INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

login not working

login not working

(OP)
Hello,

We have a web app that uses a WCF service and uses Active Directories for authentication. We're have a problem with the login process which only occurs if the user enters the right username but wrong password. If this happens, the application just hangs in a state of limbo. It doesn't get through to the service.

On the application side, we have this:

public static bool Login(HttpContext context, string userID, string password)
{
...

LoginInfoSend loginInfoSend = new LoginInfoSend()
{
UserName = EncryptBase64(userID),
WebSession = EncryptBase64(context.Session.SessionID),
Password = password
};

string token = client.Login(loginInfoSend);

...
}

On the service side, we have this:

public string Login(LoginInfoSend loginData)
{
...
}

We can put break points in the service and log messages and these both work when the user enters the correct credential, when the user enters an incorrect username, but not when the user enters the correct user name but wrong password.

As we are using Active Directories, we figure IIS must be choking between the point when the application makes the call but before the service gets the call. Personally, I'm not even sure why Active Directories cares about what credentials I enter in since, as I understand it, it gets the credentials of the user who is currently logged into Windows automatically and uses that. I should be able to send anything into Login(), any list of arguments, just like I do with every other service call in the application, and it shouldn't make a difference to IIS. The only reason we're doing it this way is that we want two layers of authentication. We want IIS to authenticate with Active Directories, but we also want to authenticate against the username/password in our database (hence the reason we ask for credentials on the login page). But how does IIS know that the LoginInfoSend object contains the user's credentials and that the password is wrong when it is wrong?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close