I'm using Visual Studio 2015 with MVC 5 and need to enable both Windows and Forms Authentication for the same app. I read that one approach is to have two apps: one has Windows Auth enabled; the other has Forms Auth (main app that contains all the pages).
If the user is authenticated via the Windows Auth site, their credentials are passed to the Forms Auth site; otherwise, they'll have to enter their credentials.
I've been searching for a way to do this. Would the Windows Auth app somehow send the person's username only to the Forms Auth app, which would then assume if a name is provided the user is authenticated?
How would you do this? Thanks.
The solution I found, which is quite effective, is to use the OWIN Mixed-Auth library by Mohammad Younes. This will allow your users to log on via either Windows or Forms auth. In addition, for Windows, you can customize it so it passes through seamlessly -- the users don't have to provide their credentials; the app fetches that from their system.
I suggest you download a sample from the link above and get it working; then apply the changes to your app.
Related
I've just built my 1st asp.net mvc application and deployed it in remote IIS.I don't want to have any login option for the application but would like to authorise users based on their user-ids(eg:domainname\username) without any login.I tried using authorize attribute but it is working only when windows authentication type is enabled and is asking for windows login(windows login popsup) whenever the application is opened and doesnot work even after giving the login credentials.
Can someone please assist me on how to implement it without any authentication?
Please let me know if you would like me to add any other details.
I am developing an intranet application using ASP.NET MVC 4. I am using custom forms authentication. When the user accesses the application I want to take the user's Windows logged-in username and check that username in my database. But I don't know how to take that username. I try to take it using the following code:
string CurLoggedInUsername = Environment.UserName;
This gives me the username when I run from Visual Studio, but when I host my application on IIS it gives a weird value. I also tried to use
string CurLoggedInUsername = httpcontext.current.user.identity.name;
but no use. Is there a way to get the user's Windows logged-in username before authentication?
It sounds like you may need to consider mixed-mode authentication. I.e. Windows and Forms authentication. The thing is they don't necessarily play well together.
The following article describes the problem and how to overcome it. The thrust of the article centres around how a 401 challenge (Windows authentication) and 302 redirect (forms authentication) are incompatible in > IIS 7 integrated mode and a way to use a couple of forms and HTTP pipeline interception to get at user details. I used the approach successfully for a large public sector client (albeit for a webforms application). I'm sure the principles are the same.
IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication
I forgot to add in the code examples the right place to look for Windows authentication credentials are presented. It's been a while, so I can't remember it off the top of my head.
Okay so what I'm trying to do is create a desktop application in Visual C# that allows the user to log in using the same credentials as the ones with which they used to sign up to my MVC website. ASP.Net MVC creates an account controller which handles all the security and password hashing, and I basically want to be able to have the application check the password they enter in the desktop app against the one they created online.
The problem is there is no SimpleMembership for windows desktop apps so I have no idea how to handle the login and password encryption/decryption from the desktop app.
Once again, user creates username and password online, they must then be able to sign in with those credentials in a desktop app, checked against the same database.
Can anyone show me a way of doing this?
You can use Client Application Services to utilize existing ASP.NET membership provider as long as it implements Forms Authentication. For the detailed walkthrough please see this article. You can also read through this article.
Is it possible to grab a users windows credentials (i.e. username) without having windows authentication enabled in IIS? With windows auth disabled the code below returns either NT AUTHORITY or IIS APPPOOL\ASP.NET v4.0 depending on if impersonation and anonymous authentication are enabled or not.
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
I am converting an asp.net web application that is using forms authentication to custom authentication. Basically if a user is connecting from outside the network I force a credential check whereas if they are connecting from within the network I would like to be able to just grab their windows username. The internal portion works when I turn on windows authentication but I get the popup login box when testing outside of the network. I either need to disable windows authentication for non local connections or figure out how to get the windows username with windows authentication disabled. Any suggestions? (The other alternative i thought of was splitting the application in two and having separate authentication modes for each but I'd like to avoid this).
-I have also tried:
System.Web.HttpContext.Current.User.Identity.ToString();
System.Threading.Thread.CurrentPrincipal.ToString();
something like this is actually (kind of) possible using Active Directory Federated Services. In the event of a windows user from inside the network they can be configured to use their account details. For external users, they can be redirected to a page that will require them to log in.
However. This is very heavy-duty and an extreme pain in the..neck to implement and is really only applicable to enterprise solutions that have the resourses to use this kind of solution. Otherwise, I'd say go with the 2 site approach.
Simple answer is no.
Best solution is to create 2 sites. One for internal users that user windows authentication, one for external user that user forms authentication but authenticate against AD. You can make users always go to external site by default and then redirect based on their IP. That is redirect intranet users to internal user.
I thought this would be a very common practice, but I am having a hard time finding anything on how to show the user a default windows authentication credential prompt in c#?
Users will be using this windows forms app to connect to a web service on a different domain, so I cant just pass in the default credentials. These users will have a separate login to access the web service, and I want them to be prompted by the default Windows prompt, and then I can pass their creds through to the web service.
Thanks!
This was answered on SO a while back, I believe. You can use the credential management API. Here's a link with a code example that should get you started.
You need to P/invoke CredUIPromptForWindowsCredentials on Vista and up, or CredUIPromptForCredentials on XP.