I am using IIS 10 with Windows authentication.
I can see the windows username in the log files, and i am looking for a way to capture it (after authentication) and using rewrite to store it in a request header
Is that possible without too much fuss?
You can do this with VB or C#, I will give an example of both
VB.NET:
If User.Identity.IsAuthenticated Then
Label1.Text = User.Identity.Name
C#:
if (User.Identity.IsAuthenticated)
Label1.Text = User.Identity.Name;
Hopefully this is what you needed
Related
I have a website (internal application) which requires a username and password which is the same as their windows login credentials. Single sign on is technically not possible. I have about 1000 clients which need to enter their account details every time so I would like to automate this. Is it possible to script something where the user clicks on a shortcut on their desktop and is automatically logged in with the windows credentials on the website? Thanks for any ideas.
If your site is hosted on the IIS server for internal use than you can try to refer example below may help you to solve your issue.
Code:
// Ensure Directory Security settings for default web site in IIS is "Windows Authentication".
string url = "http://localhost";
// Create a 'HttpWebRequest' object with the specified url.
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);
// Assign the credentials of the logged in user or the user being impersonated.
myHttpWebRequest.Credentials = CredentialCache.DefaultCredentials;
// Send the 'HttpWebRequest' and wait for response.
HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
Console.WriteLine("Authentication successful");
Console.WriteLine("Response received successfully");
DefaultCredentials represents the system credentials for the current security context in which the application is running. For a client-side application, these are usually the Windows credentials (user name, password, and domain) of the user running the application. For ASP.NET applications, the default credentials are the user credentials of the logged-in user, or the user being impersonated.
Reference:
CredentialCache.DefaultCredentials Property
I am developing app using Xamarin Forms. I have created a directory on azure portal. As i see references over internet , active directory authentication uses Microsofts login page to log in.
I want to create native login form and pass user name to active directory and authenticate it.
Is it possible to pass user credentials programatically and authenticate user?
How can i pass user credentials?
I have tried following but i got "(411) Length required" exception
var request = WebRequest.Create(string.Format(#"https://login.microsoftonline.com/{0}/oauth2/token?client_id=5e811f4f-4fa4-451e-a439-ca05cabc02d7&grant_type=password&username=02atul.com#gmail.com&password=userpassword&scope=openid", tenant));
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
using (HttpWebResponse response = await request.GetResponseAsync() as HttpWebResponse)
{
if (response.StatusCode != HttpStatusCode.OK)
Debug.WriteLine("Error fetching data. Server returned status code: {0}", response.StatusCode);
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
var content = reader.ReadToEnd();
if (string.IsNullOrWhiteSpace(content))
{
Debug.WriteLine("Response contained empty body...");
}
else {
Debug.WriteLine("Response Body: \r\n {0}", content);
}
}
}
My username is my email id. Is it correct user name? As i am getting bad request error now. What's missing?
Technically you could use username and password flow which is described in more detail here with ADAL.
However, you need to revisit your scenario and understand if it really accomplishes what the Azure Active Directory Platform is for.
Users use OAuth2 based authentication to get the security and safety of only having to share their passwords with trusted identity providers like MS, FB, Google, etc... In general, the safety conscious person will NOT want to type in a password into your random website, and trust that you do not abuse that information. If you want to use AAD, you should also use our login experiences, as this is really what the customer is paying for in our service in many regards.
EDIT: If ADAL no longer supports this flow, you can simply generate the http requests yourself:
POST: https://login.microsoftonline.com/xxxxx.onmicrosoft.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}&scope=openid&client_secret={clientSecret}
I've tried hard to familiarize myself with the different authentication protocols for Windows (NTLM v1, NTLM v2, Keberos, LDAP..) and based on that understanding I believe NTLM (v1/2) should be the target implementations.
I have a simple web application developed in Scala Play for which I would like it to have a login feature based on the AD credentials of a user (manual or through the existing workstation session).
That being said, I am struggling to get it to work. I found a few libraries on the web mostly poorly documented and others commercial only.
A simple example, or resource as to how to get it working would massively helpful.
You can have a try on JCIFS, sample codes as follows:
Config.setProperty("jcifs.smb.client.connTimeout", "1000");
InetAddress ip = InetAddress.getByName("domainControler");
UniAddress myDomain = new UniAddress(ip);
NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication("domain_name", user_name, password);
try{
SmbSession.logon(myDomain, auth);
}catch(Exception sme){
//Login failed.
}
Today I tried to login on a page containing an auth form.
