.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

kerberos authentication

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :ASP.Net
 

Hi ALL,

I am new to ASP.Net web application and I need to learn Kerberos authentication urgently. I have gone thorugh the basic mechanism of it but I need a sample project to learn the kerberos authentication. Can anybody please help me in these...

Suppose, a web page containg text boxes for user Id and password..and when the form is submitted, Kerberos authentication is done for that user...a simple web application that uses kerberos authenticatino.

can anybody please help me by providing this type of sample application so that the coding part can be understood. 




View Complete Post


More Related Resource Links

Windows 2008 R2 kerberos authentication

  
Hi i have install windows 200R2 with blackpearl but i have this issue with Kerberos Authentication the same account when using ie8 on the local machine allows me to login while the same credientials using ie7 & ie8 on remote machine will keep prompting for credentials; any advise on this?

Kerberos Authentication with WCF Client Fault Exception

  
Hello, I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL.   System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.    at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()    at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)    at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)    at Microsoft.Web.Services3.Security.EncryptedData.Decrypt() &nbs

WCF Kerberos Authentication Custom Binding

  
Hello,I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL. `System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.    at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()   at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)   at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)   at Microsoft.Web.Services3.Security.EncryptedData.Decrypt()   at Mic

Kernel-Mode authentication without Kerberos

  

I have installed a new SharePoint 2010 farm and am using NTLM authentication.  When i try to access CA i am asked to login 3 times. After doing so i have a blank screen.  I have seen many posts here and elsewhere with this same symptom and it looks like it is usually a problem with Kerberos, but i am not using that.

I have determined that if i enable kernel-mode authentication all seems to work. i have tested several times enabling and disabling kernel-mode authentication in IIS and it always works.  If kernel-mode is enabled i can get to CA if kernel-mode is disabled i cannot get to CA.  What is troublesome is i have read a few posts that say that for SharePoint Kernel-mode should be disabled. So my question is, should i have kernel-mode enabled on sharepoint iis web sites when i am not using Kerberos?  And what about this extended protection?

Steven Albrecht
University of Colorado Denver


Windows authentication using SSRS 2008 R2 on separate machine from SQL db engine - Kerberos required

  

Is this still an issue in SSRS 2008 R2:  Can't use Windows authentication (integrated security) when the SQL database server is on a different machine than Reporting Services -- unless you (1) use Kerberos security, or (2) store credentials, or (3) use credentials supplied by the user when running report AND use as Windows credentials to impersonate?

I have SSRS 2008 R2 set up on a different machine than MSSQLServer 2008 R2.  When I create a report on the SSRS server that uses a data source specifying Windows integrated security, my symptom is that I get the following  error:

Cannot create a connection to data source 'myDataSource'. ---> System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Here is a blog describing the problem under SSRS 2005 (with IIS): http://blogs.msdn.com/b/jgalla/archive/2006/03/16/reporting-services-and-windows-authentication.aspx

Thanks!

-Tom


Richard Thompson

Windows Integrated Authentication and Kerberos delegation.

  

I currently have 2 seperate domains.

Domain A

Domain B

 

No domain trust has been establish.

 

In this scenario, if user is connected to Domain A via its desktop. Is there a way to access to a SQL Server in Domain B without using SQL authentication.

 

I heard of kerberos but would that solve my issues ?

 

Regards

GGB


SharePoint 2010 Network Load Balancing and Kerberos Authentication

  

Hello all. Thanks for taking a look at this...

To put it simply, kind of, I have a SharePoint 2010 farm with 1 web application (non default port) using kerberos authentication with 2 load balanced web front end servers.

Example:
web01.domain.com:8090
web02.domain.com:8090
NLB = web.domain.com

The NLB is setup at web.domain.com (on port 80), as mentioned above, and directs traffic to either web server on port 8090.

Notes:
An SPN has been setup for the NLB url with the web applications service account.
Delegation has been setup on the web app account and the web servers.
I am not using host headers for this web app.
I have setup the useapppoolcredentials instead of disabling kernel mode in IIS7 (tried it with it disabled too)

I tried this just in case...Registered SPNs for both web servers, with and without port numbers, and with and without fqdns.

The Problem
Kerberos authentication will not work when the NLB is set at port 80. If I set the NLB to match the web application port, 8090, kerberos authentication works fine and all is well.

This may be an obvious issue, but i cant put my finger on what I am missing.

Simply put, i would just like to have the users type in web.domain.com (the NLB url) instead of having to put in web.dom

WCF Kerberos authentication sends request twice

  

Hello,

I have a problem where all my client requests are sent twice to the WCF service. The first request sent is anonymous and receives a 401 response so the client sends the request a second time with the proper authentication information. With NTLM this happens only once when the connection is open but with Kerberos it happens for every request! This is awful for performance and after looking a long, long time on the Internet I simply couldn't find a solution, and I'm afraid there might not be one. It seems to be the way it works. But I thought I'd ask the question here and hope that somebody has a solution to prevent these double requests with Kerberos.

Here is my simplified binding definition:

 

Remoting Issue - Authentication Type changes from Kerberos to NTLM in Thread.CurrentPrincipal.Identi

  

Am facing followingproblem, Authentication Type changes from Kerberos to NTLM in Thread.CurrentPrincipal.Identity where as the user name comes properly while calling the method of service2 through remoting from service1.

Actually the problem scenario is as follows, from client am making calls to service1 and from the service1 am making the call to another service2 where the problem occurs.

             Kerberos                              NTML
Client ----------------> Server1 -------------------------> another service2
         remoting call                      remoting call

But When I made the remoting call from the client directly to service2, am getting the security type as Kerberos properly.

Please advise.

Am running out of time, looking for you valuable comments...!!!

 

Thanks


Explained: Forms Authentication in ASP.NET

  
This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

  
Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

  
Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

  
.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

  
In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication

  

I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,


Problems with Forms Authentication in DD 4 site

  

Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     
        </authentication>

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!


Sharing authentication ticket between two applications

  

Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory


At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.


Many thanks!


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend