Ok... I have created a web application using Visual Studio 2008 using C#..
Now i need to secure this website; for that i need to add a login page.
I am not using the login control of visualstudio.. i am just entering the username and password and there is an API which returns true or false after authentication...
If it returns true the user is allowed to access my application and if false an error page is displayed... Is there a secure way to do this
Currently what is happening is that when i publish my web application and store it in the webroot directory of the server... the webpage can be opened simply by typing "http://ip address/Default.aspx" or "http://ip address/Page1.aspx". So i dont want this to happen instead if this is typed an error page should open. But if the user goes to the login page and logs in then only it should open these pages....
Any suggestions on how to achieve this..
thanks
use FORMS authentication in asp.net
Forms authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie. However, ASP.NET version 2.0 supports cookieless forms authentication, which results in the ticket being passed in a query string.
http://msdn.microsoft.com/en-us/library/aa480476.aspx
http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx
Related
I am attempting to build an ASP.NET MVC website which allows certain domain users to login and access the various functions it offers. I'm building this using Azure AD which Azure has a really nice way of letting you download a pre-built application which comes withe a Windows login page and authenticates the user already.
Here is the login page. It is even pre-populated with my domain.
Username#mydomain.com
After a successful login however the User.Identity.Name property is null.
I did some searching online and found a ton of posts like this that recommended turning Anonymous Authentication off and Windows Authentication on in the project properties. I gave that a shot but it automatically signs me in, completely bypassing the login page, and the User.Identity.Name is the name of the PC I'm developing this on. Is there a way to have Windows Authentication enabled and still have the login page working?
EDIT 1:
I forgot to mention, the User.Identity.Name property is null after the user has been authenticated for login.
I'm kinda new to .net development and in my company, they've been using forms authentication for a while. But as we wanted to use external login integration, I implemented from the Microsoft Documentation as given here.
Previously as my company was using Forms Authentication and my integration for external login being correct, I was redirected back to the login page after clicking for login with other providers.
So, I disabled authentication to None in my web.config and my external login with OWIN integration is working fine but now after Logging-in normally on my site it redirects me back to the login page and I'm not getting what's the issue or how can I get back both of them to work. I need a solution to get both forms and identity authentication to work or something that'll get my work done. I also got something to suppress default authentication but I'm unable to get it to work.
I have a scenario when I have to authenticate the app with a provider and then redirect back to the app on a successful login.
The redirect Url is ms-appx-web:///UI/app.html.
This app.html has contents and these contents were loading before authentication and redirect.
After Redirecting the app.html has 0 lines of code, hence showing empty screen in the Windows app
For example: Authenticating using Microsoft account in the Windows app using Web view and after authenticating having a redirect_url back to Windows app using ms-appx-web:///UI/app.html. App.html is loaded but without content(Hence empty page).
You can try to encode redirect url in you whole link.
But for UWP applications, the more recommended way to authorize is to use the Web authentication broker, which is used exclusively for authorization.
You can intercept the redirect url and set the Source property of the WebView based on the result. This is a safer practice.
Here is the document about the Web authentication broker.
Best regards.
I'm developing a web application with C # and netcore, which includes an API module.
Then there is a windows WPF application (programmed by me) that can connect to this API.
So when I log in into my WPF application I check the credentials over the API's call and grant access to the user. In this WPF Application is a Button that will forward you to the Web version.
Is it now possible to hand over the generated bearer token from WPF App to my login in the web to grant the user access without using again his credentials?
I expect that the user just need to use his credentials in WPF App and is logged in in the browser too.
Thank you in advance and have a nice day.
I guess you store the token on the Web version and if you open it in the browser it will already be logged in and redirected to a specific page. In case the token cannot be retrieved or it is expired, then you will stay on the login page.
I would suggest you to pass the token to the login page as parameter in the URL from your WPF app. So at this point after you check if you already have a token stored, you can also check if you have any parameter passed, store that one and redirect to the page you want.
I am using SharePoint 2007 Enterprise + Publishing portal template + Windows Server 2008. And I am developing using ASP.Net + C# + .Net 3.5 + VSTS 2008 on SharePoint Server 2007. I am developing a custom authentication provider based on Forms authentication. When an anonymous access a page which needs authentication, by the default behavior, the login page will be redirected.
My requirement is, when a user access a page for the first time in my SharePoint site which needs authentication,
if there is a special URL variable in current http session called "Identity", I want to treat the user as authenticated user and using the value of the "Identity" URL variable to be the authenticated user name of SharePoint (for example, accessing my SharePoint site by URL http://mysite/default.aspx?Identity=foo, then I will treat authenticated user "foo");
if there is a on URL variable in current http session variable called "Identity", the login page will be redirected to go through the default Forms authentication behavior.
Any ideas how to implement requirement 1 and 2?
Here is a great overview of Forms Base Authentication using Sharepoint 2007. Hope that helps.