I am using windows authentication on an intranet that has been duplicated for two different environments with different servers being accessed. I am using a domain without periods rather than IP so it should log in automatically but it prompts for a login on site 1. On site 2 it prompts for a login, but regardless of which user logs in, WindowsIdentity.GetCurrent().Name always returns my login which was the very first login rather than the current user.
Here is my configuration:
Anonymous authentication: disabled
Windows authentication: enabled
web.config:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
Why is it prompting for a login and why is one instance logging in properly and the other not?
Made the mistake of setting a user when the application was created. It is working now.
Related
I want to have a web page on my website on Windows 2012 R2 server that only John.Doe can access. The page is on the test folder and I assigned John.Doe to have Read and Execute permission but I cant access the page with John.Doe credentials on the web browser.
This type on configuration was working on Windows 2003 server. Why it didnt work on Windows 2012? Please help!
TIA
when you run the iis site it runs under the application pool identity, not user the specific user. if you want to run as a specific user you have to assign the custom account in iis application pool identity.
try to use a process monitor to troubleshoot the issue:
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
code to restrict user:
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="" roles="Administrators" />
</authorization>
</security>
</system.webServer>
</configuration>
https://learn.microsoft.com/en-us/iis/configuration/system.webServer/security/authorization/
https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:
<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
type="LightLDAP.SitecoreADRoleProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
sitecoreMapDomainName="ad" />
</providers>
</profile>
looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).
Just finished setting up AD integration without username and password.
From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.
However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.
I have an MVC 4 web application that log off some users quickly. The authentication cookie seem stetted up correctly (I also setted timeout to 720 (12 hours)). I also setted session timeout on config file and in IIS. The issue seem's to happen on IE most of the time user get logged off after like 10 minutes. And as usual I can't reproduce the issue on my end.
I am wondering if an ajax call could cause the issue? Or an http header? I searched a lot about that issue and found nothing outside of basic web.config settings.
There is my configs for session, membership and authentication
<sessionState timeout="720" mode="InProc"/>
<membership defaultProvider="SimpleMembershipProvider" >
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
<authentication mode="Forms">
<forms requireSSL="false" domain="dpars.com" loginUrl="~/Account/Login" protection="All" name="DPARSAuth" slidingExpiration="true" timeout="720"></forms>
</authentication>
You might be losing the sessions because you're using InProc Session-State mode, which stores sessions in memory. When you use this mode, the sessions will be lost anytime the web server process restarts, which can happen for a variety of reasons.
Try changing the sessionState mode to "SQLServer", or "StateServer" and see if that solves the problem.
More information on configuring these options can be found here: http://msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx
I am using the MVC4 Simple Membership Provider. Initially the website logins were timing out prematurely and the user was requested to log back in. After searching, it seemed the solution was to add a "machineKey" element so that if the app pool was recycled, the login token would still be recognized. After adding that element to web.config, now my website is not timing out at all. Any ideas what might be going on?
<machineKey validationKey="D2BCD45AADBB49F1CB3537A1FEA07F93BDFA78A863849E3CC76CDFFAD183FE81BB709EACA8BF3E28BCCE0A5D58A147F4EA68B93B3C9768CA085867D613D14B5C,IsolateApps"
decryptionKey="DD27E5C7B983D2DDDE6371A08F4AEE9A2ECC754593FB4E33,IsolateApps" validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="60" protection="All" slidingExpiration="true" />
</authentication>
I am using System.IdentityModel to authenticate users in an ASP.NET MVC4 web application using forms auth with a claims principal. (code based on this article: http://brockallen.com/2013/01/26/replacing-forms-authentication-with-wifs-session-authentication-module-sam-to-enable-claims-aware-identity/)
My ClaimsBasedAuthenticationService class issues the SAM cookie from the SessionSecurityToken, and all has been well...except that I just now noticed that it is not creating the session cookies as HTTPOnly or requiring them to require SSL. When I debug the code, I can see those properties on the CookieHandler object are set correctly in the debugger, but the final session cookie that is created simply doesn't have the HTTPOnly and Secure flags marked.
I have the web.config lines to set these to true explicitly as such:
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
<authentication mode="Forms">
<forms ... requireSSL="true" />
</authentication>
...
</system.web>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" hideFromScript="true" />
</federationConfiguration>
</system.identityModel.services>
Can someone tell me if there's something else I am missing in order for my FedAuth cookies to be hidden from script (HTTPOnly) and require SSL?
I am using the same implementation and do not see your issue using Fiddler2. However maybe the issue is related to your debugging tool? In IE10 debugging tools the secure and http only flags are only displayed when the cookies are first received. If you check using Chrome debugging tools you should see the flags displayed correctly on all requests.
Did you get this working? I've been using basically the same code and it's all fine.
I can't see that the following suggestions have anything to do with anything, but the only things I can suggest, are to set the cookie lifetime
<cookieHandler hideFromScript="true" requireSsl="true" persistentSessionLifetime="30" />
<forms loginUrl="/Whereever" timeout="30" requireSSL="true" />
and
<system.webServer>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>