Is it possible to logon a user with Apache authentication and use the same cookies to logon user to an ASP site?
Here is how the server configuration looks:
Browser > Apache > IIS (running inside a private network)
Currently when we hit the site, it shows the apache logon prompt. After user gets authenticated successfully it lands to login page of an ASP application running on IIS on a separate machine. Here user have to login again to get into the ASP application.
What I want to achieve is to have the user log in once through apache authentication, store the session in a cookie and use the same session to log on to ASP application.
Thanks for your help.
Related
I created an ASP.NET Core web app with authentication type "Individual Accounts" in Visual Studio.
When I log out from the app, I can see the cookie being removed from browser. If I manually add this cookie in browser after I log out from the app, it still considers me as logged in.
So on the server side there is no tracking of active logins in ASP.NET Core identity? Or on log out, does the server know I have logged out? It is only the removal of cookie from browser?
Yes, the logout is just remove the from browser. The server don't know the user has logged out.
When the client browser access the application it will add the cookie, the server will just check the cookie.
The cookie contains the expire time, the server will just check the expire time, if the expire time is not exceed, the cookie is still worked.
My site is hosted on IIS but behind reverse-proxy (nginx). Hence Windows Authentication is not working (nginx does not support it by default configuration). So I want IIS to use Active Directory to check user credentials. But how to do this? I suppose to use cookie, but can't find how to force IIS to find user in Active Directory database.
I would be appreciated for any help.
UPD:
I don't want to use Windows Authentication. I only want IIS find user in Active Directory when user send credentials by simple POST-request from the login page.
It looks like there is no integrated solution and I simply should write it by myself.
I am facing an issue in MVC 4 C#.NET web application. My web application is hosted on two web server and that two web server is pointing to VIP via Load balancer. when I trying with individual server URL, application is working fine. But when I trying with VIP URL, able to login with application, if I click any menu, application is taking to login screen again. Application is running SSL. I am using Forms Authentication.
Checked load balancer side, server are configured properly. Using sticky session. Machine Key is configured in both web server as same.
Why application is logging out only using VIP URL.
I have traced with Fiddler, getting 302 error. checked cookie during kicking me out, cookie not cleared in browser and on SSL, cookies showing two with same AuthCookie one with content and one without content value. if login again, able to login but click any menu same behaviour, its kicking out.
I have:
Added the ftp-publishing service
Allowed IIS-Authentication in the management service
Created a user under IIS Manager-User
Allowed the user in IIS-Manager-Permissions
Added the user to FTP-Authentication rules for my site
Added the IISAuthentication to the FTP Authentication rules
IIS_IUSERS has full access to the directory
Yet, I get the login prompt but it won't take my login credentials.
Any ideas ?
My application should run on Windows authentication mode and in the app I should got the log in name of the user.
I read the name from the Request
Request.LogonUserIdentity.Name
But when publish on IIS all user got the credential popup window on each page redirect So which mode could handle it and solve this issue !
Enable the Digest authentication or windows or what on my iis ?