Authentication using a client certificate OR a username / password

Hi,

I need to develop a website which uses client certificates for silent login. But when a clinet does not issue a certificate, form based authentication should be used. Is this possible (since I read that for clinet certificates, in IIS Basic, Digest or Windows Integrated security should be enabled, while for form based authentication Anonymous access is needed.

Regards, Ad

-1
areijngoudt
5/14/2008 6:56:15 AM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
797 Views

Similar Articles

[PageSpeed] 37

areijngoudt:

I need to develop a website which uses client certificates for silent login.

Hi

Base on my understanding , you want to protect your site using Secure channel with certificates. but those windows authentication methods get user identity with a challenge/response Authentication method, So all the people who deosn't have appropriate certificates will be redirect to a common html error page (say you are not authorizated to access this page).So I'm afraid you have to create another web site in order to use form based authentication.


Best Regards
XiaoYong Dai
Microsoft Online Community Support

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-1
XiaoYong
5/16/2008 3:40:04 AM
Reply:

Similar Artilces:

Hosting wcf service in iis and authenticating the user with username and password with out using certificates.
I am hosting wcf service in iis 5.1.  A windows service will be consuming this service. I want to pass username and password from windows service to the wcf service, which then the wcf service has to authenticate the user against the sqlserver database using custom membership provider. I don't want to use the certificates. I am using basichttpbinding. When I pass the username and password to the wcf service it does not authenticate againt the database. below is the code and configuration information.  Any help is appreciated. The code that passes the username and id from w...

How to use simple authentication using stored usernames and passwords in web.config?
Hi folks, I'd like to use simple authentication using stored usernames and passwords in web.config. So I created as simple as possible testing site, but .NET framework doesn't use data from tag credentials in web.config but creates database aspnetdb.mdf and tries to authenticate against it, which doesn;t work ... Could you help me, what am I doing wrong? I copied an working example and I can't find the mistake. Thanks, Spud the newbie :) Files:/Admin/Default.aspx/Admin/Login.aspx/Default.aspx/Web.config  /Web.config: <?xml version="1.0"?> <configuration> <system.w...

Canceling client certificate selection displays Secure Channel Client Authentication Required page
Hi, Part of our site (asp.net 2.0, IIS 6 on Win2003) allows clients to be authenticated using client certificates (http://www.unipass.co.uk/About.aspx). IIS has been properly configured to require SSL/128-bit encription and client certificates. When the page is requested, the pop-up to select client certificates is properly displayed, and after the selection of the valid certificate, everything works as it should. However, if the user chooses the "cancel" button on the certificate pop-up the white page is displayed saying only: Secure Channel Client Authentication Required Th...

Client Authentication using certificates.
Hi! I am using libwwwperl to send a post request in HTTPS. I am using client authentication through certificates in Apache+mod_ssl. How to I send the certificate through LWP::UserAgent? any sample code will be of a great help. Thanks in Advance Tusar ===== Tusar K Nayak @Communicators http://tusar.netshooter.com Ph - 91-11-5528098(R) Fax:91-11-5613991 ************************************************* When in doubt, follow your heart. __________________________________________________ Do You Yahoo!? Get Yahoo! Mail � Free email you can access fr...

Calling a web service by using a client certificate for authentication
Hi, I am trying to call a web service to send a 'Ping request' using x509 certificate installed in my local machine. I am adding security credentails like Username and Password  and also sending the x509 certificate to the soap request. This is done using WSE 2.0. I think I am doing it the right way as I dont see any problem in the code. But, I keep getting this response 'Authentication Failure'. I tried writing the contents of the soap request to a log file and looks like the soap header is not getting added to the soap message at all. Please see ...

Calling a web service by using a client certificate for authentication
Hi, I am trying to call a web service to send a 'Ping request' using x509 certificate installed in my local machine. I am adding security credentails like Username and Password  and also sending the x509 certificate to the soap request. This is done using WSE 2.0. I think I am doing it the right way as I dont see any problem in the code. But, I keep getting this response 'Authentication Failure'. I tried writing the contents of the soap request to a log file and looks like the soap header is not getting added to the soap message at all. Please see ...

client authentication with client certificate
Dear community, The need: for synchronizing data we need strong client authentication, especially with client certificate. A way: There is a way to implement an authentication mechanism (" ...or you can implement your own custom user authentication mechanism"), but develop handling certificates is not a simple task. Question: ist there an other way for the authentication via certificate ? Thanks in advance, Michel Michel wrote: > Dear community, > > The need: > for synchronizing data we need strong client authentication, > especially with ...

