windows-authentication

I am working on ASP.NET 4.0 MVC3 web application that works in intranet environment. The application makes use of Windows authentication. Its application pool is run by domain user that has spn set on a domain controller. Authentication works using Kerberos (on IE and Firefox after some additional configuration). Now I want to upload files to sharepoint, but it's important for me to upload the file as the user currently logged in into the application (so the file is created on Sharepoint with his/her credentials). I have the following code in ResourceExists(Uri uri) function: '... Dim identity

I've created an intranet site that uses windows authentication In chrome I can access the site instantly, and in FF it requires Active Directory login. But with IE7 I'm getting the following error: 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied. Im unsure as to why its okay in other browsers but not IE? Any help appreciated. Thanks aditya Solution: IE is using Kerberos and not falling back on NTLM like Chrome and Firefox. You must force NTLM authentication in IIS7.5 by following

I have an asp.net web site, earlier version of the application need to run in classic mode, the latest version can run in integrated mode. Generally the application is configured to use Forms Authentication but it can be configured to used Windows Authentication. There is a business requirement that even when running IIS in Windows Authentication the application should still support forms authentication this is so administrators are forced to login with a username/password. This is handled internally with code that determines whether to log the user in or redirect to login ISS6 allowed this

If you have a web application that will run inside a network, it makes sense for it to support windows authentication (active directory?). Would it make sense to use AD security model as well, or would I make my own roles/security module that some admin would have to configure for each user? I've never dealt with windows security before, so I am very confused as to how I should be handling security for a web application that runs within a windows network. I guess there are 2 major points I have to tackle: 1. authentication 2. authorization I have a feeling that best-practice would say to

I'm trying to use the cntlm proxy on my windows machine to talk to a local web application on IIS that uses Windows Authentication from PhantomJS. To create the proxy, I'm doing: cntlm -v -u username@domain -p password -l 1456 localhost:80 My app lives at localhost/myapp To test whether or not this works, I try to browse to localhost:1456/myapp but I always get an auth challenge and no sensible username/password combination seems to work. Any thoughts on why this setup might not be working as expected? When I hit the proxied endpoint in a browser, this is the output from cntlm: http://pastebin

I'm trying to get both ActiveDirectory and standard forms login working but one thing is stopping me. I can't get the name of the current windows user. The closest I've got is var i = WindowsIdentity.GetCurrent(); , but that gives me the name of the IIS app pool user. I have Anonymous Authentication, Forms Authentication and Windows Authentication enabled in IIS. I can load users from AD so I assume my web.config is setup correctly. Edit : This is my web.config (using a Facade provider): <membership defaultProvider="HybridMembershipProvider"> <providers> <clear /> <add name=

We have an ASP.NET MVC 4 intranet application. We’re using Windows Authentication and that aspect works fine. The user’s credentials are used and we can access those credentials from the web app. What we really want is some sort of hybrid mode, however. We want to get the user’s credentials from the browser, but we also want to verify that the user is in our application’s database. If the user’s in the database, then they can just continue on. If they’re not, we want to redirect them to a page asking for alternate credentials. What I’m doing now is, in Global.asax.cs , I’ve got an Application