Re: Forms Authentication
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/14/05
- Next message: elora_c_at_yahoo.com: "Problem with authentication using DefaultCredentials"
- Previous message: frpascal: "Re: Forms Authentication"
- In reply to: frpascal: "Re: Forms Authentication"
- Next in thread: [MSFT]: "Re: Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Nov 2005 07:08:25 -0800
Hello frpascal,
hidden input provides no security...
why do you get a windows pop up window? are the users not domain users? In
domains you get single sign on AND decent authentication for free
are there two different web apps involved?
if yes be sure to sync the following settings:
cookie name & path
machineKey
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi Dominick,
>
> The Input is Hidden and my users are kind office workers who just want
> to logon automaticaly, i just use the logon name for their planning
> and worked hours reports. No real security matter in fact.
>
> I don't want to implement windows auth because of the pop up window.
>
> Luke, I checked my servers and I don't find the cookies default
> setting, in
> fact i changed nothing since I installed the new server.
> Before now I already have the problem because my dev/test machine has
> migrated to WinXP, from that time this "capture" didn't work any more
> on the
> dev/test machine but worked properly on the W2000 server.
> I checked other Forms Auth messages and I found a message about
> fiddler. I
> tried to use it :
> On the first page about Cookies :
> - Cookie: ASP.NET_SessionId=a4ly5ymfrnp315555ytsak55
> - Set-Cookie:
> .ASPXAUTH=F3667128E001B12F31C9C0D130BC4600483EC7F09C2EBB653367A99BEDCD
> D2DF59
> DB46986051F28B7A153E24C4737AFD8EDC95EC49927907EC81225A41684F9DBDE3604E
> 5CC3E1
> 73; path=/
> On the destination page :
> - Cookie: ASP.NET_SessionId=a4ly5ymfrnp315555ytsak55;
> .ASPXAUTH=F3667128E001B12F31C9C0D130BC4600483EC7F09C2EBB653367A99BEDCD
> D2DF59
> DB46986051F28B7A153E24C4737AFD8EDC95EC49927907EC81225A41684F9DBDE3604E
> 5CC3E1
> 73
> I hope this can help you to help me ;)
> Thanks a lot !
> Pascal
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> a écrit dans le message de
> news:4580be63139d548c7b738fd576d14@news.microsoft.com...
>
>> Hello frpascal,
>>
>> so a use can be whoever he wants to when he manually changes the
>> value
>>
> (filled
>
>> by your javascript) before the POST to the server??
>>
>> That's not a good solution.
>>
>> Why don't you provide a separate directory for windows users - with
>>
> windows
>
>> auth - then in AuthenticateRequest - construct a formsAuth ticket
>>
> manually,
>
>> set the cookie and redirect to your main page?
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hi,
>>>
>>> For an Intranet, I try to capture the windows logon automaticaly to
>>> identify
>>> the user with a little javascript. I put this varaible in an Input
>>> object
>>> and use it with a
>>> "FormsAuthentication.RedirectFromLoginPage(LoginUserWindows.Value,
>>> False)"
>>> just before the Response.Redirect("\Planning\PagePrincipale.aspx").
>>> After that i recall the value with an "User.Identity.Name".
>>> The trace tells me that Auth-User and Remote-User values are correct
>>> but I can't get those values with the User.Identity.name after the
>>> redirection.
>>> It is working fine with W2000 but don't work anymore with Win XP
>>> neither Win 2003.
>>>
>>> Thanks for any help.
>>> Pascal
- Next message: elora_c_at_yahoo.com: "Problem with authentication using DefaultCredentials"
- Previous message: frpascal: "Re: Forms Authentication"
- In reply to: frpascal: "Re: Forms Authentication"
- Next in thread: [MSFT]: "Re: Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
