I have a website that was hosted by IIS to intranet. I want access the username of the each user who is accessing the website in intranet by using single sign on method. How can I achieve it?
I am using asp.net and c# languages in my website.
Use HttpContext.Current.User.Identity. You can cast Identity as WindowsIdentity to retrieve some more user information.
Related
using framework asp.net core - on .net core MVC jquery
In the account controller, I am attempting to obtain the user currently logged in to that machine on an intranet network. ie the windows authenticated user.
If I try WindowsIdentity.GetCurrent() is just returns the identity of the application pool. not what I need.
I have anonymous turned off and windows auth turned on in both the launchsettings.json and the IIS settings.
I understand that the identity middleware for abp framework I'm using is table based so the Controllers 'User' property is not what I need either.
I am wondering whether this is a limitation of the .net core?
You need to disable Anonymous Authentication and enable Windows Authentication for a specific page like Login page. This way, you say the Login page requires NTLM. So browser sends authenticated user information. And you can retrieve it with HttpContext.User.Identity.Name
Then there's next challenge! Authenticating this user with ABP. For this one, you can check out this StackOverflow post.
Am I mad?
I can create authentication providers using OWIN and ASP.Net Identity for Facebook, google, etc. But I have a requirement to authenticate my users against Windows. I'd rather not require the configuration of AD, or to tell IIS what Domain to authenticate against; I just want the IIS to authenticate as if the settings was Windows Authentication in the Web config.
But then I want to be able to get roles and user details. I want Roles in SQL Server. I also require the user first and last name, which are not directly available from windows auth).
In the past I have done this with a mixed authentication middleware, and grabbed the user details from the principle context when creating the user, store that in SQL, and in the authentication cookie. but this seems a bit of overkill here.
Has anyone succesfully used basic Windows Authentication but held roles and first/last name in sql?
thanks
Yes, you can use Windows authentication with ASP.NET and IIS.
This article, should be a good start.
You can then store users and their AD groups in the application, and manage access based on that mapping.
I have asp.net mvc3 application with forms authentication. But the our client request AD authentication as well. But the mvc3 app is hosted outside the clients network. What are the possible solutions for this.
Get permission to access the clients network from remote server.
Get an API to access the active directory data from webserver.
If we choose opt one how could we access active directory for authentication from outside the client network. I anybody have any idea or better options please let me know. Thanks in advance.
My guess is that the Microsoft security products can support this out of the box but I'm not sure how so I suggest that you direct your question to whoever supplies your client with their Microsoft product support.
If you'd rather build a solution so that you've got more control over how it works a quick search found an interesting approach at https://support.freshservice.com/support/solutions/articles/169196-setting-up-active-directory-single-sign-on-sso-for-remote-authentication where they created a simple ASP.Net web site that used AD authentication for sign-on. MVC 5 can build a WebApi site that does that just by creating a new project in Visual Studio with the right options.
That site wouldn't have to do anything except confirm that the credentials supplied were valid or not. Your application would ask the user to enter login / password details, then send a (properly secured) web request to the authentication site to determine whether they're valid. As long as you keep the communication between your server and the client web service tightly secured this should do what you need without much fuss. That approach removes the need for your server to communicate directly with the client's AD server.
I am trying to understand concepts of windows authentication, forms authentication and their differences. I am confused. Can someone help me in clarifying this.
Thanks.
Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.
There are 4 types of Windows Authentication methods:
1) Anonymous Authentication - IIS allows any user
2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).
3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above
4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption
Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.
Windows Authentication refers to authenticating against Windows user accounts on the box that the application is running on.
Forms authentication is a stand alone method of authenticating in .NET forms that you can hook up to some other system, such as a database.
It's pretty simple. Windows Authentication makes use of the Windows Login system.
http://en.wikipedia.org/wiki/Integrated_Windows_Authentication
And with Forms Authentication the user will need to provide a username and password manually.
http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-vb
The Forms Authentication also allows you to choose where you access the login data from. It could for example be stored in your own local database. While Windows Authentication is only going to use your Windows login data. This data usually comes from Active Directory, if your network is built using an enterprise/buisness/domain setup.
http://en.wikipedia.org/wiki/Active_Directory
Windows Authentication-- The user will be authenticated on the IIS server against the credentials he provided when logging into his system. If the authentication fails then a pop up form will be displayed in the Internet Explorer asking for his credentials i.e. username and password.
Forms Authentication-- A default Login Page will be available like Facebook login, where user will be authenticated instead of automatically getting the credentials from the system credentials i.e. the current user of the Windows system. If the user requests a secure page and has not logged in, then ASP.NET redirects him/her to the login page. Once the user is authenticated, he/she will be allowed to access the requested page. Here IIS does not come into effect for authentication, it completely depends on the web application.
I have a VB6 application using a WebBrowser control to access a site.
I need to push the user's Windows Authentication credentials to the control so he won't get asked to enter his user and password when he accesses a web application in an intranet.
I have seen solutions in .NET like this post.
Send credentials to WebBrowser
Is there a way to achieve this with Visual Basic 6?
The VB6 WebBrowser control will exhibit the same behavior as IE--so if the URL is in the trusted sites or intranet zones it should automatically use your network credentials--no coding necessary.
If you want to programmatically add your URL to a zone, use the SetZoneMapping function.