I'm using RestSharp on Windows Phone 7 and I tried almost everything but it didn't work.
In a browser on my desktop computer, when I use the login page (http://myanimelist.net/login.php) and enter my valid credentials, I'll be redirected to the panel page (http://myanimelist.net/panel.php)
On Windows Phone 7 (and 8) when I try to use RestSharp to auth myself, I'm redirected to the panel page but with the following error :
Error: You must first login to see this page.
In fact I'm not authenticated and I don't have the right to see the panel page.
I tried the same thing in a WPF application and there it worked.
In my WPF app I've the following code:
var client = new RestSharp.RestClient();
client.BaseUrl = "http://myanimelist.net/login.php";
client.Authenticator = new SimpleAuthenticator("username", "mylogin", "password", "mypassword");
client.CookieContainer = new CookieContainer();
var request = new RestRequest(Method.POST);
var response = client.Execute(request);
The property "response.Content" will contain the page with some informations and a Welcome message with my login. It means that I'm authenticated.
But...
With the following code in Windows Phone 7, the property "response.Content" will contain a page with some informations and the following message in it:
Error: You must first login to see this page
And here is the WP7 code used:
var client = new RestSharp.RestClient();
client.BaseUrl = "http://myanimelist.net/login.php";
client.Authenticator = new SimpleAuthenticator("username", "mylogin", "password", "mypassword");
client.CookieContainer = new CookieContainer();
var myRequest = new RestRequest(Method.POST);
client.ExecuteAsync(myRequest, response =>
{
var t = response.Content;
});
Did I miss something? Is there a difference between RestSharp on WP7 and a WPF app?
I used Fiddler to check what happens and I can see that the cookie is never set on WP7 (in the WPF app the cookie is set).
Edit:
I found something interesting, when I get the response, I can see in Fiddler that a cookie is set in the WPF app and in the WP7 app.
So I tried to add the cookie in my WP7 app before to make my request and it worked.
I added the value I could see in Fiddler but I can't find a way to retrieve these values with RestSharp.
Here is what I tried to add before to execute my request:
myRequest.AddParameter("A", "theFirstValue", ParameterType.Cookie);
myRequest.AddParameter("B", "theSecondValue", ParameterType.Cookie);
In fact I found a way to do it.
In the response I've the cookie in the Header (Set-cookie). I extract the cookie from the header and add it to my next request which requires the cookie.
I am working on ASP.NET 4.0 MVC3 web application that works in intranet environment. The application makes use of Windows authentication. Its application pool is run by domain user that has spn set on a domain controller. Authentication works using Kerberos (on IE and Firefox after some additional configuration).
Now I want to upload files to sharepoint, but it's important for me to upload the file as the user currently logged in into the application (so the file is created on Sharepoint with his/her credentials).
I have the following code in ResourceExists(Uri uri) function:
'...
Dim identity As System.Security.Principal.WindowsIdentity = HttpContext.User.Identity
Dim impersonationContext = identity.Impersonate()
response = request.GetResponse()
impersonationContext.Undo()
'...
This works when running locally, but when I deploy to the server I get the exception:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.\r\n at WebDav.WebDavClient.ResourceExists(Uri uri)\r\n at Website.Website.WebdavController.Upload(HttpPostedFileBase file, UploadViewModel vm)
I read something about passing on the credentials, that is not possible with NTLM, but I am sure I am using Kerberos (I checked the headers with wireshark and fiddler) and I see the following:
Authorization: Negotiate YIIFpQYGKwYBBQUCoIIFmTCCBZWgJDAiBgkqhkiC9x...
Any ideas why the impersonation does not work when running on the IIS server?
I found the answer here:
http://support.microsoft.com/kb/810572
"Kerberos does not work in a load-balanced architecture and IIS drops back to NTLM authentication. Because you cannot use NTLM for delegation, any applications or services that require delegation do not work. For more information, click the following article number to view the article in the Microsoft"
And that was exactly the case. I tried now with another machine that is not load-balanced and it works.
The only thing that still surprises me is that ImpersonationLevel of the identity is still Impersonate not Delegate...
After setting <identity impersonate="true"/> in your web.config try the following:
using (((WindowsIdentity)User.Identity).Impersonate())
using (var client = new WebClient { Credentials = CredentialCache.DefaultNetworkCredentials })
{
string result = client.DownloadString("http://sharepoint");
}
you need to configure your site correctly in IIS for impersonation to work.
see Configure ASP.NET Impersonation Authentication (IIS 7)