I need to get the corporate name this is the basic thing. But my problem is i need to get them through WEB API. I have tried impersonate set to true in web config enabled Windows authentication also. I can get the details locally when i run postman, but the same when i try to access after deploying in server it shows the following things:
1) Corporate domain name returns empty
2) Access denied (when anonymous is set to disable mode)
I am confused whether this can be done without having a windows authentication prompt box. If yes have i missed something while configuring IIS?
Thanks everyone in advance :)
This is way too late to answer this but SSO is what i need and i have come across Ping Identity.
So using SSO i can get the details of the user who are logged in.
PingIdentity - SSO
Related
I would like users inside an organization to connect automatically to a site hosted on a server,
without needing to enter credentials.
the server the site is hosted on, uses a certain AD (Active Directory), with other credentials than those used in the AD of the organization and known with their windows account they login to in the office.
I heard about LDAP over SSL (LDAPS) but not certainly sure that is what I need and not sure how to implement it.
The site is written with Asp.Net Core 5.
Can anyone help me understand if it is what I need or suggest a different solution?
Thanks in advance!
I'm working on a website that needs to be authenticated to via windows authentication in iis. To access this website you are required to login using windows authentication on another site.
I want to pass that windows authentication to my website so they do not need to log in. is this possible? and how? Ive looked through impersonation and keroberos but they dont seem to by what I'm looking for. The site also needs to have the correct credentials because the windows user is a parameter to get sql information for each individual user.
Thanks for the reply!, after a few hours of trial and error i found that it is paritally browsers issues and partially authentication issues. In firefox and chrome the authentications persist through, but not in IE. The solution was to change the authentication to windows authentication, then change the provider to Negotiate:kerberos in the authentication Configuration in IIS.
I've managed to setup two virtual machines in my local windows 7 laptop. Both of them are Windows server 2008 R2. One acts as Active Directory Domain controller and also as Active Directory Federation Services, and one other as the web app server. This second one is where I've set up my claims aware asp.net mvc web application and I also plan to setup ThinkTecture Identity Server later as my way to authenticate against custom username and password outside AD.
I've successfully implemented the installation and configuration needed for connecting our ASP.NET MVC apps through ADFS. They include :
Configure first server as Domain Controller and add domain account store (add user as testing -> this user belongs to Domain Users Group).
Configure first server also as active directory federation services.
configure relying party trust identifier from federation metadata generated from FedUtil.exe in second server.
Configure group claim mapping and assign Domain Users to this group.
Configure web apps server to be claims aware agent.
The one that's always troubled me is that every time I access my apps, it successfully prompts login dialog box. Once I enter My AD account and password, it always gives me the following error message : "There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: c558ed55-b203-42cc-b6bd-3d66bddb96cd".
Any idea from you guys how to get this to work?? Any suggestion and ideas will be highly appreciated.
Have you looked in the event log?
Open Event Viewer > Go to Applications and Services Logs > AD FS 2.0
You'll see an list of errors which should give you some more guidance.
If you see the ADFS login screen, you can get to ADFS so I suspect it's something to do with your RP configuration.
Just to check - you are using ADFS 2.0 which you downloaded?
I need to use the .Net token (or FedAuth cookie) to get in Domino credential from Active directory
The same need is describe in:
Lotus Notes and c# SSO.
Internet users are loged in a Share Point application and have to open a form in Domino.
My Domino Server is configured Assistant Directory, the users are managed in Active Directory and not in names.nsf. This works good. I can make a POST to log automatically a user of the AD.
But Share Point don't have the user password! Ideally it would be cool to POST the cookie... or run an agent that will inquire in back end the Active directory with the cookie to verify it. Is there a way to do this?
My Domino is 8.53 so I can't use SAML (if someone did this with Domino 9.0 I will be pleased to know :-).
There is a SSO using SPNEGO which can be setup on windows-based Domino servers.
More information about it can be found in the Domino Administration help (steps are very well documentd) and here:
Wiki: Deploying Windows single sign-on for Web clients (SPNEGO) in an existing Domino environment
Basically the steps to enable this are (details in notes admin help and the linked document):
Set an SPN on your windows server (to allow this server to pass Kerberos tickets to the AD)
Enable SSO on the Internet Site / Server doc
In the SSO Configuration: add all servers you will need SSO and enable windows-based SSO
Add a name mapping to your Person docs (Kerberos Principal Name Field) and set notes.ini entry WIDE_SEARCH_FOR_KERBEROS_NAMES=1 on your domino server to include this field in the namelookup
Configure browser: IE: trusted sites (add your host names), Firefox: add domino host to network.negotiate-auth.trusted-uris
Hope that helps - Michael
You could generate your own Domino Ltpa token (cookie) from sharepoint upon login. So long as the domains are set up ok, the browser should pass this to the Domino server and automatically log them in.
Feel free to contact me directly if you need specific help.
This looks similar to my previous question of Apache NTLM plug in.
I need to get the login user names for the all the who sen the request to web server(Apache server).we use windows authentication NTLM for authenticate users.
For microsoft IIS server its really simple, as it is set in server variable.
I want it for Apache server.Does any one know any Plugin that does the same thing as done by IIS for apache.
Thank you
i got the issue resolved,
I used the JCIFS Plug in which will authenticate and give me the user ID and IP Address of the clients that are requesting to the Apache server.
detailed information is given here