In my web application, I have put encrypted password like:
<add name="ConnectionString1" connectionString="Data Source=abc;Initial Catalog=dms;Persist Security Info=True;User ID=sa;Password=****************" />
and at run time, I decrypt it and use it.
It works fine in all pages, but in 1 page it shows error like
Login failed for user 'sa'.
there is no error anywhere. I debug many times, but still it continues.
Instead I use actual connection string it works fine.
what should I do?
Related
I changed authentication method from Form to Windows in Web.config file and added two keys into App.config:
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
After doing that and logging in to my application I get redirected back to login page instead of the one that I usually was redirected before.
Also I have noticed that the code is entering in the class extending HandleErrorAttribute and then executing Application_Error method which is catching an exception saying: "Server cannot set content type after HTTP headers have been sent" before redirecting to a login page.
What am I forgetting to do?
First of all, I am new to asp.net. I am facing a wired issue with my asp.net Web Api2 project.
My SQL Server is hosted in an Azure VM and I am using Owin middleware for authentication. These are the connection strings I using to connect to my database:
<connectionStrings>
<add name="DefaultConnection"
providerName="System.Data.SqlClient"
connectionString="data source=13.**.***.***;initial catalog=A***;persist security info=True;user id=***;password=***;MultipleActiveResultSets=True;" />
<add name="DatabaseEntities"
providerName="System.Data.EntityClient"
connectionString="metadata=res://*/DatabaseModel.csdl|res://*/DatabaseModel.ssdl|res://*/DatabaseModel.msl;provider=System.Data.SqlClient;provider connection string="data source=13.**.***.***;initial catalog=A***;persist security info=True;user id=***;password=***;MultipleActiveResultSets=True;App=EntityFramework"" />
</connectionStrings>
Now the problem is, when I register an user, in localhost, it works and I can see newly created in my database, but when I publish my app to azure web service, it creates new user successfully (I see status 200 OK on postman) but I don't see the user in the database.
Everything works as expected, I just don't see newly created user on my DB, its being saved somewhere else.
I've been looking for solutions for last 2 days, no luck yet. Anybody to help me on this ?
Thanks
You need to check the DBContext Connection string name. It might some thing different than what you are expecting.
My website has Windows Authentication enabled with Negotiate provider listed first as I want to use Kerberos for delegating. It works fine when I run the website from a browser on the web server itself. When I use IE from another machine in the domain, I get the login box. After 3 tries I get a HTTP 401.2 error: Unauthorized.
I've made sure the domain account used by the Application Pool has Read and Execute rights to the website folder, and so does the domain account I'm logging in under when hitting the website (and I've also thrown in 'Authenticated Users' for good measure).
Interestingly if I try to access the site using the web server's IP instead of the name, it loads fine.
Anyone have thoughts?
One year after my first encountering this problem I've solved it.
Got the tip from http://blogs.technet.com/b/proclarity/archive/2011/03/08/useapppoolcredentials-true-with-kerberos-delegation-on-2008.aspx
Need to set useAppPoolCredentials="true" on the windowsAuthentication element in applicationHost.config (can set via IIS Manager)
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true">
<providers>
<clear />
<add value="Negotiate" />
</providers>
<extendedProtection tokenChecking="None" />
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
The reason you're getting a 401.2 when using a DNS name is most likely due to the fact register the name you're using as a service principle name (SPN) in AD.
Here's a couple of links that should help you out:
Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5
http://blogs.msdn.com/b/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx
Register a Service Principal Name for Kerberos Connections:
http://technet.microsoft.com/en-us/library/ms191153.aspx
I have the following structure for my web application:
In my root web config, not in the Areas/Admin/Web.Config I have the following:
<location path="Areas/Admin">
<system.web>
<authentication mode="Windows"></authentication>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
I have my own authentication working on the main root of the web site no problems by using the [Authorize] tag.
Now for the Areas/Admin I'd like to use Windows Authentication.
In IIS (Server 2008 R2 Machine), I have the Admin folder configured as an application:
And when I click on Areas/Admin in IIS, under Authentication, I have Anonymous disabled, and Windows Authentication Enabled.
However, when I attempt to access this folder via the web site, it does not prompt me for my domain username/password. It just loads up the page.
If I go to www.website.com/Areas/Admin, it then prompts me for the username/password. But I need it to use the AreaRegistration, and have it prompt when I go to www.website.com/Admin.
I've been able to configure an entire site as Windows Authentication, and that works like a charm.
Any thought to lead me in the right direction? Or, if you need more information, please leave me a comment and I will be more than happy to give you what I can.
From doing research, I found that the only way to make this work, is to create a 2nd "admin" site which runs as an application under the main site. Doing so, allowed me to setup permissions on that site.
I've got a site that's integrated with WIF for security and mostly everything is ok. It's redirecting and dealing with load balancers etc.
I've noticed on a few requests it's bouncing to the sts and back, if it's a get request not a problem but it's happened a few times with AJAX requests and also with regular post requests.
I'm thinking that other people must have the same issue's and that I must of missed something in the configuration. I really don't fancy writing a custom implementation to deal with this requirement.
Any help?
Thanks
It will only redirect if the resource (page, image, CSS, etc.) is secured and needs the user to authenticate. If you need to make sure that this doesn't happen for certain areas, you can try allowing anonymous access within the web.config:
<location path="UnsecuredResource">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
What's happening with the hop is that the client-side authentication has either expired or does not exist so the browser is redirected to the STS. The STS has a persistent cookie that recognizes the user from their previous login so it simply authenticates and sends the user back to the application, which signs them in automatically.
If the session is expiring on the client side, that could be causing the need to re-authenticate. Make sure there isn't anything that would be causing the session to expire or get lost.
Hopefully this helps. A little more info would help to debug this issue.