I am trying to host a classic asp page in IIS. I have set Integrated windows authentication as an authentication mechanism to access the page.
It works fine.
I have three domains. A, B, C. A and B both are in trust relationship. C is a separate domain. I have installed IIS in the domain C. I have enabled WIA for the page I have hosted. Windows Authentication will/must check for the user level authentication only in the domain C.
Is there anyway to configure windows authentication in the IIS in domain C, authenticate users against domain A and B without adding it to trust? I checked this question which is not very helpful.
I think your best bet is to create an Active Directory server that is accessible by all your domains and then authenticate against it. This design will give you a lot of advantages.
For more details on how to set it up, you can read this article from Microsoft: How Domain and Forest Trusts Work.
Related
I set up a local Intranet site for our company on a new web server running IIS 10. I did this using .NET Core Razor pages where I get the logged on Windows user and grant/deny access based on their User ID being in specific Active Directory groups via SQL ADSI queries.
I issued a self-signed certificate which was working just fine until the recent Chrome update which no longer accepts my self-signed cert. The cert still works in Edge. Most of what I find for Chrome is a work-around telling people to just type, "thisisunsafe", which works but is not a valid solution.
The only other info I can find is advice to get the 3rd party SSL cert, even though all of this is behind our firewall. I did this, and that's not working either.
I don't understand why I can't use a self-signed cert for my own internal site. What is the best practice to manage the security for an Internal company intranet and the cert process needed?
I am going hosting an webserver and an api with the same application over asp.net core. I am using Identyserver4 to secure the API connections. Do i need a seperate Certificate for the https asp.net core website and the identityserver4?
You need at least two separate certificates.
The difference is that your SSL cert must be bound to the host name and trusted for everyone accessing your server, while the signing certificate does not have any special requirements.
See this article for further reference and this question as a proof link.
It's not clear from your explanation where you host your main ASP.NET Core web site. If that's another host than where your IdSrv lives, than you need the third(!) cert to enable SSL there too.
I have researched a lot before posting this question. I have a website that runs on HTTP. We are currently using ASP.NET webforms.
My boss wants to update the payment gateway to use Stripe. Stripe wants the payments page to be running on HTTPS rather than HTTP. So I want to make my website HTTPS.
There are a lot of articles out there to make your website https with your own self signed certificate. However, I couldn't find relevant Microsoft docs for doing the same thing in a live production environment.
My question is how would I do that in a production environment where you do not have ISS control?. I understand that I will have to buy an SSL certificate from a verification authority. Currently I am using FTP to replace the bin files and the modified files to make changes to the website.
I was wondering if there are any C#,ASP.NET veterans out there who can guide me in the right direction.
To run a web site with a certificate, which is a requirement to use HTTPS, you must be able to use IIS administrator to install the certificate on the web server and bind it to the web site on port 443. You could maybe possibly get it done without IIS admin by using PowerShell, but the user account running PowerShell would need the same permissions as if you did it with IIS admin.
Bottom line-- if you do not have any access to IIS admin at all, it is not possible to complete this task by yourself.
If your web site is hosted, you will need to approach the hosting service provider for instructions on how to request and install an SSL certificate for your web site.
Scenario: We have a server located in a Windows Active Directory domain which implements a web service API, implemented with WCF and exposed via IIS 8 over HTTPS. The clients making requests to the web service are not located in the domain. However, they should be mapped to AD users via SSL client certificates. I.e., when making a HTTP request, they include a client certificate, and I want that certificate to be mapped to the corresponding AD user.
I know that IIS supports two ways of client certificate authentication, IIS Client Certificate Authentication and Client Certificate Authentication using Active Directory. I'd really like to use the AD approach in our scenario, as it makes the management of client certificates easier (we can map certificates to users in the AD rather than in the IIS configuration).
However, the docs linked above say that,
[Client Certificate Authentication using Active Directory] requires that the IIS 7 server and the client computer are members of an Active Directory domain [...]
This indicates that we cannot use this approach, since our client computers are not part of the AD domain. However, this doesn't really make sense to me. How would the server even know whether the client making an HTTPS request is in the same domain?
So, here's the question: Can we use Client Certificate Authentication using Active Directory with clients outside the AD domain or not?
We've now had the chance to implement and test our solution with a machine outside of the AD domain. Indeed, it works - the client computer does not have to be part of the domain, the documentation seems to be wrong here.
I have a WCF service hosted in domain A. It requires Windows authentication and Anonymous Access has been disabled at the IIS level. Everything works as expected until another domain B was introduced. Domain A has absolutely no knowledge of the other domain. So my question is: is there a way to use client configuration hosted in the domain B to pass some credentials to the service that will be authenticated against domain A?
No, unless you create a trust relationship between Domain A and Domain B you will not be able to use Windows authentication.