windows-authentication

I want to use IIS impersonation to connecto to a SQL server database as the user who is currently accessing a website. This is for auditing and security reasons. I've done some reading and discovered that because the SQL Server is on a sepearate physical server I need to enable Protocol Transitioning and Constrained delegation for the server that's running IIS. This is the article that I found ... http://msdn.microsoft.com/en-us/library/ff649317.aspx I didn't realise at the time I first read it but this article has the following header... Retired Content This content is outdated and is no

I am sure this is a basic answer, but my search powers are not helping me today. I have an ASP.NET MVC 2 (.NET 3.5) application. It is hosted on IIS 6. For the sake of this question I have two urls. http://example.com/ http://example.com/admin I want admin to be available to any user on the domain, and the root to be available to all users. The server is on the domain but the domain is example1.com, so they are not the same. Since this is ASP.NET MVC there is no Admin folder to set rights on. I have tried setting the whole site to block anonymous request and have had it allowing all request.

I developed a NODE API to serve data to Angular app. The original idea is to use NODESSPI for integrated authentication as we plan to run this on a corporative environment. CORS will be needed as the API Node will be hosted on a different domain. I'm struggling to use NODESSPI for integrated authentication of the $HTTP requests. To test it on my computer I've created a simple js file to instantiate a node server with express to run my angular app (I know it could be done without express, but it was faster to implement). It is running on Port 5001. 'use strict'; var express = require('express')

I am setting up Windows Authentication in an MVC 4 application using Visual Studio 2013 and using the IIS Express Development Server . However, I get redirected to /Account/Login (as if I were using forms authentication). I have no reference to WebMatrix in my bin folder (or anywhere) as described here: ASP.NET MVC3 and Windows Auth on IIS keeps redirecting to /Account/Login . I have added these entries to appSettings in the web.config as suggested by this post: MVC5 Redirects to Login.aspx when using Windows Authentication <add key="autoFormsAuthentication" value="false" /> <add key=

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario? Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment) Thanks! There's an

Selenium Webdriver based test in C# must login with windows authentication. I have tried a couple of approaches: _Driver.SwitchTo().Alert(); _Driver.FindElement(By.Id("UserName")).SendKeys("LynnTest"); _Driver.FindElement(By.Id("Password")).SendKeys("Welcome1!"); _Driver.SwitchTo().Alert().Accept(); _Driver.SwitchTo().DefaultContent(); and IAlert alert = _Driver.SwitchTo().Alert(); alert.SendKeys("LynnTest\\t"); alert.SendKeys("Welcome1!"); _Driver.SwitchTo().Alert().Accept(); _Driver.SwitchTo().DefaultContent(); Neither one is successful. I don't get the windows authentication dialog on my

So, here is the scenario. I am developing a logon system in windows 7. I have created a Credential Provider, containing one Credential. The Credential has three input fields, username, password, and PIN. From what I have learned the documentation (CMIIW) is that when we fill in the fields and click logon, WINLOGON will retrieve the username and password, and send it to LSA by calling LSALogonUser() to authenticate. LSA then will try negotiate with Authentication Package KERBEROS (for remote logon) or MSV1_0 (for local logon). Assume only the local scenario for now, the username and password