I am trying to create my own custom login screen to use instead of the windows authentication popup window. I have already gotten a lot of help from you guys (thanks, Bruce!), but I now have a strange error that confuses me.
I was told that I should use PrincipleContext to validate my credentials and then create an identity for .net core security. I don't quite understand what that means, and there isn't any documentation on "creating" an identity. How do I do that?
I tried to figure this out on my own, and figured I needed to use SignInManager to do that. However, when executing `_signInManager.PasswordSignInAsync` in my app, my app displays this error:
Cannot open database "WebApp_Redesign" requested by the login. The login failed.
Login failed for user 'domain\username'
So does this error indicate that I cannot log into my windows account this way, or is there a step I need to do before I attempt to sign in? My full code is below. I simply post my form with the username and password to this controller class.
private readonly UserManager<WebApp_RedesignUser> _userManager;
. . .
public async Task<ActionResult> UserLoginAsync(LoginModel user)
{
if (user != null)
{
var result = await _signInManager.PasswordSignInAsync(user.username, user.password, isPersistent: false, lockoutOnFailure: false);
if (result.Succeeded)
{
return RedirectToAction("Index");
}
}
}
Accroding to your description,as far as I think,you could do this:
1.Create a Web app with authentication
2.Apply migrations
3.Test Register and Login
4.View the Identity database
5.Configure Identity services
6.Examine Register
7.Log in
MarcusAtMars
Cannot open database "WebApp_Redesign" requested by the login. The login failed.
Login failed for user 'domain\username'
Basically to resolve this we need to have some set up like
1.Web App Running under ApplicationPoolIdentity
2.Web Application connecting to databases through ADO.Net using Windows Authentication in the connection string.
I think,you could do this:
1.Click on Application Pools
2.Select Name of your application
3.Go to Advanced Setting
4.Expand Process Model and click Identity. Click three dot on right end.
5.Click Set... button and Provide your domain log in credentials
.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
I thought about that, mgebhard. Is cookie authentication secure in .net core mvc? This is a production app and I don't want someone to be able to forge a cookie and break in.
Also, will cookie auth allow the user's username to be access on a razor page via `UserManager.GetUserName(User)`? I have a view that looks like this:
yij sun, is this how windows authentication does it? With windows, all I need to do is turn on windows auth and when I run my app. I just give it my username and password. All the authentication works. I just want my own login screen, but the same authentication
that windows auth gives me.
I thought about that, mgebhard. Is cookie authentication secure in .net core mvc? This is a production app and I don't want someone to be able to forge a cookie and break in.
Come on man! Identity uses the same cookie! The cookie contains a token which is just an encrypted string that has claims related to the user. the lined doc covers this...
MarcusAtMars
Also, will cookie auth allow the user's username to be access on a razor page via `UserManager.GetUserName(User)`? I have a view that looks like this:
Well, no. The UserManager is an Identity API. You'll need to install Identity into you project is you wish to use Identity. From my perspective, you do not need Identity because you are authenticating with Windows atypically. You still need to persist
authentication. Cookie auth does not care about the authentication source. That's why you can use it without Identity as the link explains,
Use Identity if you need to manage roles but you should uses Identity's external login feature if you go this route.
Anyway, the official docs cover everything you need.
Haha, thanks, mgebhard! I'm still really new to .net so a lot of this is still foreign to me.
mgebhard
Well, no. The UserManager is an Identity API. You'll need to install Identity into you project is you wish to use Identity. From my perspective, you do not need Identity because you are authenticating with Windows atypically. You still need to persist
authentication. Cookie auth does not care about the authentication source. That's why you can use it without Identity as the link explains,
Use Identity if you need to manage roles but you should uses Identity's external login feature if you go this route.
Anyway, the official docs cover everything you need.
I've gone through the docs, and a lot of the the code in my post is from the docs, but it doesn't seem to work. Where in the docs do you recommend I can find the answers to my problem?
Or is there a way I can at least 'simulate' identity's UserManager? Like passing the user's name to the page with local storage or something better?
