Ask a Question related to ASP.NET Security, Design and Development.
-
Simon #1
Windows Authentication : switching user
Hi,
In my custom asp.net application (authentication = windows), I've
tried to force a reauthentication after a button click by returning
Response.StatusCode = 401;
However instead of reauthenticating once, I'm asked for 3 times
despite the correct userid and password.
Is this due to certain configurations? Or is there any other
alternative available to achieve the same effect?
TIA,
Simon
Simon Guest
-
SQL / Windows Authentication Per User
Does anyone know if it is possible to configure ColdFusion MX 6.1 Enterprise Server to connect to a SQL 2000 Server using Windows Authenitcation... -
Forms authentication <-> Windows user?
Hi, I'm new in ASP.NET and I've got a question about authentication in an intranet application: I want to authentify and authorize the user by... -
ASP.net app with Windows authentication challenging one user only on second visit
Hi All, I have an intranet application that uses ASP.net Windows authentication. It has been working flawlessly for the past year. Recently,... -
ASP.NET Forms Authentication Via A SQL Server Database With Windows User types?
We have built an ASP.NET application that will run on the Intranet using SQL 2000 as our data layer. We have decided to use Form Authentication... -
User Session issue with ASP.NET Forms authentication & Windows 2003
Hi, I first posted this query in just the aspnet ng but didn't get a reply so I'm posting here (probably more appropriate) Hope one of you guys... -
Jim Cheshire [MSFT] #2 RE: Windows Authentication : switching user
Simon,
What does your code look like?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
[email]jamesche@online.microsoft.com[/email]
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------14:12:15 GMT)>From: [email]sturmel@polygon.ca[/email] (Simon)
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Subject: Windows Authentication : switching user
>Date: 5 Apr 2004 07:12:15 -0700
>Organization: [url]http://groups.google.com[/url]
>Lines: 13
>Message-ID: <66d063bc.0404050612.1fb70530@posting.google.com >
>NNTP-Posting-Host: 206.47.108.35
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1081174335 19558 127.0.0.1 (5 Apr 2004cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0>X-Complaints-To: [email]groups-abuse@google.com[/email]
>NNTP-Posting-Date: Mon, 5 Apr 2004 14:12:15 +0000 (UTC)
>Path:
8.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!
news.maxwell.syr.edu!postnews1.google.com!not-for-mailmicrosoft.public.dotnet.framework.aspnet.security: 9515>Xref: cpmsftngxa06.phx.gbl>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hi,
>
>In my custom asp.net application (authentication = windows), I've
>tried to force a reauthentication after a button click by returning
>Response.StatusCode = 401;
>However instead of reauthenticating once, I'm asked for 3 times
>despite the correct userid and password.
>
>Is this due to certain configurations? Or is there any other
>alternative available to achieve the same effect?
>
>TIA,
>Simon
>Jim Cheshire [MSFT] Guest
-
Simon Turmel #3 RE: Windows Authentication : switching user
It's really simple. I use an hyperlink to reload the page with a new URL
parameter and then in my web page codebehind, I check if the parameter
is not null. If so, I send a 401 to force the reauthentication.
if( Request.QueryString["ChangeUser"] != null )
{
Response.StatusCode = 401;
}
I get the windows authentication dialog, but I have to click OK 3 times
before it goes away. Apart from this, everything is fine, the user is
changed.
TIA,
Simon
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
-
Jim Cheshire [MSFT] #4 RE: Windows Authentication : switching user
Simon,
I'll do some more looking as soon as I get a chance, but just right off, it
could be due to the fact that you're not doing a Response.End after sending
the status. For example:
if(Request.QueryString["ChangeUser"] != null)
{
Response.Status = 401;
Response.End;
}
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
[email]jamesche@online.microsoft.com[/email]
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT FEED01.phx.gbl!TK2MSFTNGP0>From: Simon Turmel <sturmel@polygon.ca>
>References: <8U4LnDyGEHA.3436@cpmsftngxa06.phx.gbl>
>X-Newsreader: AspNNTP 1.50 (ActionJackson.com)
>Subject: RE: Windows Authentication : switching user
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Message-ID: <ejN4bWzGEHA.2708@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Date: Mon, 05 Apr 2004 10:44:11 -0700
>NNTP-Posting-Host: actionjackson133.dsl.frii.net 216.17.147.133
>Lines: 1
>Path:
8.phx.gbl!TK2MSFTNGP11.phx.gblmicrosoft.public.dotnet.framework.aspnet.security: 9517>Xref: cpmsftngxa06.phx.gbl>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>It's really simple. I use an hyperlink to reload the page with a new URL
>parameter and then in my web page codebehind, I check if the parameter
>is not null. If so, I send a 401 to force the reauthentication.
>
>
>if( Request.QueryString["ChangeUser"] != null )
>{
> Response.StatusCode = 401;
>}
>
>I get the windows authentication dialog, but I have to click OK 3 times
>before it goes away. Apart from this, everything is fine, the user is
>changed.
