I've got windows authentication in one of web projects I've been working on. Due to all other have forms authentication, I want to implement it also in this particular project. I've followed this article http://www.codeproject.com/Articles/37558/Windows-Authentication-Using-Form-Authentication and added new login page, but after running project I've got redirected to the same default page it used before.
Here's changes which I made to web.config:
<authentication mode="Forms">
<forms loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
What are my possible mistakes?
When switching to Forms Authentication from Windows Authentication, you'll need to disable Windows Authentication in IIS for your Application. It doesn't do it for you automatically when you enable Forms Authentication in the web.config.
You most likely have both Forms and Windows Authentication enabled in IIS on your Application. I believe IIS will default to Windows Authentication in that case and bypass your login form.
To check that, you can do the following:
Go to IIS
Locate your Application
Go to Authentication
Adjust the following
Anonymous Authentication: Enabled
ASP.NET Impersonation: Disabled
Basic Authentication: Disabled
Digest Authentication: Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled
You can also disable Anonymous Authentication if you don't want a landing page prior to logging in as well.
Related
I'm writing an ASP.NET v4.5.2 Windows Application / Windows Form for our sales team to use and I don't want them to have to log in. I want to compare their windows domain/userid to a userid that I have in a database for authentication. I can get the domain/userid to display correctly in Visual Studio by using:
string userLogin = Request.LogonUserIdentity.Name;
But when I deploy the application to our server this is what is displayed:
NT AUTHORITY\IUSR
The server is 2012 running IIS 8 and here are the settings for this web page:
Anonymous Authentication: Enabled
ASP.NET Impersonation: Disabled
Basic Authentication: Enabled
Digest Authentication: Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled
I've read this:
Get Domain User ID in ASP.NET
and followed the instructions but run across problems.
The first problem is that when I Disable Anonymous Authentication in IIS I get a 404 - File or directory not found error.
Another problem is that when I put this tag in web.config
<authorization>
<deny users="?"/>
</authorization>
I also get the 404 error.
I have also changed authentication mode in web.config to this:
<authentication mode="Windows" />
And still get the 404 or incorrect domain/user information (depending on the IIS settings).
I've started a project named test just to debug this problem.
When I disable Anonymous Authentication in IIS the url changes to this:
servername/test/Account/Login?/ReturnUrl=%2Ftest%2FAccount%2FLogin%3FReturnUrl%3D%252Ftest%252FAccount%252FLogin%253FReturnUrl%253D%25252Ftest%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252Ftest%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252Ftest%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252Ftest%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252Ftest%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252Ftest%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252Ftest%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252Ftest%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252Ftest%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252Ftest%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252Ftest%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252Ftest%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252Ftest%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252Ftest%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252Ftest%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252Ftest%25252525252525252525252525252525252F
Keep in mind that I'm writing my own login and not using .NET's.
My apologies if this is a duplicate question but I've done a lot of reading on here and other blogs and still get the same behavior no matter what I try.
Thanks in advance for the help.
I need to authenticate into a web app using Single Sign-On, through Active Directory. I want to get the userName doing: System.Threading.Thread.CurrentPrincipal.Identity.Name, and then, through LDAP, get the password from the AD, and log into the web app.
The problem is that System.Threading.Thread.CurrentPrincipal.Identity.Name returns empty.
Here is my Web.Config:
<authentication mode="Forms">
<forms loginUrl="~/SignIn" timeout="120" />
</authentication>
Now, I'm using active directory as a way to authenticate, and it works fine. But I also need to make it Single Sign-On.
Thanks
You need to activate Windows authentication.
<authentication mode="Windows" />
Don't forget to install the Windows Authentication feature for IIS.
If you want to use mixed authentication (Forms & Windows at the same time) I recommend OWIN-MixedAuth
You can use HttpContext to retrieve the user identity. You must set authentication mode as "Windows Authentication"
https://stackoverflow.com/a/40938106/950944
I have started looking into Forms Authentication with Windows Authentication (I believe its called Mixed Forms Authentication, but I could and probably am wrong)
So far I have discovered in my web.config file I need to add the following lines:
<authentication mode="Forms">
<forms loginUrl="~/Login"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
which I have done. But the next part confuses me. I have been reading about WinLog and WebLog pages and one has to be Windows Authentication and the other a forms Authentication.
I am under the impression this is how the flow should go
Add the lines above to your web.config
Brings user to login page
User gets redirected from another project that has Windows Authenication with the creds they filled and the other project sends a response saying yes or no.
The part after the web.config is super confusing, can someone tell me if I am on the right track or far from it?
What I am trying to do is not have an ugly dialog box, but instead have a custom login page.
If someone can point me in the right direction, that would be great.
ASP.NET has 3 different ways of authentication:
- Windows
- Forms
- Passport
Mixed mode authentication has been known as a somehow problematic way of authenticating users, in order to achieve it, you'll need one application to authenticate the users from a form, and another one to authenticate the users from IIS.
You will find some more info here:
ASP.NET MVC and mixed mode authentication
http://aspalliance.com/553_Mixed_Mode_Authentication.all
https://msdn.microsoft.com/en-us/library/aa291347(v=vs.71).aspx
I have an asp.net MVC application that will be running on our company's intranet. I want to retrieve the logged on/windows identity of the user in lieu of a login page. Using Current.Request.LogonUserIdentity.Name and running on my local Visual Studio (ASP.Net Development Server), I am able to retrieve the user's domain/username. When published to my intranet webserver(IIS 7), I am only able to retrieve the username of the service my app pool is running under. Is it possible, using Forms authentication, for me to be able to retrieve the logged in user? Many of the discussions I have found suggest switching to Windows authentication...which is not an option for me at this point. My current authentication is forms:
<authentication mode="Forms">
<forms loginUrl="~/User/Logon" timeout="2880" />
</authentication>`
my IIS has Anonymous, Impersonation, and Forms authentication enabled.
Did you try Thread.CurrentPrincipal.Identity?
I am developing a simple ASP.NET website that will run on the intranet on a WS2008(IIS7) box and respond to users running XP/IE8. Everything is domain connected and I am trying to automatically login the users much like SharePoint does.
On my dev machine (XP), when running the site through VS, everything works. I can pickup on the user perfectly. I am using the following settings:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<anonymousIdentification enabled="false"/>
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
However, when I publish to the WS2008 box, it doesn't work. Clearly I am missing a setting in IIS7 to support this.
I have the following set for Authentication on the site:
Anon Auth - Enabled
ASP.NET Impersonation - Enabled
Basic Auth - Disabled
Forms Auth - Disabled
Windows Auth - Disabled
What am I missing?
Thanks
Try disabling anonymous login from the iis. Go to the security options for the site on IIS and uncheck the Enable Anonymous login. Make sure that windows authentication is checked.
Edit:: If the login box appears when trying to login with IE, there is a setting that you can set so that IE sends the username when used in the intranet sites. Go to tools > internet options > security and in the security settings select the option Automatic Logon with current username and password or Automatic Logon only in intranet Zone You have to make sure that the site you are trying to use is added in the intranet zone.
There is a similar setting with firefox and chrome I believe but I am not sure how to set it up
You need to enable "Windows Authentication" in IIS and disable "Anon Auth"
Here are the settings, you should be using:
Anon Auth - Disabled
ASP.NET Impersonation - Enabled
Basic Auth - Disabled
Forms Auth - Disabled
Windows Auth - Enabled
Consider also the intranet zone settings for the browser, as well as the security settings. Try adding other flavors/variations of the URL to the intranet sites zone in IE. My understanding is this is how IE determines if it should automatically submit credentials instead of prompting.