Using client certificates: "Require client certificates" is enabled on IIS
 Hey world, I have an application that works fine using SSL, but when I enable  "Require client certificates" on IIS it prompts the client for a certificate (behavior kind of expected) but I can't figure out how to create a "Client Certificate" so the client can access the application. I followed step by step this article with no luck:http://support.microsoft.com/kb/901183 (the WinHttpCertCfg.exe –i PfxFile -c LOCAL_MACHINE\MY -p Password  line just wouldn't work) I created a certificate on my test web server using "SelfSSL" and then I exported it as an .P...

Security Concern: Using IP to authenticate client
Hi, I've been having some concerns about potential security risks in a physical architecture I have to work with, and I'm wondering if anyone here can shed some light on it... The physical architecture goes like this: Server : Our web server, hosted by a second party (outside of the companie, but we own it, no access to our internal network, we can access it via VPN, but it is also internet facing) Client A: A normal internet user, connecting to the server  from the outside world Client B: A client that is not authenticated in any ways, shape or form accessing the server via...

performing username/password authentication using datatable
hi, how to perform username/password authentication using datatable. Any Help, Regards. Hi ASP.NET uses Login control which helps you verify username password against any datastore(DB, web service, configuration file and so on), That's all depend on which provider you choose. I hope the following example might help you build your own login page. A step by step tutorial about membership, role, profile http://aspnet.4guysfromrolla.com/articles/040506-1.aspx   The official Microsoft ASP.NET document http://www.asp.net/learn/security/tutorial-04-vb.aspx &n...

Reset AD Password using Smart-Card Client-Certificate
What ASP code is needed in order to allow a user to reset their forgotten password with just their smart-card client-certificate? I've read of organizations that do this, but I just don't know how to write the code myself. We already use smart-card based authentication extensively, e.g., workstation and web portals, so implementing the basics isn't an issue, it's just developing the webpage that enables the user to easily reset their password with just thier smart-card. Any help is greatly appreciated. Hi After verifying request and sign for user via the Smart Card Reade...

username and password validation using c#.net and mysql db
Hi ,   can any one help me on regarding username and password validation using c#.net and mysql db. here i have attached the code which i have did but while running it does not redirecting and displaying any informations   // CODE:protected void Validateuserinfo(string user, string pass) {con = new MySqlConnection(connstr); string str;str=("select * from login_table where username='" +TextBox1.Text + "' And Password='" + TextBox2.Text + "'");MySqlCommand cmd = new MySqlCommand(str, con); cmd.Parameters.Add(Tex...

How to use user/password authentication/security within users' public_html folders
Hello, I have NW5.1SP5.1.5 and Netware Enterprise Web Server 3.5.3 installed. Can I provide my account owners the ability to use user/password authentication/security within their public_html folders of their home directories ? Regards. Mustafa Cagatayli: > within their public_html folders of their home > directories ? > sure, go into the admin server, click the Restrict Access link, and remove PUBLIC_HTML from the list of public directory designations. Joe Moore Novell Support Connection Volunteer Sysop http://just.fdisk-it.com - Coming soon: &q...

Use custom username and password to protect WCF service without SSL/certificate
I have created a wcf service and at the moment have used message security. I dont have ssl available and dont want to use windows authentication so which to protect it using a custom username and password. I have followed the instructions at http://msdn.microsoft.com/en-us/library/aa702565.aspx. However, when i run the svcutil tool to generate the proxy classes and configs, i get the following error:"The service certificate is not provided. Please specify a service certificate in ServiceCredentials."I cannot use certificates and ssl as this is not an option in my setup. Furthermore...

Web resources about - Authentication using a client certificate OR a username / password - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 12/3/2015 2:36:53 PM