>
>
>TIA,
>Simon
>
>*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
>Don't just participate in USENET...get rewarded for it!
>Jim Cheshire [MSFT] Guest
-
Simon Turmel #5 RE: Windows Authentication : switching user
Hi,
I tried with Response.End();, but still no success. I'll be waiting for
your next idea.
Thanks in advance,
Simon
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
-
Javier Miranda #6 RE: Windows Authentication : switching user
Simon
Are you sending a POST or a GET. Try a GET if you are sending a POST
Hope it helps
-Javier M
Javier Miranda Guest
-
Simon Turmel #7 RE: Windows Authentication : switching user
There is no form here. Only a <a href=...>, so it is automatically a GET
in this case.
Simon
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
-
Javier Miranda #8 RE: Windows Authentication : switching user
Simon
It seems like a problem with the URL parameter or HTTP headers. Can you clear/save the IIS log and paste it here after you recreate the behavior
If you do so, remove any company data like IP address and ports before submitting it
Hope it helps
-Javier M.
Javier Miranda Guest
-
Simon Turmel #9 RE: Windows Authentication : switching user
Here is my log file when I click to change the user. I think you should
copy it to a notepad for a better reading.
TIA,
Simon
2004-04-06 15:33:22 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:22 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:22 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 5 0
2004-04-06 15:33:23 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:23 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 5 0
2004-04-06 15:33:23 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:23 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 5 0
2004-04-06 15:33:23 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET /PolygonIntranet/Home.htm ChangeUser=Y
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 5 0
2004-04-06 15:33:24 <IP> GET /PolygonIntranet/Templates/FrameHeader.aspx
NRMODE=Published&NRORIGINALURL=%2fPolygonIntranet% 2fHome.htm&NRNODEGUID=
%7b57AB4E5A-09BA-46A6-B893-4EDA82BFDD39%7d&NRCACHEHINT=ModifyLoggedIn&Ch
angeUser=Y <PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/Templates/FrameNavigation.aspx
NRMODE=Published&NRORIGINALURL=%2fPolygonIntranet% 2fHome.htm&NRNODEGUID=
%7b57AB4E5A-09BA-46A6-B893-4EDA82BFDD39%7d&NRCACHEHINT=ModifyLoggedIn&Ch
angeUser=Y <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/Templates/FrameNavigation.aspx
NRMODE=Published&NRORIGINALURL=%2fPolygonIntranet% 2fHome.htm&NRNODEGUID=
%7b57AB4E5A-09BA-46A6-B893-4EDA82BFDD39%7d&NRCACHEHINT=ModifyLoggedIn&Ch
angeUser=Y <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/NR/exeres/57AB4E5A-09BA-46A6-B893-4EDA82BFDD39,frameless.htm
ChangeUser=Y <PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
2004-04-06 15:33:24 <IP> GET /PolygonIntranet/Styles/VikingMenu.css -
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
2004-04-06 15:33:24 <IP> GET /PolygonIntranet/Styles/Viking.css - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
2004-04-06 15:33:24 <IP> GET /PolygonIntranet/Images/VikingLogo.JPG -
<PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/CommonClient.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/CommonClient.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/CommonClient.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Windows.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Windows.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Windows.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Console.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Console.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Console.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/OptionsClient.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/OptionsClient.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/OptionsClient.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/JavaScriptUIStrings.js - <PORT> -
<IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/JavaScriptUIStrings.js - <PORT> -
<IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/JavaScriptUIStrings.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Dates.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 2 2148074254
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Dates.js - <PORT> - <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
401 1 0
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/CMS/WebAuthor/Client/Dates.js - <PORT>
TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 64
2004-04-06 15:33:24 <IP> GET
/PolygonIntranet/Templates/FrameNavigation.aspx
NRMODE=Published&NRORIGINALURL=%2fPolygonIntranet% 2fHome.htm&NRNODEGUID=
%7b57AB4E5A-09BA-46A6-B893-4EDA82BFDD39%7d&NRCACHEHINT=ModifyLoggedIn&Ch
angeUser=Y <PORT> TESTSERVER\administrator <IP>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CL R+1.1.4322)
200 0 0
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
-
Javier Miranda #10 RE: Windows Authentication : switching user
Simon
I am just looking the log. Is this OK?... " /PolygonIntranet/Home.htm ChangeUser=Y
Notice that the page is HTML. Is ASP.NET processing the file including code?
I noticed many 401... what a discovery ah!, but take a look at the parameter. Still there. Can you try a sesion variable instead of parameter
Javier Miranda Guest
-
Simon Turmel #11 RE: Windows Authentication : switching user
It is processing the ASP.net code, it's a web application working with
Microsoft CMS. The aspx are the templates that htm use. I'll try with a
session variable and tell you the result soon.
Simon
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
-
Simon Turmel #12 RE: Windows Authentication : switching user
I have now tried with a session variable and I have the same problem. If
anyone has an idea, please post it.
TIA,
Simon
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Simon Turmel Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