The linked doc has sample code that you can download and run. I recommend downloading the code and playing around. You should be able to integrate the Windows auth code you have rather easily. Anyway, at least this will give us a standard starting point
of you have trouble.
The key point to understand is the authentication cookie middleware knows how to read the cookie on each request and build the Principal from the contents of the cookie. All you have to do is authenticate the user then populate the cookie.
You are in total control of what information goes into the cookie. You can even add extra data about the user referred to as claims. You'll see this in the example code.
Anyway, once you have created the auth cookie all the MVC/Razor Pages security features light up. You are good to go.
This is not to be confused with Identity. Identity is a framework for managing user accounts. It comes with sample pages, APIs for managing accounts like the UserManager, and a SQL database to persist user accounts.
Thanks for you help, mgebhard. I got everything working, but security does still concern me. Doing it without identity creates a cookie, and you say that identity uses the same cookie (I also found in the docs where it states that, too). However, what is
stopping someone from hijacking the session or spoofing the cookie? Can't the cookie also be copied and used again?
Security has to be top-notch with this app, and I just want the absolute best security .net core offers.
Thanks for you help, mgebhard. I got everything working, but security does still concern me. Doing it without identity creates a cookie, and you say that identity uses the same cookie (I also found in the docs where it states that, too).
That's because it's true. Keep in mind, the source code is open.
MarcusAtMars
However, what is stopping someone from hijacking the session or spoofing the cookie?
Cookies are part of the HTTP header. If a nefarious actor is able to hijack an auth cookie or Session, that's means the code or network has security vulnerabilities. It has nothing to do with using cookies.
MarcusAtMars
Security has to be top-notch with this app, and I just want the absolute best security .net core offers.
And every developer's goal. .NET Core does its best to protect applications and it has lots of security APIs but it is up to you to use the tools effectively. It is also up to you to understand the many vulnerabilities in web applications so you can mitigate
the vulnerabilities.
Member
9 Points
65 Posts
SqlException: Cannot open database when using SignInManager
Jul 25, 2020 11:42 PM|MarcusAtMars|LINK
I am trying to create my own custom login screen to use instead of the windows authentication popup window. I have already gotten a lot of help from you guys (thanks, Bruce!), but I now have a strange error that confuses me.
I was told that I should use PrincipleContext to validate my credentials and then create an identity for .net core security. I don't quite understand what that means, and there isn't any documentation on "creating" an identity. How do I do that?
I tried to figure this out on my own, and figured I needed to use SignInManager to do that. However, when executing `_signInManager.PasswordSignInAsync` in my app, my app displays this error:
So does this error indicate that I cannot log into my windows account this way, or is there a step I need to do before I attempt to sign in? My full code is below. I simply post my form with the username and password to this controller class.
private readonly UserManager<WebApp_RedesignUser> _userManager; . . . public async Task<ActionResult> UserLoginAsync(LoginModel user) { if (user != null) { var result = await _signInManager.PasswordSignInAsync(user.username, user.password, isPersistent: false, lockoutOnFailure: false); if (result.Succeeded) { return RedirectToAction("Index"); } } }Contributor
3730 Points
1412 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 08:41 AM|yij sun|LINK
Hi MarcusAtMars,
Accroding to your description,as far as I think,you could do this:
1.Create a Web app with authentication
2.Apply migrations
3.Test Register and Login
4.View the Identity database
5.Configure Identity services
6.Examine Register
7.Log in
Basically to resolve this we need to have some set up like
1.Web App Running under ApplicationPoolIdentity
2.Web Application connecting to databases through ADO.Net using Windows Authentication in the connection string.
I think,you could do this:
1.Click on Application Pools
2.Select Name of your application
3.Go to Advanced Setting
4.Expand Process Model and click Identity. Click three dot on right end.
5.Click Set... button and Provide your domain log in credentials
More details,you could refer to below article:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-3.1&tabs=visual-studio
Best regards,
Yijing Sun
All-Star
53001 Points
23587 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 10:59 AM|mgebhard|LINK
Implementing Cookie Authentication without Identity might be an option.
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-3.1
Pretty simple. Create the cookie of the user authenticates. This will get the [Authorize] attributes working.
