I've got a very strange problem with my SharePoint 2010 Web application.
Every users are now logged on my sites as System Account (SharePoint\system). They can access all content of all site collections whatever security is associated to their domain user account.
The ONLY change that happened is that someone changed the App Pool identity password... I still don't know who did this btw...
I've read that this might occur when the Web Application AppPool is running with the farm admin account but thats not my case.
Does anyone ever encounter this problem?? Any hint or ideas would be greatly appreciated.
Thanks,
JP
I found my problem. My web site in IIS was running under the special AppPool account so no users were asked for credentials. I switched back the settings (in basic settings of the web site) to Application user.
I don't know what happen on my environnement, many people can access this server so maybe someone did a few test on my production environnement... I'm not the one managing security so I can't do anything about it... anyway.
Thanks!
Related
I would like users inside an organization to connect automatically to a site hosted on a server,
without needing to enter credentials.
the server the site is hosted on, uses a certain AD (Active Directory), with other credentials than those used in the AD of the organization and known with their windows account they login to in the office.
I heard about LDAP over SSL (LDAPS) but not certainly sure that is what I need and not sure how to implement it.
The site is written with Asp.Net Core 5.
Can anyone help me understand if it is what I need or suggest a different solution?
Thanks in advance!
I need to know what user of my Active Directory has started session in his machine because depending on which user is he can see a number of things or others.
The web app is hosted in an IIS server part of the domain
Any idea, please?
Regards
You can't get this information from the client side only.
you should activate "windows authentication" on your site in the IIS, then you will have the user data available in your server.
you will have to expose a method on one of your controllers that will return the user information that you need.
I need to get the corporate name this is the basic thing. But my problem is i need to get them through WEB API. I have tried impersonate set to true in web config enabled Windows authentication also. I can get the details locally when i run postman, but the same when i try to access after deploying in server it shows the following things:
1) Corporate domain name returns empty
2) Access denied (when anonymous is set to disable mode)
I am confused whether this can be done without having a windows authentication prompt box. If yes have i missed something while configuring IIS?
Thanks everyone in advance :)
This is way too late to answer this but SSO is what i need and i have come across Ping Identity.
So using SSO i can get the details of the user who are logged in.
PingIdentity - SSO
I have been scratching my head for a while now. Went through tons of documentations but everything seems very confusing. Please forgive if it appears to be a duplicate question, but believe me, the more content I find, the more its confusing me.
Below is the configuration of my project and what I need to achieve:
The project is a web based application developed using Spring framework with Java 8 that is hosted on S3(linux server). HTTP server used is Apache. JBoss is used as an application server and the exact version used is wildfly-8.2.0.Final.
Currently, the user enters his credentials which are validated against Microsoft Active directory using LDAP and is let in. The requirement now is that when the user logs into the machine using his AD credentials in his intranet environment, and he tries to open the application, he should directly log in and not prompted for credentials again. If he is outside his intranet network, the existing log in method should be followed.
While researching I found the below things I assume can be useful but not able to reach to a conclusion.
Kerberos along with Shibolleth: I went through below two references which somewhat matched with my requirement but not very sure am I looking at the right thing or not.
http://richardjohnson798.blogspot.in/2011/10/single-sign-on.html
http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf
My confusion revolves around the below things.
Is Shibolleth the right choice. If yes, what is the exact role of Shibboleth?
What things needs to be setup on the linux server(Kerberos implementation for example), and what changes would be needed in the client's AD environment?
Is the implementation possible on the Wildfly server? (as all the references have the thing implemented using Tomcat).
What are the security aspects I should be concerned about.
Help is much appreciated. Thank you.
Since you are using S3 I assume you are using AWS.
Go to IAM and add the Active Directory as a SAML provider
https://aws.amazon.com/blogs/mobile/announcing-saml-support-for-amazon-cognito/
Then use AWS Cognito Federated Identity Pool via the JavaScript SDK in the front end code you have hosted on S3.
http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html
I have an ASP.NET MVC 4 application that is using CSLA.NET for a portion of our business logic. The permissions to read/write are handled through AD by a domain account, the same account as the Application Pool Identity and .NET Impersonation user. When testing on my local machine, the validation runs perfectly. Once the application is deployed to one of our test environments (dev or qa) I receive exceptions that seem to point to permissions. I've verified that the username being used by the assembly is indeed the correct user, but have been unable to set the values of any of the fields due to not having the appropriate permissions.
Anyone experienced anything like this before?
EDIT:
Link to discussion on lhotka.net forums
Web servers are stateless, so they don't generally remember anything between page or service requests. This includes the user's identity and roles.
If you are using ASP.NET forms security (or similar) the username will be automatically recreated on the server by using the .NET authn cookie token, but that's only the username.
You are responsible for recreating the complete principal/identity object on the server for each postback/request.
The easiest way to do this is in the global.asax file, often in the authenticate request event. There are samples in the CSLA download showing how to do this, and I discuss it in the 'Using CSLA 4' ebook series.
Also any good ASP.NET book will discuss restoring the principal, because this isn't really a CSLA issue as much as a web development issue.