My site is hosted on IIS but behind reverse-proxy (nginx). Hence Windows Authentication is not working (nginx does not support it by default configuration). So I want IIS to use Active Directory to check user credentials. But how to do this? I suppose to use cookie, but can't find how to force IIS to find user in Active Directory database.
I would be appreciated for any help.
UPD:
I don't want to use Windows Authentication. I only want IIS find user in Active Directory when user send credentials by simple POST-request from the login page.
It looks like there is no integrated solution and I simply should write it by myself.
Related
I'm developing a simple web application deployed on tomcat. Every time I browsing my application on localhost:8080/myapp address from tomcat, a sign in pop up asking for tomcat user pass appears to allow me to browse the application. How could I prevent tomcat asking for sign in when loading application? My admin role is manager-gui and I set admin/admin for user/pass of tomcat manager.
Tomcat will only ask for authentication if you have specifically configured your application that way. You might want to look at the raw HTTP conversation to see what's happening. There may be a redirect or something else going on that you are not noticing.
I need to know what user of my Active Directory has started session in his machine because depending on which user is he can see a number of things or others.
The web app is hosted in an IIS server part of the domain
Any idea, please?
Regards
You can't get this information from the client side only.
you should activate "windows authentication" on your site in the IIS, then you will have the user data available in your server.
you will have to expose a method on one of your controllers that will return the user information that you need.
I'm working on a website that needs to be authenticated to via windows authentication in iis. To access this website you are required to login using windows authentication on another site.
I want to pass that windows authentication to my website so they do not need to log in. is this possible? and how? Ive looked through impersonation and keroberos but they dont seem to by what I'm looking for. The site also needs to have the correct credentials because the windows user is a parameter to get sql information for each individual user.
Thanks for the reply!, after a few hours of trial and error i found that it is paritally browsers issues and partially authentication issues. In firefox and chrome the authentications persist through, but not in IE. The solution was to change the authentication to windows authentication, then change the provider to Negotiate:kerberos in the authentication Configuration in IIS.
I've managed to setup two virtual machines in my local windows 7 laptop. Both of them are Windows server 2008 R2. One acts as Active Directory Domain controller and also as Active Directory Federation Services, and one other as the web app server. This second one is where I've set up my claims aware asp.net mvc web application and I also plan to setup ThinkTecture Identity Server later as my way to authenticate against custom username and password outside AD.
I've successfully implemented the installation and configuration needed for connecting our ASP.NET MVC apps through ADFS. They include :
Configure first server as Domain Controller and add domain account store (add user as testing -> this user belongs to Domain Users Group).
Configure first server also as active directory federation services.
configure relying party trust identifier from federation metadata generated from FedUtil.exe in second server.
Configure group claim mapping and assign Domain Users to this group.
Configure web apps server to be claims aware agent.
The one that's always troubled me is that every time I access my apps, it successfully prompts login dialog box. Once I enter My AD account and password, it always gives me the following error message : "There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: c558ed55-b203-42cc-b6bd-3d66bddb96cd".
Any idea from you guys how to get this to work?? Any suggestion and ideas will be highly appreciated.
Have you looked in the event log?
Open Event Viewer > Go to Applications and Services Logs > AD FS 2.0
You'll see an list of errors which should give you some more guidance.
If you see the ADFS login screen, you can get to ADFS so I suspect it's something to do with your RP configuration.
Just to check - you are using ADFS 2.0 which you downloaded?
I have a scenario where I have a web application hosted externally (ie: the webserver is not a member of my internal active directory domain).
I would like to authenticate users of the web app using their active directory credentials.
Is there a product or some setup I can use to accomplish this?
Generally this is achieved by authenticating to the AD server with LDAP. I'd recommend using LDAP+SSL to keep the passwords from going out in plaintext, and other than that you should be fine - as long as there aren't any firewalls in the way.