Subject: Re: Question Concerning AD Authentication - msg#00018

Previous Message by Date: click to view message preview

Re: Typed Dataset/Web Services Issue

Shawn -- Yeah, the WSDL is autogenerated. Any good tips on how change that? I'm a novice at wsdl. Jeff --- Shawn Wildermuth <swildermuth_lists@xxxxxxxxxx> wrote: > Is the webservice using automatic WSDL generation? > (e.g. ?wsdl) If so, it > isn't getting the schema from the TDS's but > inferring it. You may have to > craft your own WSDL that inlcudes the .xsd from the > TDS. > > > Thanks, > > Shawn Wildermuth > http://adoguy.com > C# MVP, MCSD.NET, Author and Speaker > > > > > -----Original Message----- > From: Discussion of building .NET applications > targeted for the Web > [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Jeff Little > Sent: Thursday, November 03, 2005 8:29 AM > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > Subject: [DOTNET-WEB] Typed Dataset/Web Services > Issue > > The web component of my app includes a typed dataset > and several web > services that are called from the business logic > layer. I have annotated > the typed dataset to provide nullValue values for > all nullable fields, and > the .vb file for my typed dataset reflects this. > > My problem comes in the business logic layer. When > I add the web reference > to my main web service, which utilizes the typed > dataset, the Reference.vb > file that is created does not reflect any of the > nullValue values, instead > throwing the StrongTypingException. > When I dig into the files in the web reference > folder, the schema does not > reflect the inclusion of the nullValues. > > It seems that the Reference is using an old schema, > or is pulling it from > somewhere else. Any ideas? Shawn, > are you there?! ;-) > > Jeff > > =================================== > This list is hosted by DevelopMentorR > http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > > =================================== > This list is hosted by DevelopMentor® > http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > > =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com

Next Message by Date: click to view message preview

parsing text through the ASP.NET engine

hi all, I have some text in a database (think CMS), and I'd like to be able to run it through the ASP.NET to render it, before it is displayed on the page. For example, the text might have something like "Hi <%=Session[ "FormattedName" ] %>..." in it. Does anyone know how I could get the ASP.NET engine to render it correctly?

