a smart client. Although it will need to cache some data locally, data will be downloaded and commands issued via a WCF web service.
So that "not just anyone" can call the web service operations to get data or issue commands, I'd like to use forms authentication. I'd like users of the desktop app to log into it with their website credentials (all on the same domain), and from them on for the app to supply the "token" (cookie or whatever) with each WCF request, so that the WCF service can authenticate/authorise them.
Is this possible, and could someone point me in the right direction (keywords, tech to research), please?
I know that I could "roll my own" where I have an authentication service that will return a token, and that each web service operation could require a token that it will look up authorisation information for, but it seems we already have this in the ASP.NET membership stuff, so I'd like to make use of it.
Many thanks in advance.
If you are using VS 2010, it is build it, you just have to select in the project properties, and then click the Services tab. MS changed the name to Client Application Services. Just check the Enable client application services and then fill in the blanks.
Here is the whole help section on it from MS...
http://msdn.microsoft.com/en-us/library/bb384297.aspx
I am thinking about writing an application that will monitor IIS Service with iPhone, and send notification, perform resets if an IIS goes down.
I dont want to create a web service to do that but rather connect to a machine, specifying credentials and then get data from the IIS Service state.
Is it even possible?
Is it possible with iPhone?
I need to make this app generic enough for people to use with their hosted web sites and monitor their health and being able to reset it and/or recycle AppPools. I cant implement a service for any hosted environment. I need to be able to give the iPhone users an ability to connect to their host and once you are connected to the machine and authenticated to perform WMIs the phone users can mess with the iis. Is it possible?
I see your point not wanting to use web service because you want to monitor and reset IIS service, while web service is based on IIS. How about RestFul service? I have created RestFul service based on OWIN (Open Web Interface for .Net) and Kayak. Kayak may have some examples there.
The cool thing about those tools or lib is that the framework is very simple and does not rely on IIS. You can provide two URLs, one for get and one for post. The former is to get status of IIS server and post is to reset IIS. Those services can be just XML of JSON based objects and it will be up to the the OWIN service to do the job on the back end. Another great feature of this is that you can even create the service in a console app or any other ways (Windows service or Window Form in system tray) on WindowsXP or Home version. The app will provide RestFul service based on HTTP with specific port.
RestFul service is available for variety of platforms, including iPhone.
Although IIS supports remote administration I doubt there's a way to implement it on the iPhone easily.
You could write an actual Windows Server (not a web service) you could connect to with a socket which can do all the monitoring instead though.
I have one asp.net(iis7) web app and multiple database in back-end.
Every client has different url for example:
client1.test.com
client2.test.com
Application should read url (HttpContext.Current.Request.Url.Host) and determine which database use.
The problem is that from iis7 HttpContext.Current.Request.Url.Host in class not working(Request is not available in this context ).
I don't have idea how to replace this mechanism.
One web app for every client is not a solution.
Problem solved:
From IIs7 (integrated mode) Request.Url.Host is not available
in application start event.
It works later but if you need any initialization in application start you can read blog entry
http://mvolo.com/blogs/serverside/archive/2007/11/10/Integrated-mode-Request-is-not-available-in-this-context-in-Application_5F00_Start.aspx