Lightswitch Forms Authentication issues based on windows user? - silverlight

First my apologies if I failed to find an answer searching - I tried a variety of search topics but none that were directly related.
I have a Lightswitch app deployed and working fine, running on IIS 7 and Windows Server 2008. It is an internal intranet app only.
I am using only FORMS AUTHENTICATION, all others are disabled.
The app works fine for MOST windows users.
However, some windows users get nothing but a blank screen - no login, no "loading..." and no silverlight "98%" display.
In the IIS log, I don't even see where it looks like it is being accessed when they attempt to load the app?
So, my question is, since this is FORMS authentication only, what could be causing it to NOT work based on which windows user is trying to run the app?
In other words, on the same Windows 7 machine, it works for 10 users, but not for others.
by the way, the application is remote - it is not running on the local machine.
The users ARE able to access the other ASP.NET applications hosted by the same IIS server in the same root inetpub folder.
The lightswitch application is using the ASP.NET v4.0 Classic app pool in calssic managed pipeline mode.
Any help greatly appreciated!!!
Happy to post any details/config/logs - I did not do so yet as I wasn't sure what would be most useful....

On the users machine you need to use Fiddler or the F12 tools in Internet Explorer to see exactly what calls are being made to the server and which ones are failing. LightSwitch is just an ASP.net website that launches a Silverlight application.
So the only other thing I can think of is that those users do not have Silverlight installed on their machines?

The users need to install the latest version of Silverlight. Apps built with LightSwitch 2011 require v4 or above and those built with LightSwitch for Visual Studio 2012 require v5
Silverlight Installation

Related

MVC File Download asking for Authentication

I encountered a weird scenario. I have created an MVC2 Application and deployed it to IIS7, to 2 web sites (Default Web Site and another manually created "Test Web Site" ... they are using different application pools targeting v2.0). I am using SQL 2008 R2 Filestream feature to store files.
The problem I have is that I have a feature where the user browsing the site can download a document. The document is created in the server and the server then streams that to the client. The problem is, Default Web Site asks for authentication when user tries to download.
This doesn't happen for Test Web Site and it downloads fine.
Now, I do not have a clue what setting I need to change? The only different things I recall is that I manually created Test Web Site compared to just reusing the Default Web Site and also that I allowed inbound connections to Test Web Site (it was on port 8080).
What are the configurations needed to change so that user can download files from Default Web Site without going through authentication?
Try changing authentication settings in IIS Site->Authentication->Anonymous Authentication set to Enable
Turns out it was conflicting with the SQL Server Reports Manager.
Found this out from here: source

What are the alternatives to Windows security subsystem in .NET winforms applications

I'm about to start development work on .NET 4.0 winforms application running on top of a Microsoft SQL Server 2012 database.
The number of users supposed to use the application might be any where between 2 to 10 and the application should be able to run either on a single stand alone computer or in an intranet in a windows environment.
in case the application is run on a single computer, each user would log into the application (not into windows) and perform what ever tasks they are authorized to do and then log out of the application.
If the application is configured to run on a small intranet, each user would log into the application from there respective office computers and do what ever they are authorized to do.
So, the application can run on a single none networked machine, where a single windows login account is being shared by staff at the facility but i have a requirement to allow access to certain application functionality depending on who is logged into the application, NOT who is logged into windows as the account might just be shared.
I have previously deployed ASP.NET applications in networked environments and used the SQL Membership, Roles and Profiles provider for authentication and authorization While for winforms apps, i have relied on active directory authentication.
Now with this particular project, i am wondering what the best solution might be. Probably some one here has implemented a solution for such a scenario and can give advice.
I have looked at this http://www.codeproject.com/Articles/27670/Implementing-Application-Security-with-Client-Appl solution but i still want to hear from the SO masses.
ALSO, any recommendation for a better post Title is welcome.
Once I worked in a WinForm application which was supposed to run on intranet, each user would log into the application....and this application was using centralized web service to authentication and other CRUD operation....The service was mediator between WinForm app and DB.
The approach given in code project article which u mentioned in question...is also fine.
Anyway I also got curious here....As you said u are about to start development in .Net 4.0 Winform.....I would like to understand why you made this choice over WPF? What reasons u got to favor WinForm in your scenario ?

