I'm working in a small sap.net mvc intranet application and need to create the following behavior:
Use windows authentication using the current user
If the user has a specific trait (kiosk account), prevent login and display a login page
This new logon will be authenticated using AD and if valid, replace the initial user (Controller.Context.User.Identity.Name)
[Authorize] tags need to work.
What would be the right approach for this?
EDIT: what I need to know is how I replace the implicit user with the one that logons manually
If you want to use another user context try to use winapi function CreateProcessWithLogonW or CreateProcessWithTokenW
Related
I want to display the start page of my web application in one way if the visiting user is authenticated in the AD and another way if the user is not.
I am able to distinguish users by checking their username using this: HttpContext.Current.User.Identity.Name
However, this only works after the user has tried to access a secured page and I want to know this when a user visist the public start page. Any ideas of how this can be done?
If you don't have Authentication you can't know which user is it. So I guess you can set cookie/localStorage for the next time he will get to the page.
OR
What I think will be preferable when using AD, you can provide sub domain for those users, so each time someone is coming from this sub domain you will know he is AD user.
I'm trying to implement Office 365 Single Sign On using WSFederation and I have built an ASP.NET MCV app according to these instructions.
It works to a degree; the user is directed to sign in to Azure AD and reaches the home page.
Some people who will use this app belong to companies who have their own custom Microsoft login pages- the user is redirected to these when they enter their email and press tab. If their login page is very customised, they then have to enter their email again. My question is this: is there a way to redirect the user to the custom login page automatically, since I already know which organisation they belong to?
I have tried changing the wsFederation homeRealm in the web.config to the organisation domain name, which ought to work but does not. It adds "&?whr=domain.org" (for example) to the end of the URL generated by the app. The reason it doesn't work is that when this URL is followed, Microsoft redirects the user to a slightly different address where they log in and the home realm (whr) parameter is lost.
Is there any way to automatically redirect to the organisation's login page? Or am I simply building the wrong type of app?
Thanks in advance,
LD.
Well, I seem to have answered my own question.
There are probably better ways, but this is what I did:
Using these instructions I created a sign in controller and passed the url of the actual login page (which is different from the url generated by the app) into the Redirect function. I added a whr parameter to this and everything redirects properly.
I am currently writing an ASP.Net MVC Web Application that will use three items of information to authenticate a customer and allow them to login to a secure area to view their booking details. The three items are:
the customer's booking reference number,
the customer's surname and
the customer's booking date.
I am currently using session to track the login of the user. I would prefer to use Forms Authentication as it is tried-and-tested and more secure.
Is it possible to use Forms Authentication with this kind of login? The MembershipProvider class's ValidateUser() method takes in as parameters username and password. I guess I would need to write my own Provider to accomplish this.
You don't need to use Membership for Forms Authentication. You just need the enable Forms Authentication Module in the web.config file, set up your login page with whatever credentials you want and use FormsAuthentication class to set the cookie.
Here is a sample, it does use the password, but you can set the authentication logic to whatever you want - check DB with the three parameters you need, etc. Then use FormsAuthentication.RedirectFromLoginPage to set the cookie and send the user to the requested page. You do need a unique ID to identify a customer, cause that's what the module will use on subsequent calls to set the identity.
Simple Forms Authentication
Here is an MVC sample, it uses the FormsAuthentication.SetCookie method to do the same
MVC Sample
My asp.net app uses Forms Authentication which works fine. I want to also be able to create 'magic' links that someone can follow the link and not need to log in. e.g. if a user visits
http://myapp.com/viewstuff.aspx
then they'll be redirected to login.aspx first, but if they visit
http://myapp.com/viewstuff.aspx?ThingId=1234&Expires=20121004153200&Signature=aksdjfhalsdfydmvbsdkfjhysdk
then it will automatically log them in as a guest account and let them view the requested stuff. I can generate such links and write the logic to check the signature is valid, but I'm not sure where in the ASP.NET lifecycle to put my logic. Any suggestions?
Currently I've put the logic into Application_AuthorizeRequest but it doesn't seem ideal as I need to Redirect() the user once I've authenticated them. I'd prefer to be able to set something so say 'ok, I've authenticated this person and set their identity, let their request continue'.
If anyone has an example of implementing this that would be great.
Well, sounds like you are on the right track. You will be redirected to your login page if viewstuff.aspx requires authentication, so you will need to put the logic there (in login.aspx.cs) to pull out your query string, pull apart the values and authenticate the user before passing them back to the returnurl.
Here is my scenario.
When anonymous user visits site collection's default site, custom login form panel is shown. This form is a webUserControl(.ascx file) that is embeded into page as webpart.
Then user enters username and password.
When submit button has been clicked, authentication will be handled by code behind of custom login form panel.
Here is my question. How can I call SharePoint's authentication method with the username and password that is entered by user. Simply, I want users to login through my custom login form panel instead of windows authentication window.
The only way to do this is to have you SharePoint site use Forms Based Authentication. There is an LDAP Membership provider you can use that will authenticate against an LDAP store. Usually that is Active Directory (which is what windows authentication uses to authenticate.). There are other LDAP stores you could use too.
The only way to have a custom login form/web part is to use FBA with a custom membership provider.
Considering that you don't want to use the FBA, and want to stick to Windows authentication then your only option is to use LDAP, that will allow you to carry on with the Login Logic of WebPart and with the Windows Authentication.
Refer these links
Link 1
Link 2