Here is my scenario.
When anonymous user visits site collection's default site, custom login form panel is shown. This form is a webUserControl(.ascx file) that is embeded into page as webpart.
Then user enters username and password.
When submit button has been clicked, authentication will be handled by code behind of custom login form panel.
Here is my question. How can I call SharePoint's authentication method with the username and password that is entered by user. Simply, I want users to login through my custom login form panel instead of windows authentication window.
The only way to do this is to have you SharePoint site use Forms Based Authentication. There is an LDAP Membership provider you can use that will authenticate against an LDAP store. Usually that is Active Directory (which is what windows authentication uses to authenticate.). There are other LDAP stores you could use too.
The only way to have a custom login form/web part is to use FBA with a custom membership provider.
Considering that you don't want to use the FBA, and want to stick to Windows authentication then your only option is to use LDAP, that will allow you to carry on with the Login Logic of WebPart and with the Windows Authentication.
Refer these links
Link 1
Link 2
Related
I want to implement the following functionality: I have a website I'm creating in ASP.NET Core 6 and it will be both accessible from inside and outside of the server's network.
When accessed from the outside, I only want to enable password login. But when accessed from the intranet, I want to have a button on the login page that says "Log in with Active Directory". I have a Login table in the database that has a column that has Active Directory credentials in it. So when the user presses this button, I want to lookup in the database whether the AD user is in the database, and if yes, I want to store cookies detailing which user has logged in, and from that point on I only want to use CookieAuthentication.
I have been researching this topic for only God knows how long, and haven't been able to find what I need. Negotiate auth is not good for me (by itself) because I want to treat all users from the login onwards the same, and because a User can be only authenticated with AD if the credentials are in my Login table.
If I have an Asp.NET Core 2.1 Website set up using Windows Authentication how do I sign a user out who has signed in using Windows Authentication?
I saw this post but it was asked in 2009. Just wondering if signing out a windows user is now possible.
Short Answer: No.
You would need to use Forms Authentication. The Windows Authetication flow has not changed since that question was posted.
If you do not want to move to Form Authentication you could create your own form of "Logging Out" by mananging a logged on bool in the database for that user and then returning 401 Unauthorized. I strongly advise not doing that and you should implement Forms Authentication.
This still stands true:
No server-side logout button will work when using "Windows"
authentication. You must use "Forms" authentication if you want a
logout button, or close the user's browser.
Thus you would need to use a different form of authentication if you want to be able to logout the user
I'm working in a small sap.net mvc intranet application and need to create the following behavior:
Use windows authentication using the current user
If the user has a specific trait (kiosk account), prevent login and display a login page
This new logon will be authenticated using AD and if valid, replace the initial user (Controller.Context.User.Identity.Name)
[Authorize] tags need to work.
What would be the right approach for this?
EDIT: what I need to know is how I replace the implicit user with the one that logons manually
If you want to use another user context try to use winapi function CreateProcessWithLogonW or CreateProcessWithTokenW
I have already created a form authentication application. I had User table and created a custom membership provider. My user table has relations with other tables such as roles and permissions.
I change that to work using Windows Authentication. It looks easy but I have no clue how to still be able to read permissions from my tables? some tables are related to User table and requires user id, what to do here? should I break the foreign key?
If a user is accessing the page from LAN, s/he should get logged automatically, but if they accessed the application over internet, I should allow them to login? How to do this? What passwords should they use to login (active directory or my User table)?
I hope i get simple and easy answers.
Regards
In your controllers you can use User.Identity.Name to get the users AD username. You can then add a field to your users table called ADUSername (or update the values in the existing username field) so that you can link the logged in user to the existing user record in your database.
You don't have to do anything, if the user is accessing it from an external network or any machine that is not on the domain the browser will pop up a username/password prompt.
If you use Windows authentication, the user is going to be prompted for credentials just to access your site. You won't be able to prevent that. They won't even get to your code until they are authenticated.
We've done similar things using SSO (single sign-on), though I've never tied it to Windows authentication. The idea would be that you have two apps that share user credentials and, if you are logged into one, you are logged into the other. The first app would be your normal application which supports forms-based authentication. The second would be an app that only does Windows authentication and then, upon successful login, redirects to your normal application. Since you're already authenticated, the normal application simply creates it's standard authentication cookie and takes you to the main page of the application.
Typically these work by passing a token in the URL which you can then redeem via a back channel to the SSO server (or, in your case the Windows authentication server) to confirm that the token is authentic. The response to the back channel call contains the user name and other pertinent details if the token is successfully redeemed.
A sketch of the process might look like:
Get request to protected action on site.
If not authenticated, redirect to login site without token
Your login site contains both a forms-based login form and a link to the Windows authentication url
User clicks the Windows authentication url
Windows authentication site authenticates, creates a one-time use token in DB for user, and redirects back to your login action with token
Your login action redeems the token via back channel WebRequest to the Windows authentication server.
Windows authentication server validates the token, marking it as used, then returns the username to your login action.
Your login action creates standard forms authentication cookie and continues as normal.
I am developing a large asp.net based application. Certain pages & links require user authentication. At some page, I have links and form submission for which I first need to authenticate the user. Here is an example:
In PageX I have a link L1. When user click, i check if user is authenticated or not. If not I redirect to login page. Once, the user is authenticated, I redirect back him to the PageX. But the problem is, I don't want the user to click L1 again! Instead, I want the L1 action to be executed once user is authenticated and its results displayed etc.
I am trying to have a good solution to this problem. Any idea on how to accomplish this?
ASP.NET's Forms Authentication addresses this scenario. You can deny all unauthenticated users to all pages or (more commonly) deny unauthenticated users to a proper subset of pages.
there are several way of doing it:
1, The build-in way of Form Authentication, correct me if i remembered wrong, you should be able to add your own login logic and integrate your login control with Form Authentication provider
2, assign L1 url link to query string or a session if user is not login, and add logic to your login control, redirect user when login is successful.
Use Forms Authentication.
It's baked into ASP.NET and does exactly what you're talking about.
The User will click on a link. If they're not authenticated, they will be redirected to a login page (one of the parameters to the page will be the destination URL they were trying to reach). After a successful login, the User will be redirected to the page they requested instead of having to click the link again.
You also need to make sure you have your web.config set up to properly allow/deny unauthorized access to your application as described here:
Setting authorization rules for a particular page or folder in Web.config