Posts filed under '.NET'
In many cases it is desirable to authenticate a ASP.NET web app using Windows Authentication. Allows you to avoid storing the username/password in clear text in the web.config file, and allows for the central management of accounts without the need to maintain SQL Server accounts.
Microsoft has some helpful instructions on how to accomplish all this for the .NET 2.0 framework. This article describes how to accomplish the configuration in .NET 2.0. The article also links to another article that describes how to create a service account for use with this type of authentication.
NOTE: All of this assumes that you want to use a single account for your web app and give that account access to the database. The application itself is responsible for authenticating users and making sure they have rights to perform all operations within your application. This is referred to as a trusted subsystem model. As such, the discussion below assumes that you are not using impersonation the users that are accessing your web app.
The same techniques can be applied to .NET 1.1 (and probably 1.0) ASP.NET apps. There are two ways to setup the Windows Authentication: using the Network Service account on your webserver (the easy way) and using a domain authenticated account specific for your application (the hard way).
Network Service Authentication
Starting with the Network Service account approach, you only need to do two things:
- Give the account access to your database via SQL Server Management studio (assuming SQL Server 2005; with 2000 you would use Enterprise Manager)
- Configure your connection string in your web.config file (or wherever you are storing it)
To configure SQL Server, create a new login with the login name:
Domain\WebServerName$
So my web server, Fozzie, on the Example domain would be Example\Fozzie$. Be sure to use Windows Authentication when you create the login, and be sure to map the login to the appropriate users on your desired database.
To configure your database connection string, use one of the equivalent options Trusted_Connection=Yes or Integrated_Security=SSPI. So your database connection strings would be of the form (stolen from Microsoft article):
Server=MyServer;Database=MyDb;Trusted_Connection=Yes;
or
Initial Catalog=MyDb;Data Source=MyServer;Integrated Security=SSPI;
The disadvantage of using the Network Service account to authenticate your application with SQL Server is that all web applications running on the same server will use the same account to authenticate, and thus will have access to each other’s databases. If this is not acceptable, the other option is to use a domain account for your web app.
Domain Account
Using a domain account to run your web application will give you more granular control of the application’s access to resources and will allow you to isolate different applications running on the same server. Configuring a web application to run as a domain account involves the following steps:
- Create a domain account for use with the application
- Give account access to database in SQL server
- Give account needed rights to run ASP.NET application
- Revoke right for account to log on locally to computers
- Create app pool in IIS that uses the domain account as its process identity
- Configure web application to use custom app pool
- (optional)Create service principal names (SPNs) for the domain account
June 12th, 2008
As someone who spends a great deal of time working with the issues surrounding dates and times, I always appreciate a good article on the topic. Marcelo has a good post regarding the differences in dates/times .NET developers should be aware of when working with JavaScript.
June 11th, 2008
In my seemingly never ending quest to understand how accurately represent dates and times worldwide, I found out that .NET does not support leap seconds. For those of you unfamiliar with the concept, “The Wikipedia” has a nice introduction. Basically UTC uses an atomic clock to keep time (read: accurate) and the rest of us use a spinning ball circling another spinning ball to keep time (read: inaccurate). The net result is we need to add or subtract a second here and there to keep things in line. This is in addition to that whole day we throw into the mix every four years or so.
Anywhoo, this forum question raises some valid questions, so I did a quick check on my own and the following code does indeed throw an exception when it shouldn’t:
DateTime foo = new DateTime(2005, 12, 31, 23, 59, 60, DateTimeKind.Utc);
The MSDN documentation is mum on the issue, so I think it’s safe to say that this wasn’t a consideration. It even specifically says that the second value will be on the range [0, 59]. This is just something to be aware of if you’re implementing a protocol that does support leap seconds, such as the iCalendar specification.
As an aside, this site is a good reference for all sorts of mistakes programmers make when working with dates & times.
April 13th, 2008
Took me a while to find a solution to this problem.
I checked out a project from Visual Source Safe (using the VS2005 client) to my local drive and tried to open the solution. The solution contained several projects, two of which were web projects. I had previously checked out the project to this computer, and IIS had virtual directories mapped to the old location. I changed the target of the virtual directories to my newly checked out location and figured that everything would be OK. No dice.
The problem was that Visual Studio claimed it couldn’t find the project files. The virtual directories were mapped correctly. Directory permissions were OK. Crazy.
After searching the web for a while I was able to locate something that works. To resolve the problem do the following:
- Check out the project from source control (get latest).
- Map virtual directories to correct locations.
- Delete the project files for the web projects on the local computer (the .csproj and the .vspscc files for a C# web project).
- Delete the solution preferences files (the .suo file). This only exists if you have previously tried to open the project locally.
- Launch Visual Studio and open the project.
Not exactly the most straight forward workaround. But is seems to work. Thankfully things seem a bit better in Visual Studio 2005.If I run into this problem again, I’ll record more specific error messages so Google will help locate the solution. I’ll also try to get some screenshots.
April 3rd, 2008
Turns out that you can’t query Exchange appointments for arbitrary date ranges. According to Patrick at Microsoft (appropriate since it’s St. Patrick’s day), you are limited to querying to a 2 year range if you are searching for on both start and end date. For example, the below query is not legal:
SELECT
"DAV:contentclass", "urn:schemas:calendar:dtstart",
"urn:schemas:calendar:dtend",
"http://schemas.microsoft.com/mapi/subject"
FROM
"https://mail.example.com/exchange/somemailbox/Calendar"
WHERE
"DAV:contentclass" = 'urn:content-classes:appointment'
AND
"urn:schemas:calendar:dtend" >= CAST(\"2008-03-18T20:03:21.312Z\" as 'dateTime')
AND
"urn:schemas:calendar:dtend" <= CAST(\"2028-03-18T20:03:21.312Z\" as 'dateTime') "
This doesn’t mean that queries can’t return more than two years worth of results, you just can used date ranges of more than two years. The resulting error is a (422) Unprocessable Entity. Other causes for this error are attempting to search on unsearchable fields.
March 18th, 2008
Does the following look like it should throw an exception?
Double.Parse(Double.MaxValue.ToString())
I didn’t think so either, but it turns out I was wrong. Double.MaxValue.ToString() yields 1.79769313486232E+308 when the actual maximum value of a Double is 1.7976931348623157E+308. Ok, we’ll shave off a few digits of precision with the default formatting and round up. Sure…Turns out you need to use the “roundtrip” option…sigh. Thanks to this reference.
Double.Parse(Double.MaxValue.ToString("R"))
January 28th, 2008
These questions/answers can be great when prepping for a .NET developer interview, or they can be a fun way to test your understanding of the platform. For the ones you don’t know, questions like these can help you find areas in which you should do some reading to help round out your understanding.
November 18th, 2007
Jean-Paul S. Boodhoo has some great articles regarding getting started with NAnt and how to structure your projects for maintainability and testability. Working in a .NET shop that’s using Source Safe, I’ve realized how you really need to pay attention to these things before the file structure of your code gets out of control and things get overlooked. Personally, I’ve sued ant before when I was doing work in Java, so this isn’t a big switch, but it’s still great to have a reference on best practices.
October 22nd, 2007
There has been a lot of buzz in the .NET community regarding F# and it’s becoming a first class language in .NET. Personally, I’m thrilled as F# is rooted in ML and OCaml. As soon as I get past my current project, I plan to spend some time taking F# for a test run.
October 22nd, 2007
Everyone knows the basic C# keywords, but some are more obscure. This article dives into some useful C# keywords that you may have yet to encounter.
October 10th, 2007
Previous Posts