.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Federated Identity: Passive Authentication for ASP.NET with WIF

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

The goal of federated security is to provide a mechanism for establishing trust relationships between domains. Platform tools like Windows Identity Foundation (WIF) make it much easier to support this type of identity federation. We show you how.

Michele Leroux Bustamante

MSDN Magazine August 2010

View Complete Post

More Related Resource Links

Windows Identity Foundation (Claims Based Authentication) for Reporting Services



I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

Assuming identity of other logged in users in web application using Forms Authentication and Singlet



I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines:

FormsAuthentication.SetAuthCookie(userName, false);
FormsAuthentication.RedirectFromLoginPage(userName, false);

The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time.

In my web.config the authentication mode looks like this:

<authentication mode="Forms">
  <forms loginUrl="LogOn.aspx" name=".ASPXFORMSAUTH">
  <deny users="?" />

The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database.

The Singleton implementation is:

static readonly WebSession instance = new WebSession();


public static WebSession GetSingletonInstance
  get { return instance; }

Could the problem with assuming anoth

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Pass ASP.NET membership identity object across domain?


I am trying to figure a way to SSO with ASP.NET membership and role model.

I can implement custom membership provider which consume web services hosting on a server.

With encryption of data. No problem.

But my question is, If I sign on a website with my provider, got my identity object on that application,

could I pass it to another website on another domain which use the same provider and by doing so, do not need to login again?

If this is possible, I am going to implement this solution. Please tell me what's your take on this.

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

How to authenticate local user usin ldap or non domain authentication



I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.. any how.... please help...

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

helped needed: ASP LDAP authentication failed in IE 8


I use the following code to do the user authentication through Active Directory using LDAP.

entry = new DirectoryEntry("LDAP://" + server, user_name, password);
if (!string.IsNullOrEmpty(entry.Name))
EmployeeNetId = entry.Username.Substring(0, 3);

// Retrieve EmployeeId, and Employee Full Name
EmployeeId = -1;

It works for Chrome, Firefox with no problem. But with IE 8, it works sometimes, and failed on some computers. When it failed, I figured that I need to check SSL 2.0 in IE 8 Internet Options.  It's weird because in those computers that IE 8 works, SSL 2.0 is also unchecked.

Am I using some deprecated method? Or How do I specifiy the SSL version options in the LDAP connection?

Using windows authentication to access SQL when using ASP.NET 4.0 via COM+


I am using SQL Server 2008 under windows authentication, front end is ASP.NET which uses COM+ to access database.

COM+ components are configured to run as domain user.

When looking through the logs (SQL Profiler), I can see the login name as the configured identity instead of windows indentity.

I have got Website running under "Intergrated Windows Authentication" and database is running locally on webserver.

Web configure contains entry for <identity impersonate="true"/>.

My connection string is

connectionString="data source=db01\test01;initial catalog=test; integrated security=SSPI;persist security info=False; Trusted_Connection=Yes"

Any ideas?




Crystal Report Asking for Database Authentication each time when I view Page.


Whenever I open my Crystal Report page, I am taken to the Database Authentication page where I am asked for

User name
Data Name

each time.

Is there a way to avoid this and I save these authentication in my page once.

I am using VS2005, C#.

Any Help will be appriciated.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend