How to handle authentication?

How to handle authentication?

Post by rclwebdesi » Fri, 08 Aug 2003 01:21:29


Who handles the authentication?
I configured IIS to handle security for .doc files as an application.
When I try to access a file through HTTP, I am able to successfully
get the login page.

When I try to access a file first time:
Web.config redirects to the following URL:
http://localhost/DOCS/Login.aspx?ReturnUrl=file1.doc


After I fill in the password and get authenticated I am redirected to
a opendoc.aspx page which process the binary doc file and a file
download screen asks to save as.

Now here comes the problem.

After I am authenticated whenever I browse other doc files, no screen
to save as shows up. It just opens them up right away in the browser.


Example:
http://www.yqcomputer.com/
http://www.yqcomputer.com/
http://www.yqcomputer.com/

<configuration>
<location>
<system.web>
<compilation debug="true"/>

<authentication mode="Forms">
<forms name=".AUTH1" loginUrl="Login.aspx" protection="All"
timeout="1"></forms>
</authentication>

<authorization>
<deny users="?" />
</authorization>

</system.web>
</location>

</configuration>


<%@ Page Language="c#" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<%@ import Namespace="System.Web.Security " %>
<script runat="server">

private void Page_Load(Object sender, EventArgs e )
{

cmdLogin_ServerClick();

}

private bool ValidateUser(string uid, string passwd)
{
SqlConnection conn;
SqlCommand cmd;
SqlDataReader dr;
conn = new SqlConnection("my conn string");
cmd = new SqlCommand("Select * from Sn_RegisteredUsers where
FirstName='" + uid + "'",conn);

conn.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{

if (string.Compare(dr["Pwd"].ToString(),passwd,false)==0)
{
conn.Close();
return true;
}
}
conn.Close();
return false;
}

private void cmdLogin_ServerClick()
{


if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value,
DateTime.Now, DateTime.Now.AddMinutes(1), chkPersistCookie.Checked,
"your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);

if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
Response.Cookies.Add(ck);

string strRedirect;
strRedirect = "opendoc.aspx?ReturnUrl="+Request["ReturnUrl"];

if (strRedirect==null)
strRedirect = "securitymessage.aspx";

Response.Redirect(strRedirect, true);

}
else
//Response.Write(Request["ReturnUrl"]);

// In this condition, when the I am authenticated, the web.config is
handling it but it seems to be letting it go without calling
login.aspx during the cookie session duration. I need a way to check
authentication here but I don't have control since asp.NET is handling
it.

}


thanks
Rod
 
 
 

1. How to handle authentication pop-up when the machine is lock

2. General authentication problem windows authentication as SQL authentication

Hello,

I have a problem with environment of two Windows Server 2008
Enterprise x64 systems:
1. AD
Domain Controller
SQL Server 2008

2. CRM
Microsoft Dynamics CRM 4.0
IIS

1. CRM works fine.
2. I can connect to SQL server from CRM using SQL Server Management
Studio as "sa" and as domain user. I can see databases > tables, but
when I try to open table I get unhandled exception.

3. On CRM I have some web sites which collects data directly from MS
CRM database using integrated security (from filtered views). Web site
is in the same Application pool as MS CRM. When I am logged in to the
CRM as domain administrator and open this site (web site is in "local
intranet" with automatic logon with current username and password
enabled) the sites connects to DB and collects data with no problems.

4. But when I am logged in to CRM as user other than DOMAIN
\administrator but also with domain administrator rights (also CRM
user with System Administrator role) the site tries to connect to SQL
as NT AUTHORITY\ANONYMOUS LOGON.

5. When I log in as DOMAIN\administrator to AD and open the same site
(web site is in "local intranet" with automatic logon with current
username and password enabled) the site tries to connect to SQL as NT
AUTHORITY\ANONYMOUS LOGON.

I remind that the site use Integrated security in connection string
and works OK the this user logged in to CRM.


Some history...
AD was domain controller (domain: domain1) and CRM was connected to
this domain.
AD was reinstalled and set as domain controlled (domain: domain2) and
CRM was connected to new domain.


Right now we have totally no idea what can be a problem :/

Any suggestions?

3. Pine handling of imap: URL scheme -- specifically, authentication #050324@14:06:08.5241

4. Analysis Services 2005 can't handle double hop authentication?

5. process handle or PID to window handle or thread handle

6. Custom authentication package to handle logon to the DC

7. Get authentication service from binding handle?

8. ld handle getting corrupted after SASL/GSSAPI authentication in Active Directory 2003

9. handling tomcat out of eclipse : still authentication- error

10. Handling HTTP basic authentication in script?

11. AD authentication error handling

12. handling tomcat out of eclipse authentication- error

13. How windows handle the network authentication

14. Can Money Handle 2 stage authentication?

15. Pine handling of imap: URL scheme -- specifically, authentication