I have a web application that users windows authentication NTLM, my app will check if password has expired and forces users to reset password or just passes user straight through if password is ok.
So doing the password check is ok I just need to know how to redirect WITHOUT re-authenticating, is this possible programmatically. I have read it seems to be easy enough using basic auth but wondering if it can be done on windows auth.
So basically I need to redirect a user to windows auth website with a set of credentials I have programmatically specified so the user gets no additional logins.....Is that possible and if so point me in the right direction!
Thanks
Related
I have a windows auth. in my .NET MVC application.
How to achieve that browser always ask for user credentials?
Thanks.
Prompting for user credential is pure client-side behavior so the only way to achieve this is set IE->internet options-> security->select your zone->custom level->Check "Prompt for username and password".
By default, web browser will pass user credential automatically only when you are in an intranet so for the public website, you don't have do anything on web browser. For intranet, you need to apply "Prompt for username and password" via group policy.
It is unavailable to control the prompt on server side.
How to make the windows authentication login prompts for user credentials in browsers
a c# windows application give privilege to users with a specific profile in its database. The application does not handle user and password but get the username of the authetcated user in Windows session.
They asked me to authenticate the user by a IAM service such as Microsoft IAM. But I'm a bit confused. It means that I have to ask username and password to user and verify them with IAM? I don't want to store in my db password.
I cannot figure how to use an external IAM.
No, you will not need to deal with passwords.
In short, your application will need to display a mini browser window (WebControl, WebView, etc.) where the IAM provider's login screen is displayed. Users provide their credentials directly to that login screen. Your application never touches those credentials and only receives the valid tokens afterwards from which it can get information like unique user ID, email address, etc.
Check out this WPF tutorial from one of the best IAM providers, auth0 (disclaimer: I'm not affiliated with auth0 in any way).
https://auth0.com/docs/quickstart/native/wpf-winforms/01-login
You can sign up for a free trial account to quickly try it out.
Side note: This method is not entirely safe from abuse as your malicious application could intercept key strokes as users type in their credentials into the IAM login page (since it is hosted within your application's process).
I'm trying to achieve the simplest functionality related to windows authentication in DotNetNuke. What I need is just the user to be authenticated using windows authentication when accessing DNN site (no need for user to be logged in within DNN) and read his username (HttpContext.User.Identity.Name).
How can I achieve this as simple as possible?
Is it possible without using any 3rd party authentication providers e.g. DNN Auth: Active Directory?
If you need the user to be in the domain to get to the site, but don't want them in the actual DNN site as a user, simply deny "anonymous" access to the website and require windows authentication. IIS will handle this for you.
This is all configured in IIS under the AUthorization option.
I bet I know what your problem is...
Try this: create a new user in DNN whose username is: DOMAIN\username
Where DOMAIN\username matches that of a Windows User on that machine. As Mitchel pointed out, deny Anonymous and enable Windows auth for the DNN site in question in IIS.
For fun, do cmd iisreset, restart your browser and hit your DNN site.
When prompted, use DOMAIN\username and the Windows user's password, NOT the password you assigned that user in DNN.
I'm currently writing a facebook app for windows phone, and there is something I just didn't find how to do.
Since display=touch currently doesn't work on windows phone, I am forced to use display=popup to get a token and the user's agreement for my app.
This popup mode really isn't fit for mobile apps, so I would like the user to be able to check a box saying "I would like the app to remember my login and password and connect me automatically".
However, when I have the user's login and password, I don't know how to use the OAuth API to effectively login the user without him having to click anything. Is there a way to do that ? Or do I have to wait for the user to choose "Remember me" on the Facebook login page ?
I hope that was clear enough.
Facebook doesn't have a (public) API for taking a users email address and password and returning an access token. The closest thing you can do is customize the HTML that gets returned with JavaScript. I have an example of this on my github.
We are building an intranet for a client, the client doesn't want the users to log on, as they have already logged onto the domain (Active Directory)
But they do want to know the AD username of each user so that if they post on the blog, their identity can be recorded.
Our thinking so far has been, that our web.config file should say:
<identity impersonate="false" />
so that each user browses the intranet site as themselves and not the App Pool user configured in IIS.
Would this be the right way to go about it?
If so, what IIS authentication should we be using? NOTE: we are not authenticating the user, so we don't want the logon prompt, all users will already have logged onto the domain, we just want to see their username.
Is this even possible? And are we on the right track?
In C#, we can retrieve the username like this:
System.Web.HttpContext.Current.Request.LogonUserIdentity.Name.ToString()
but we just can't find an IIS authentication setting that will not prompt a domain/network login.
You need to turn on windows authentication. After you did that, the identity token will be passed to the server as I remember, and you can manage the authentication with that.
Also note that only Chrome and IE supports this fully, Firefox will ask at least for pressing an ok button before authenticating the user.
Other thing to note is the set the trust levels correctly in the browser, or it wont do the automatic authentication.
You already know how to get the LogonUserIdentity and set up IIS correctly. What is lacking is to get the browser to automatically authenticate with the AD account of the user. To enable that you have to configure the browser to do so, which I think only is enabled for Intranet zone sites by default.