I am currently working on a windows phone 6.0 application. This application accesses the files and database on my desktop.
Now I can get this app connect the database sql-server 2005 via user/password authentication, but cannot via windows integral authentication. Is there any trick here?
I cannot get access to the file on my desktop. Always got the exception "[System.ArgumentException] = {"Value does not fall within the expected range."}" Should I configure something to make the windows phone to visit the file system on my desktop not on the phone?
Can anyone shed some light on this? Thanks.
What is the connections string you are currently using?
It should look similar to this:
"Server={YourServer};Initial Catalog={YourDatabase};Integrated Security=SSPI;User ID={YourLogin};Password={YourPassword};"
You still have to supply a user id and password because the device has no knowledge of a user that is currently logged into it. Also make sure to add a domain to the user id if needed.
Related
I'm about to start development work on .NET 4.0 winforms application running on top of a Microsoft SQL Server 2012 database.
The number of users supposed to use the application might be any where between 2 to 10 and the application should be able to run either on a single stand alone computer or in an intranet in a windows environment.
in case the application is run on a single computer, each user would log into the application (not into windows) and perform what ever tasks they are authorized to do and then log out of the application.
If the application is configured to run on a small intranet, each user would log into the application from there respective office computers and do what ever they are authorized to do.
So, the application can run on a single none networked machine, where a single windows login account is being shared by staff at the facility but i have a requirement to allow access to certain application functionality depending on who is logged into the application, NOT who is logged into windows as the account might just be shared.
I have previously deployed ASP.NET applications in networked environments and used the SQL Membership, Roles and Profiles provider for authentication and authorization While for winforms apps, i have relied on active directory authentication.
Now with this particular project, i am wondering what the best solution might be. Probably some one here has implemented a solution for such a scenario and can give advice.
I have looked at this http://www.codeproject.com/Articles/27670/Implementing-Application-Security-with-Client-Appl solution but i still want to hear from the SO masses.
ALSO, any recommendation for a better post Title is welcome.
Once I worked in a WinForm application which was supposed to run on intranet, each user would log into the application....and this application was using centralized web service to authentication and other CRUD operation....The service was mediator between WinForm app and DB.
The approach given in code project article which u mentioned in question...is also fine.
Anyway I also got curious here....As you said u are about to start development in .Net 4.0 Winform.....I would like to understand why you made this choice over WPF? What reasons u got to favor WinForm in your scenario ?
I have a current silverlight app that runs within an asp.net browser window, as part of our intranet site.
I really need to have the username from the system on who is logged in.
I have a test system running as a OOB, that will perform the required actions to get the username from the system.
The question i have is this.... can the OOB silverlight application still reside in the intranet page as it did when it was not flagged as an OOB application?
thanks
tony
In Silverlight 4 OOB you can use the AutomationFactory when the App is running with elevated permissions.
var username = "";
if (App.Current.HasElevatedPermissions)
using (dynamic shellObj = AutomationFactory.CreateObject("WScript.Network"))
userName = shellObj.UserName;
Note that you need to reference
Microsoft.CSharp.dll and
System.Core.dll
Read more on this topic on Justin Angels Blog
If you are deploying a Silverlight 4-application it has to run out of the browser as the sandbox inside the browser does not allow ElevatedPermissions. If you decide to use Silverlight 5 you can enable ElevatedPermissions with an administrative account for in-browser apps (msdn.microsoft.com/en-us/library/ee721083(v=vs.95).aspx).
Though you can of course run the app inside the intranet-page it has no elevated permissions as long as you (or the user) don't install and run it OOB. Thus the app will not be able to access the username.
It seems this restriction is partially gone with Silverlight 5 but I have not tested this, yet and cannot tell you if you could go the way described above.
I can only guess how you're going to use the username, but if you're planning to use it for authentication or authorization, you should do a bit more research.
If you want to actually authenticate the user, the server must be the one to do so. eg: asking for a username & password, windows authentication, etc. The username (and even the domain) that's running on a PC shouldn't be trusted to be correct.
In my Silverlight application I host a domain service that needs to copy and read files elsewhere on the network. The problem (at least I think) is that RIA services are running under the ASP.NET account and does not have access to the UNC share I need to get to. For example, I have a share that looks like this:
\\SERVER_NAME\Directory\File.TXT
When debugging on my local machine, the user context is the logged in user, so everything works, but when I deploy to my IIS7 server, the user is whatever ASP.NET uses.
How can I allow my service to access files across my domain?
You should create an appPool in IIS7 with the identity of that pool set to a user with the privileges to do what you want.
I would consider if those privileges constituted a security risk and if the application needed securing.
For more detail and help on appPools please see here.
Im currently working on registration of our application. Basically we have a simple concurrent licensing system so when the user logs in we store their computer name and logon name to uniquely identify them. This is done from a simple winforms app that allows us to retrieve this data.
We now have a brother silverlight project that must work in the same licensing. The situation being that if a user logs into the winforms app they will use one license and if they log in on our silverlight app it will still use the one license because they are accessing it from the same computer.
The problem is that we cannot retrieve the clients machine and logon name with the silverlight application.
Can anybody think of a way of handling this? Or am i going bout it totally the wrong way.
Thanks
Forms or Windows authentication.
Once authenticated you can retrieve anything you want (such as user claims, user profile...etc) which is provided through a web service. This of course mean you are communicating with some database somewhere.
I don't know much about AIR apps, but I like what I'm seeing so far. So now, I'm wondering if this type of app would make sense in the intranet at work.
Before I invest time and effort into ramping up on AIR development, I would like to know: is it possible for an AIR app on Windows to do single sign-on authentication against Active Directory? I'm thinking of maybe an AIR app that uses a logged on user's Windows credentials to connect to web services hosted on IIS with Windows auth turned on.
I know that IT security would get on my case if I rolled an app that makes a user enter a password. Any workaround that's not kludgy and accomplishes SSO with AD would be cool too.
I have successfully setup Tomcat 6.0.26 running on CentOS 5.4 (Final) with Java 1.6.0_17-b04 using the SPNEGO servlet filter from spnego.sourceforge.net to automatically authenticate WindowsXP SP3 with IE 7.0 against a Windows 2003 R2 Active Directory domain. In addition, I have an Adobe AIR application developed for use on an intranet that can also authenticate via SPNEGO just like IE7.
Before getting Tomcat working on CentOS, I followed the "pre-flight checklist" and "install guide-tomcat" links at sourceforge.net to get Tomcat working with the SPNEGO filter on a Windows XP server. Once I got things setup so that IE could auto-authenticate, Adobe AIR just worked.
Once I had the username, I wrote some code to pull user groups from the AD LDAP. Helpful links for Java LDAP code may be found at starting at http://forums.sun.com/thread.jspa?threadID=726601.
Definitely. If SSO works in IE it works in your AIR app. We are currently deploying an app that does just this.
AIR running on Windows will use the SSO settings from Internet Explorer. As long as your users can login with SSO in IE, they can do the same in AIR. This can be done with group policy settings pretty easily: add your site as an Intranet site, enable Integrated Windows Authentication, and you're good to go.
Haven't run into any problems so far. We've tested it with about 10 users. YMMV.
Using AIR you can read files from the file system and you can open network connections, so that should get you somewhere.
What would the use of the SSO be? Describing a possible job that this AIR app should perform will help people to give a more helpful answer.
Charles,
If you have an example of some code that pulls I.E. credentials, I would be really grateful to see it. I'm working on building a Flex app that accesses content on a SharePoint server that uses the active directory to authenticate permissions.