Previous Message by Thread: click to view message preview

Re: Question Concerning AD Authentication

Erick, <Do the passwords in SQL correspond to the AD passwords?> Not necessarily, the user could have used the same password for our web based application as their active directory password but we can't be sure of that. We do not want to store the user's active directory password at all. As a matter of fact, once the conversion is complete we will eliminate the password field from our database. <It's only the cases of an expired/reset password that you're having problems with, correct?> Exactly, everything else we have done works splendidly. We only have an issue authenticating a user who has the "user must change password at next login" box" checked or whose password has expired. You would think there would be a way to accomplish this because Windows does it. In other words, when either of these conditions are true you still have to authenticate to Windows with the correct username/password combination. As far as the properties goes - I can determine when a password needs to be reset with just the user's login name, I just can't determine that the password they gave me is correct until I try to change it. This doesn't seem to be a good way to "authenticate" someone. I appreciate your input on this. I have also contacted some insiders at Microsoft looking for an answer. Kevin -----Original Message----- From: Discussion of building .NET applications targeted for the Web [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of Erick Thompson Sent: Wednesday, November 02, 2005 7:29 PM To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx Subject: Re: [DOTNET-WEB] Question Concerning AD Authentication Kevin, From my understanding, you have the passwords in SQL, correct? Do the passwords in SQL correspond to the AD passwords? Either way, once you have the username (not the password), you can use the DirectoryServices classes to get all of the Active Directory information, which should include details on if the password is expired, or has been reset. I don't remember the specific properties off the top of my head, but if you look at accounts in ADSI edit, it should be fairly easy to find. If the account password doesn't need to be changed, then you can use your existing system. It's only the cases of an expired/reset password that you're having problems with, correct? Erick > -----Original Message----- > From: Discussion of building .NET applications targeted for the Web > [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burnett, Kevin > Sent: Wednesday, November 02, 2005 3:40 PM > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > Subject: Re: [DOTNET-WEB] Question Concerning AD Authentication > > Erick, > > Thanks for the reply. I understand what you are saying but > unfortunately letting IIS handle the security won't work for us > because we are not going to convert all of the users at once. We have > hundreds of users and want to convert them in batches to ease the > transition. I, like you, am not sure if IIS handles a password change > via challenge/response anyway. > > The only way I know for sure to confirm a user's credentials with an > expired password is to try and change the user's password > programmatically. This doesn't seem like a good idea though, at least > the process doesn't flow very well with the way our site is currently > laid out. > > Kevin > > ________________________________ > > From: Discussion of building .NET applications targeted for the Web on > behalf of Erick Thompson > Sent: Wed 11/2/2005 4:04 PM > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > Subject: Re: [DOTNET-WEB] Question Concerning AD Authentication > > > > Kevin, > > We have a system that is very similar. There are a number of > approaches that you could use. First, you can change the website part > to use integrated security, and let IE/IIS handle getting and checking > the username/password. You have access to the WindowsIdentity if you > need it, but it may not address the problems you've hit. IIRC, it will > work with expired/need to change passwords. > > Other options are to use AD/ADSI to get the User information (before > checking password) and looking for those error conditions (expired pw, > etc). Use the classes in the System.DirectoryServices > assembly/namespace for this. > Redirect as needed, and if the user looks fine, then check the > password. > > Having built a system like this, I would highly recommend using the > integrated system, as it leverages the framework the best (AD groups, > full names, phone numbers, etc, etc). If you use the user > impersonation in ASP.NET, you get to use the integrated security for > SQL as well. > > Our systems are domain computers, so it's a little simpler. > If you're web only, turn on integrated security, then have a custom > error for the HTTP not authorized error that redirects the user to a > password/account management website/page. Look at custom errors in > IIS. > > Let me know if this makes sense, > Erick > > > -----Original Message----- > > From: Discussion of building .NET applications targeted for the Web > > [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burnett, Kevin > > Sent: Wednesday, November 02, 2005 12:58 PM > > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > > Subject: Re: [DOTNET-WEB] Question Concerning AD Authentication > > > > Erick, > > > > Currently we retrieve the user name and password from the user and > > compare it to values in a table in Microsoft SQL server. > We want to > > transition our users over to using their active directory > account user > > name and password. > > > > Kevin > > > > -----Original Message----- > > From: Discussion of building .NET applications targeted for the Web > > [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of Erick Thompson > > Sent: Wednesday, November 02, 2005 1:07 PM > > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > > Subject: Re: [DOTNET-WEB] Question Concerning AD Authentication > > > > What method are you currently using to authenticate the users? You > > mention SQL Server and LDAP, but that leaves a lot of > possibilities. > > I'm assuming that you get the account name and password as > part of the > > web portal, or do you use some other method to login (digest, > > integrated auth, basic, etc). > > > > Thanks, > > Erick > > > > > > > -----Original Message----- > > > From: Discussion of building .NET applications targeted > for the Web > > > [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Burnett, Kevin > > > Sent: Wednesday, November 02, 2005 7:48 AM > > > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx > > > Subject: [DOTNET-WEB] Question Concerning AD Authentication > > > > > > All, > > > > > > We are in the process of converting our web portal from a > > proprietary > > > authentication method utilizing SQL server to an > > authentication method > > > > > that utilizes active directory via LDAP as the > > authentication medium. > > > We are coding in C# and have already written the majority > > of the code. > > > During testing I discovered that a user with valid > > credentials would > > > not authenticate under these two circumstances: > > > > > > 1. If the "user must change password at next login" box is > > checked in > > > active directory. > > > 2. If the authenticating user's password is expired. > > > > > > Changing the user's password is not a problem, it's just > not a very > > > good solution in this situation as we can't > "authenticate" the user > > > prior to moving them to a change password screen. What we > > really need > > > > > is an authentication method that returns some sort of a > code saying > > > "yes, this is the proper credentials but this user has an expired > > > password or has the "password must be changed at next > > logon" flag set. > > > > > > I have researched these issues on the Internet and > discovered that > > > it's an issue that no real workaround exists for as > > currently written. > > > > > I have found references to SSPI (Security Service Provider > > Interface) > > > and ADSI (Active Directory Service Interface) and although I have > > > found evidence that these may do what we need I have yet > to find a > > > document or example discussing a solution. > > > > > > Can someone steer me in the right direction? > > > > > > Kevin > > > Lead Software Analyst > > > Texas Health Resources > > > > > > > > > > > > > > > The information contained in this message and any attachments is > > > intended only for the use of the individual or entity to > > which it is > > > addressed, and may contain information that is PRIVILEGED, > > > CONFIDENTIAL, and exempt from disclosure under applicable > > law. If you > > > > > are not the intended recipient, you are prohibited from copying, > > > distributing, or using the information. Please contact > the sender > > > immediately by return e-mail and delete the original > > message from your > > > > > system. > > > > > > =================================== > > > This list is hosted by DevelopMentor(r) http://www.develop.com > > > > > > View archives and manage your subscription(s) at > > > http://discuss.develop.com > > > > > > > > > > =================================== > > This list is hosted by DevelopMentor(r) http://www.develop.com > > > > View archives and manage your subscription(s) at > > http://discuss.develop.com > > > > > > > > > > The information contained in this message and any attachments is > > intended only for the use of the individual or entity to > which it is > > addressed, and may contain information that is PRIVILEGED, > > CONFIDENTIAL, and exempt from disclosure under applicable > law. If you > > are not the intended recipient, you are prohibited from copying, > > distributing, or using the information. Please contact the sender > > immediately by return e-mail and delete the original > message from your > > system. > > > > =================================== > > This list is hosted by DevelopMentor(r) http://www.develop.com > > > > View archives and manage your subscription(s) at > > http://discuss.develop.com > > > > > > =================================== > This list is hosted by DevelopMentor(r) http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > > > > > > The information contained in this message and any attachments is > intended only for the use of the individual or entity to which it is > addressed, and may contain information that is PRIVILEGED, > CONFIDENTIAL, and exempt from disclosure under applicable law. If you > are not the intended recipient, you are prohibited from copying, > distributing, or using the information. Please contact the sender > immediately by return e-mail and delete the original message from your > system. > > =================================== > This list is hosted by DevelopMentor(r) http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > > =================================== This list is hosted by DevelopMentor(r) http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com

Next Message by Thread: click to view message preview

ASP.NET 2.0 Converted project : datagrid problem

Hello, I've converted an existing ASP.NET 1.1 project to Visual Studio 2005. There is a problem with the Datagrid control. The Update & Cancel commands are not working anymore. Ive noticed that the postback genrated javascript has changed since ASP.NET 1.1. For Example in ASP.NET 1.1, the Updade shortcut is "javascript:__doPostBack('dgReceivedHistory$_ctl3$lbValidate','')" In 2.0 it is now "javascript:__doPostBack('lbValidate','')". The main differences is that there is no more reference to the datagrid in the client ID of the control... Any help apreciated. TIA. =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com