How to connect the .net application to the database using service account, my application currently has a connection string which is directly connected to the database.
add below tag into your web.config file -
<identity impersonate="true" />
<authentication mode="Windows" />
create AD group and add group name into app setting -
<add key="as you preferred" value="AD Group name" />
authenticate on login, set Identity of your application pool to that specific user.
Related
I have developed one MVC application and hosted in server. I used Service Account as app pool identity and provided full access(SysAdmin) on database to that Service Account only. Below are my configurations in Web.config & coding.
Web.config:
<authentication mode="Windows" />
<identity impersonate="false"/>
In my Data Access layer I'm using below coding to get windows identity :
string windowsLogin = HttpContext.Current.User.Identity.Name.ToString();
Now my issue is, when I'm accessing my application it is taking app pool Identity instead of Windows identity.
if I set the identity in Web.config to impersonate="true" I'm able to get windows login but the communication between application and database happening with my windows login instead of app pool identity (service account).
How can I get the identity of the user accessing the application and not the IIS APPPOOL user?
My Issue got resolved with below settings.
Created app pool and run it as with service account and configure it to web site in IIS.
In My Code File:
string windowsLogin = HttpContext.Current.Request.ServerVariables["LOGON_USER"].ToString();
In Web.config file:
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="false" />
Note: It will give you an error if you run from Visual Studio IDE. If you publish and run it from IIS it will work.
I'm trying to implement Forms Authentication in ASP.NET MVC4 application and I've only one user who is going to get authenticated to do some admin activities.
<authentication mode="Forms">
<forms timeout="2880" loginUrl="~/Admin/Login" slidingExpiration="true">
<credentials passwordFormat="Clear">
<user name="user" password="password"/>
</credentials>
</forms>
</authentication>
When I try to use the FormsAuthentication.ValidateUser method I get an obsolete warning and I'm supposed to use now Membership class.
My question is how I can configure membership provider in web.config to use the credentials setup in the web.config? What provider I should specify in the name attribute?
Unfortunately, there is no built-in membership provider for the mechanism of storing the credentials in the web.config as you describe. You could write your own to invoke the FormsAuthentication.Authenticate method or call this from your own custom login control's code-behind.
This is my connection string, which the web service (hosted in IIS, running under ApplicationPoolIdentity) uses to connect to database
<add name="AdventureWorksEntities"connectionString="metadata=.\AdventureWorks.csdl|.\AdventureWorks.ssdl|.\AdventureWorks.msl;
provider=System.Data.SqlClient;provider connection string='Data Source=TestMachine;Initial Catalog=AdventureWorks;
Integrated Security=True;Connection Timeout=60;multipleactiveresultsets=true'" providerName="System.Data.EntityClient" />
When I try to access the site I am getting an exception: Login Failed for user MyDomain\TestMachine$.
Why is IIS trying to use TestMachine to connect and not my user account (e.g MyDomain\TestUser) ?
The reason I believe could be because its hosted under ApplicationPoolIdentity which uses machine creds.
How do I specify it to use the context of the user that made the request without having to run the application under custom identity (i.e I want it to continue running under ApplicationPoolIdentity)?
If I set <identity impersonate = true/>' in my web.config file then I am able to access the site locally from IIS server machine and access to database works but then accessing the site remotely fails. My Webservice is using Windows Authentication. Any thoughts on this ?
You need to enable Windows Authentication and ASP.NET Impersonation in IIS
Then in your web.config
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
</system.web>
This VS 2012 extension is meant to allow me to add a local Development STS to my MVC application http://visualstudiogallery.msdn.microsoft.com/e21bf653-dfe1-4d81-b3d3-795cb104066e
I follow the very simple instructions e.g. Right Click the project name and select Identity and Access in the menu. Select your Identity Provider and the OK to apply the settings to your web.config.
I run my MVC 4 application and it redirects immediately to login.aspx
I'm guessing there are special instructions for MVC 4.
What are they?
Where do I find them?
EDIT
To be clear I have created a ASP.MVC 4 Internet application in visual studio 2012. Then I am using the Identity & Access Tool to add a local development STS to Test my application.
I am running the site on a local IIS Express
When I debug the application I am redirected to
localhost:11378/login.aspx?ReturnUrl=%2f
This occurs even if I remove forms authentication as suggested in advice already given.
In my case I added this
<system.web>
...
<httpModules>
...
<remove name="FormsAuthentication" />
</httpModules>
</system.web>
and this
<system.webServer>
...
<modules>
...
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
EDIT
The next problem you might get is this
A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider'
was not present on the provided ClaimsIdentity. To enable anti-forgery
token support with claims-based authentication, please verify that the
configured claims provider is providing both of these claims on the
ClaimsIdentity instances it generates. If the configured claims
provider instead uses a different claim type as a unique identifier,
it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
add these 2 claims to the Development STS in the Identity and Access Tool
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider
and add this line to your Global.asax
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
This article helped me
Removing FormsAuthentication module worked for me.
<httpModules>
...
<remove name="FormsAuthentication" />
</httpModules>
I had a similar problem with my MVC4 application on local IIS Express.
It turned out that Windows Authentication was enabled for the project. Disabling Windows Authentication (in project properties pane -- press F4) fixed the problem.
What is the best way to set up username and password authentication in a Silverlight-Enabled WCF web service?
The best way for me has been forms authenication...using ASP.NET application services.
Basically you expose 3 *.svc files in your WCF service that handle authenication, roles, and profiles. There is no code behind because it's built into the .net assemblies. You will have to do some configuration in the .config (see link) to enable them.
Details here: http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
Side Note on ASPNETDB.MDF
Normally all the user accounts and profiles will be in ASPNETDB.MDF which is located on a local file in the APP_Data folder but I find this clumsy especially with permissions so I kept it in my primary WCF database but you can choose another if you have the connection string. To initialize it I ran "C:\Windows\Microsoft.NET\Framework\v2.0.50727\a
spnet_regsql -C *Data Source=localhost;Initial Catalog=MYDB;Persist Security Info=True;User ID=**;Password=****;" * -A all" to include the ASP.NET membership tables and sprocs into the db of my choice. If you do you this..ensure you override the default LocalSQLServer connectionstring or it won't find the db like this in web.config of your asp.net website
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Data Source=localhost;Initial Catalog=MYDB;Persist Security Info=True;User ID=**;Password=****;" providerName="System.Data.SqlClient" />
To actually add user accounts and roles
1) from Visual Studio
2) Click on your ASP.NET website
3) There should be a menu above called Website that shows up...select ASP.NET Configuration and your browser will start with the configuration website that will edit your config and update the configured database with accounts and roles
I hope this helps