Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

automatic windows or forms authentication to a site whitout asking username/password

Hello,

Im writing an ASP.NET 2.0 web application that implements SSO. In order to do that I need to access other ASP.NET web applications(these are hosted on IIS 6.0 or 5.0 and I have no access to them). The sites that I need to access use windows or forms authentication. I need to transparently  authenticate the users  of my application to these sites, without prompting for their password a username (I have valid  passwords and usernames for the sites that I need to access and Ill use them to log in automatically, in the code).
There are 2  problems. How can I do this transparent authentication:
1. for the sites that are using Windows authentication:  avoid prompting for user and password and login automatically(NTLM authentication);
2. for the sites that are using forms authentication: skip the login page and login automatically.

Thanks!

0
vicentiuberneanu
Asked:
vicentiuberneanu
1 Solution
 
banks1850Commented:
This is more of a programming issue then an IIS issue, you need to pass the credentials in the connection string to the other sites.  I don't know exactly how to do that, but I imagine if you redirect this post to the asp forums they will be able to help you very quickly.
0
 
iamtoneCommented:
You want to import the security Namespace into your project like this (this is vb.net.
Imports System.Web.Security

You will then have access to FormsAuthentication.Authenticate Method, which allows you to pass the user name and password.

Sub Login_Click(sender As [Object], e As EventArgs)
   If FormsAuthentication.Authenticate(username.Text, password.Text) Then
      FormsAuthentication.RedirectFromLoginPage(username.Text, True)
   Else
      status.InnerHtml += "Invalid Login"
   End If
End Sub 'Login_Click

You can find out how to use the web.config to store this info as well, go here.
http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=85&printer=t
0
 
vicentiuberneanuAuthor Commented:
Iamtone, I need to acces pages that belog to web applications different than mine
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
iamtoneCommented:
I see what you mean. Peter A. Bromberg wrote an artical that might help. Check out.

http://www.eggheadcafe.com/articles/20010126.asp
0
 
vicentiuberneanuAuthor Commented:
iamtone i know the article; that I know how to do it, but i need to redirect the user to the page and he must be logged in, not to get the response back from the server
0
 
iamtoneCommented:
As far FormsAuthenticate cookie is stored as non-persistent cookie, so you would have to store user's clientside cookie, your FormsAuthenticatec.cookie  authenticate tokens on the clients machine. That way when they would goto the redirect it should let them in.
0
 
iamtoneCommented:
Yes, try using FormsAuthentication.SetAuthCookie(userName.Text, false) method. This should get you on the right track.
0
 
palurdoCommented:
For server authentication, use this URL format:

http://username:password@www.website.com/

(this will log in automatically without user/pass prompt)

For form authentication, get a persistent cookie (check the never expires when autenticating from the form, and log the http response) then send that cookie whenever you make a http requet for that server.
0
 
nauman_ahmedCommented:
>>1. for the sites that are using Windows authentication:  avoid prompting for user and password and login automatically(NTLM authentication);

Check the following article:

Using programmatic Impersonation from an ASP.NET Page
http://west-wind.com/weblog/posts/1572.aspx

>>2. for the sites that are using forms authentication: skip the login page and login automatically

Login using FormsAuthentication as suggested.

--Nauman.
0
 
vicentiuberneanuAuthor Commented:
The FormsAuthentication methods don't work here because I try to access a different web application.
The method that palurdo mentioned doesn't work for windows authentication(this works for ftp).

I know the article that nauman talks about, but when I try to redirect with Response.Redirec after the impersonationt, the login prompt apears again. I can only get the answer from the server(the same thing as in the article mentioned by iamtone: http://www.eggheadcafe.com/articles/20010126.asp)

I want to be more explicit. My site is: http://localhost/test.aspx. I have one button on my test.aspx  page that I want to redirect me to site that I want to be logged in: for example: https://forums.asp.net(forms).

I have another button that redirects me to a windows authentication site for example: http://banker.thomsonib.com.

I want for both to skip the manual authentication(I have valid users and passwords) and to redirect user to the page that requires authenticated acces.

From my researches till now,  the problem is not to authenticate the user but when I want to redirect the user.

Thank you!
0
 
iamtoneCommented:
How far have you gotten? Can you post some code?
0
 
vicentiuberneanuAuthor Commented:
For Windows authntication:    

String MyURI = "http://banker.thomsonib.com/";

        System.Net.HttpWebRequest req = (HttpWebRequest)WebRequest.Create(MyURI);
        NetworkCredential cred = new NetworkCredential("test@test.com", "test", "");
        req.Credentials = cred;
        req.KeepAlive = true;

        HttpWebResponse res = (HttpWebResponse)req.GetResponse();
        Stream resst = res.GetResponseStream();
        StreamReader sr = new StreamReader(resst);
        string response = sr.ReadToEnd();
        Response.Write(response);



Forms authentication:


string url = "http://global.factiva.com/sb/default.aspx?NAPC=S&fcpil=fr";

       
        System.Net.HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
        string proxy = null;

       

        string data = "test";

        byte[] buffer = Encoding.UTF8.GetBytes(data);


        req.KeepAlive = true;

               req.Method = "POST";


       
        req.ContentType = "application/x-www-form-urlencoded";
        req.ContentLength = buffer.Length;
        req.Proxy = new WebProxy(proxy, true); // ignore for local addresses

             CookieContainer cc = new CookieContainer();

            req.CookieContainer = cc;
       
              Stream reqst = req.GetRequestStream(); // add form data to request stream
        reqst.Write(buffer, 0, buffer.Length);
        reqst.Flush();
        reqst.Close();


        HttpWebResponse res = null;

        try
        {

            res = (HttpWebResponse)req.GetResponse();
        }
        catch (Exception ex)
        {
            string stre = ex.ToString();
        }

        Stream resst = res.GetResponseStream();
        StreamReader sr = new StreamReader(resst);
        string response = sr.ReadToEnd();

        Response.Write(response);
0
 
iamtoneCommented:
Are you getting any errors on this?
0
 
vicentiuberneanuAuthor Commented:
No errorrs
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now