Archive for the 'Security' Category

Windows 7 – Cannot Connect to Wireless Router

Several weeks back I purchased a new HP NetBook for my wife to use for school. I set everything up and it worked flawlessly … except for the wireless. I could not get a dynamic IP address from the router. It was late, so I plugged in a static IP address and forgot about it. That is, until my wife tried to use her NetBook with the static IP on another network.
Ooops.
I started looking around and saw this particular question asked many times, with no definitive answer. I am sure that there are several possible solutions to this problem, but here is what worked for me. I simply changed the wireless security authentication from “WPA-PSK and WPA2-PSK” to “WPA2-PSK.” The authentication on the router was not what windows was expecting.
AT&T Uverse Wireless Settings

AT&T Uverse Wireless Settings

Old Wireless Security Authentication

Old Wireless Security Authentication

New Wireless Security Authentication

New Wireless Security Authentication

~Ron

Advertisements

ASP.Net Hybrid Authentication

We are working on a large .Net website that will have users both on and off of our domain.

  • We want to use the ASP.Net Membership framework
  • We want Windows authentication for people on our network
  • All users will be required to have an account (If a windows user on our domain does not have and account (A generic log on ‘kiosk01’) they should receive the Forms logon page
  • We do not want people with Windows accounts to be able to log on outside of our domain. (An employee here should not be able to log on as an employee from home)

This was actually very easy to setup.

First we setup the website. It should have two folders for authentication.

image

The WebLogin folder should take the default security setting from the websites web.config

image

As you can see we are using Forms authentication for the whole site and setting the logon URL to the WinLogin folder.

We create an HTML file (401-2.htm) containing a redirect to the WebLogin page. This will handle the 401-2 access denied error thrown when a user who can’t authenticate because the are off the domain or don’t have a ASP.Net account.

image

(You may want to do your redirect with aspx and code behind instead of html, if you don’t want to hard code the redirect address)

The ‘Weblogin/Default.aspx’ page should be a aspx page with a standard or customized Asp.Net Login control.

In IIS the site level authentication should be set like this…

image

 

Now for the WinLogin folder only, we set the Authentication like this…

image

Right click WinLogin and edit its properties alone

Now while still on WinLogin properties set a custom error HTTP Error 401;2 pointing to the 401-2.htm file created earlier.

image

 

Now all that is left is to write the code for the users who where able to Authenticate to the WinLogin page.

image

Add what ever custom logic you want for your windows authentications.

As you can see we don’t need to do anything with the password. If this code is executing then the user has Authenticated and we are calling the FormsAuthentication.RedirectFromLoginPage method with just the username and the createPersistantCookie boolean variable alone. The call to the RedirectFromLoginPage method  is also actually logging the user in. This confused me at first.

If the asp.net user account is not found (as in our generic log on ‘domain\kiosk01’) the user will be directed to the forms logon.

Now you can create asp.net membership accounts for the domain users assigning them roles etc. Just make sure the user name includes the domain and userid, ‘mydomain\j.user.01’ You can create a randomly generated password for the membership account preventing the domain user from logging in without the Windows authentication. (You would also have to have logic to prevent these users from resetting there password.)

And that’s it. The best of both worlds without making things to complicated.

-ctrlShiftBryan