Cross Domain Silverlight Problem with localhost

I am currently looking into developing a silverlight app. I want to develop the app on my local machine for ease of development. I am using Apache Server on Windows which is hosting php. I am doing a WebClient DownloadStringASync to http://localhost/getData.php but the Silverlight webpage is running in visual studio asp server at http://localhost:54994/MySilverlight.aspx. I think because the silverlight app is running from the vs2010 server and I am making a call to my standard apache server it is having a cross domain problem. When the app is run the innerexception says System.Security.SecurityException at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse.
I have tried putting accesspolicy.xml file in the root of the asp server and the apache server but it still isn't fixing the problem. I know its not a problem with the code as if I run it from my website server and call the webclient request to the same domain it works fine.
Any help you can provide would be great thanks.
I've managed to solve the problem. I needed to have to crossdomain.xml and clientaccesspolicy.xml with the same code. For some reason if I only have one or the other it keeps on bringing up the security exception. As soon as both files in the root of the localhost directory of apache (i.e. in the root of htdocs) the silverlight app works fine

Hosting Silverlight Out of Browser Application in Sharepoint 2007

I am trying to host a Silverlight 3 Out of Browser Application in Sharepoint 2007. My application gets displayed fine; but when I install it as out of browser; and try to run it from desktop; only blank screen is displayed and nothing happens onwards.
The XAP file is kept in _layout/MyFolder/MyApp.xap (Under 12 Hive). Am I missing anything?
My Silverlight app access Sharepoint data through its web services; I need to host it within Sharepoint so that it can access underlying Sharepoint web services.
It seems likely that the ClientHTTP stack used in the OOB mode is the problem. When hosted by the browser the app will use the BrowserHTTP stack and hence would share a common set of cookies. These aren't available in OOB mode.
How for example does the initial browser access to the Sharepoint site authenticate?
Creating an OOB experience against sharepoint may be possible but its likely to require more work.
Edit: Your problem is that NTLM authentication is not supported in the ClientHTTP used in OOB mode. Silverlight-4.0 supports this mode.

Can Adobe AIR applications achieve SSO authentication against Active Directory?

I don't know much about AIR apps, but I like what I'm seeing so far. So now, I'm wondering if this type of app would make sense in the intranet at work.
Before I invest time and effort into ramping up on AIR development, I would like to know: is it possible for an AIR app on Windows to do single sign-on authentication against Active Directory? I'm thinking of maybe an AIR app that uses a logged on user's Windows credentials to connect to web services hosted on IIS with Windows auth turned on.
I know that IT security would get on my case if I rolled an app that makes a user enter a password. Any workaround that's not kludgy and accomplishes SSO with AD would be cool too.
I have successfully setup Tomcat 6.0.26 running on CentOS 5.4 (Final) with Java 1.6.0_17-b04 using the SPNEGO servlet filter from spnego.sourceforge.net to automatically authenticate WindowsXP SP3 with IE 7.0 against a Windows 2003 R2 Active Directory domain. In addition, I have an Adobe AIR application developed for use on an intranet that can also authenticate via SPNEGO just like IE7.
Before getting Tomcat working on CentOS, I followed the "pre-flight checklist" and "install guide-tomcat" links at sourceforge.net to get Tomcat working with the SPNEGO filter on a Windows XP server. Once I got things setup so that IE could auto-authenticate, Adobe AIR just worked.
Once I had the username, I wrote some code to pull user groups from the AD LDAP. Helpful links for Java LDAP code may be found at starting at http://forums.sun.com/thread.jspa?threadID=726601.
Definitely. If SSO works in IE it works in your AIR app. We are currently deploying an app that does just this.
AIR running on Windows will use the SSO settings from Internet Explorer. As long as your users can login with SSO in IE, they can do the same in AIR. This can be done with group policy settings pretty easily: add your site as an Intranet site, enable Integrated Windows Authentication, and you're good to go.
Haven't run into any problems so far. We've tested it with about 10 users. YMMV.
Using AIR you can read files from the file system and you can open network connections, so that should get you somewhere.
What would the use of the SSO be? Describing a possible job that this AIR app should perform will help people to give a more helpful answer.
Charles,
If you have an example of some code that pulls I.E. credentials, I would be really grateful to see it. I'm working on building a Flex app that accesses content on a SharePoint server that uses the active directory to authenticate permissions.

Resources