Member
9 Points
65 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 01:46 PM|MarcusAtMars|LINK
I thought about that, mgebhard. Is cookie authentication secure in .net core mvc? This is a production app and I don't want someone to be able to forge a cookie and break in.
Also, will cookie auth allow the user's username to be access on a razor page via `UserManager.GetUserName(User)`? I have a view that looks like this:
@using Microsoft.AspNetCore.Identity @inject SignInManager<. . .> SignInManager @inject UserManager<. . .> UserManager <ul class="navbar-nav"> @if (User.Identity.IsAuthenticated) { <li class="nav-item"> <a id="manage" class="nav-link text-dark" title="Manage">Hello @UserManager.GetUserName(User)!</a> </li> } </ul>Member
9 Points
65 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 01:57 PM|MarcusAtMars|LINK
yij sun, is this how windows authentication does it? With windows, all I need to do is turn on windows auth and when I run my app. I just give it my username and password. All the authentication works. I just want my own login screen, but the same authentication that windows auth gives me.
All-Star
53001 Points
23587 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 02:40 PM|mgebhard|LINK
Come on man! Identity uses the same cookie! The cookie contains a token which is just an encrypted string that has claims related to the user. the lined doc covers this...
Well, no. The UserManager is an Identity API. You'll need to install Identity into you project is you wish to use Identity. From my perspective, you do not need Identity because you are authenticating with Windows atypically. You still need to persist authentication. Cookie auth does not care about the authentication source. That's why you can use it without Identity as the link explains,
Use Identity if you need to manage roles but you should uses Identity's external login feature if you go this route.
Anyway, the official docs cover everything you need.
Member
9 Points
65 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 03:31 PM|MarcusAtMars|LINK
Haha, thanks, mgebhard! I'm still really new to .net so a lot of this is still foreign to me.
I've gone through the docs, and a lot of the the code in my post is from the docs, but it doesn't seem to work. Where in the docs do you recommend I can find the answers to my problem?
Or is there a way I can at least 'simulate' identity's UserManager? Like passing the user's name to the page with local storage or something better?
All-Star
53001 Points
23587 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 27, 2020 06:03 PM|mgebhard|LINK
The username is available on the next request after creating the authentication cookie; https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-3.1
The linked doc has sample code that you can download and run. I recommend downloading the code and playing around. You should be able to integrate the Windows auth code you have rather easily. Anyway, at least this will give us a standard starting point of you have trouble.
The key point to understand is the authentication cookie middleware knows how to read the cookie on each request and build the Principal from the contents of the cookie. All you have to do is authenticate the user then populate the cookie.
You are in total control of what information goes into the cookie. You can even add extra data about the user referred to as claims. You'll see this in the example code.
Anyway, once you have created the auth cookie all the MVC/Razor Pages security features light up. You are good to go.
This is not to be confused with Identity. Identity is a framework for managing user accounts. It comes with sample pages, APIs for managing accounts like the UserManager, and a SQL database to persist user accounts.
Member
9 Points
65 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 28, 2020 01:59 PM|MarcusAtMars|LINK
Thanks for you help, mgebhard. I got everything working, but security does still concern me. Doing it without identity creates a cookie, and you say that identity uses the same cookie (I also found in the docs where it states that, too). However, what is stopping someone from hijacking the session or spoofing the cookie? Can't the cookie also be copied and used again?
Security has to be top-notch with this app, and I just want the absolute best security .net core offers.
All-Star
53001 Points
23587 Posts
Re: SqlException: Cannot open database when using SignInManager
Jul 28, 2020 02:43 PM|mgebhard|LINK
That's because it's true. Keep in mind, the source code is open.
Cookies are part of the HTTP header. If a nefarious actor is able to hijack an auth cookie or Session, that's means the code or network has security vulnerabilities. It has nothing to do with using cookies.
And every developer's goal. .NET Core does its best to protect applications and it has lots of security APIs but it is up to you to use the tools effectively. It is also up to you to understand the many vulnerabilities in web applications so you can mitigate the vulnerabilities.