Ask a Question related to ASP.NET Security, Design and Development.
-
Michael Ulmann #1
Crypto API problem while using forms authentication
Hi,
I'm developing a webapplication. I would like to use forms authentication
instead of integrated windows authentication because i don't like this pop
window to log on. My users are stored in the active directory and in order
to get access to the database (sql server) i need to impersonate.
Unfortunately i got the following error in the line
("FormsAuthentication.SetAuthCookie( Context.User.Identity.Name, false ))")
after impersonate:
my source:
public class index : MasterPage {
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll",
CharSet=System.Runtime.InteropServices.CharSet.Aut o, SetLastError=true)]
public extern static int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
protected TextBox txtUserName;
protected TextBox txtPassword;
protected System.Web.UI.WebControls.Label output;
protected HyperLink lnkLogin;
private void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
lnkLogin.Attributes.Add ("onClick", "fnLogin(); return false;");
lnkLogin.NavigateUrl = "#";
lnkLogin.Text = "Login";
}
else
{
if (CheckLogin (txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.SetAuthCookie
(Context.User.Identity.Name,false);
FormsAuthentication.RedirectFromLoginPage (txtUserName.Text,
false);
}
}
}
private bool CheckLogin (string user, string pass)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUser(user, ConfigurationSettings.AppSettings["DomainName"],
pass, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null) return true;
else return false;
}
else return false;
}
else return false;
}
}
Michael Ulmann Guest
-
Problem in forms authentication
Hi friends, We have an web application which contains several folders & we are trying to implement forms authentication. Login page for the... -
forms authentication problem
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying... -
debugging forms authentication problem
Hi, i have vb.net web application. directory admin have web config that requires be in role Admin upon first request it redirects to login... -
Forms authentication in a subfolder problem, please help
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain... -
Problem with Forms Authentication
I have an application using FormsAuthentication that does not persist the authentication cookie beyond the session so each time a user starts a...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
