windows-authentication

The title may seem a little weird but what I find around the internet is methods to sign on to stuff automatically with windows domain authentication (Single Sign On), but that is not what I want. In my use case I want to explicitly ask the person to enter their windows domain user/password combination to make sure that the person performing the transaction is the one that is authorized to do so, i.e. not someone who secretly makes use of the authorized person's computer while he/she is away and left their computer unlocked. Note I am working on Java I only want to authenticate a single

we have a system where they client wants integrated Windows authentication. This is an ASP.NET 3.5 application, connecting to Sql Server 2005. The web server is Server 2003 R2 SP2. The db server is Server 2003 SP2 (not R2). In the db server, I ran the following script exec sp_grantlogin 'myDomain\myUserGroup' USE myDbName exec sp_grantdbaccess 'myDomain\myUserGroup' I have 3 users in the Windows user group 'myDomain\myUserGroup' right now. All three users' accounts are marked as trusted for delegation. The web server account in ADs is marked trusted for delegation. The web application is

I have the following structure for my web application: In my root web config, not in the Areas/Admin/Web.Config I have the following: <location path="Areas/Admin"> <system.web> <authentication mode="Windows"></authentication> <authorization> <deny users="*"/> </authorization> </system.web> </location> I have my own authentication working on the main root of the web site no problems by using the [Authorize] tag. Now for the Areas/Admin I'd like to use Windows Authentication. In IIS (Server 2008 R2 Machine), I have the Admin folder configured as an application: And when I click on Areas/Admin in

I have a custom AuthorizeAttribute like so: public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAuthenticated) { var userInRole = CurrentUser.IsInRole(Roles); // Etc... } } Should I be calling base.OnAuthorization(filterContext) at all here? If so, what would it do? The default implementation is open source and can be viewed here . It checks whether the user is authenticated, then checks to ensure the user or role is specified on the attribute. I guess the real question is, why are you writing a custom AuthorizeAttribute when the

We have multiple web services that provide access to some large data extractions. They're implemented as http handlers, so we can stream the result directly into the response stream. We already have anonymous and HTTP basic authentication working on a single endpoint. We would now like to add Windows Authentication, so internal users can get access to all the same data that they can get from the internal web app. However, I can only get Windows Authentication working if I disable anonymous authentication in IIS's configuration. Obviously, this means that anonymous requests to this endpoint

I'm building an Intranet application based on Ext JS and webservices. Users are authorized using Integrated Windows Authentication, which works fine in IE. Because my application is in JavaScript, it is loaded in Firefox, but then when I request some data from server I get 'access denied' in Firebug, because all webservices are checking user rights. Can I request the user to enter his username and password (like login to FTP or a simple login page) in all browsers that don't support Integrated Windows Authentication? I know there are plugins for Firefox, but I would like a secure solution that

I have a web application that allows anonymous access and windows authentication. Basically, the app try to auto-login users by windows authentication if the windows user is in a user list in the application, otherwise it shows the login screen. If no credential is provided, the app then shows a login screen where the user could login using a application internal user. As far as I know, Windows Authentication is a challenging protocol, so I have to return an Unauthorized in order to force the browser to send the credentials. It works great when are machines inside my domain. Machine in my

I've been tasked with building a basic admin app. The app needs an ASP.NET front end which talks to a number of back end services using WCF. One requirement is that the users of the app are authenticated using Windows authentication. I can do this no problem if the app logic were contained in the ASP.NET app, but I have no idea how to perform authentication within the back end WCF services? Is it possible to pass credentials through to a WCF service and have it perform the authentication? It depends... (Note most of this is based on HTTP/IIS as the transport, could be different if using TCP or