Re: Can I tell if a user came thru a secure site?

There really is not enough information in this to assist you. There are many ways credentials can be passed / handled within ASP.NET and IIS, so without any knowledge of your previous setup, I can only assume that if things were working fine and a move to a different server broke things, most likely IIS was configured to handle authentication.

If that is not the case, unfortunately some implementation detail has broken due to the move, and that will take detailed knowledge of that implementation in order to rectify it.

If you are able to narrow the issue down some please do.

Regards

John Parrish


Sega wrote:
Not sure how all this fits in or even if I am using secure or site properly. None of this is for the public. It is for an organization that only wants their members to have access, although remotely over the Internet.
The site, where the user logs in , is an https site, for example (https://mt1234.xconnection.com/signin/xxx.htm). This sends a logon screen, & it verifyies id & password. If OK it transfers to a menu. If my web programs option is selected from the men, it then transfers to my directory and program via , for example, http://mt4568.xconnection.com/mydirectory/.default.aspx?variousparameters.

I have been told that my site used to be on a different machine and different domain name, but is now on the same machine, but a different site.

Only after changing it to this new setup did the problems start. Before if my programs http address was put directly into a url, it would get sent to the login site. Good. We want this. Everyone happy. Now since it has been changed, typing in my program's http url directly, gets directly in, no login required. Not good.

Not getting much help from the server/set up people. They think I should control this in my program. Happy to do so but how?

The program, which I inherited has Windows Authentication in the Web.config. Can I use Forms authentication across "sites" like this has? Can I tell if is coming from outside and not going thru the normal route of password verification? Should I be able to do this in my program? Can or should the server itself be set up with some permissions or denials?

I have been reading, reading, about security, authentication, authorization, BUT NOT GETTING TO AN UNDERSTANDING. This is my first time with this & WOW.

Thanks for any help anyone can give.

.

Relevant Pages

  • Re: WM5 can not sync to exchange
    ... I checked all the authentication settings and they are as you requested. ... After running the internet connection wizard I had to uncheck the Require ... On the SBS 2003 Server open the Server Management console. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • RE: WM5 can not sync to exchange
    ... code 85010014 during ActiveSync with SBS. ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • Re: WM5 can not sync to exchange
    ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... Collect the IIS metabase on Exchange Server and send to me: ...
    (microsoft.public.windows.server.sbs)
  • Re: Nokia E50 ActiveSync problem with SBS2003 SP2
    ... Open IIS Manager ... Open properties of virtual directory OMA ... Click Start on your SBS server, ... And then please verify Authentication settings by the following steps. ...
    (microsoft.public.windows.server.sbs)
  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)