ASP 1.1 and ASP2.0

Incase you get one of the below errors on Windows 2000 IIS 5, check your ASP.NET Version of the IIS Application. It might have changed from 1.1 to 2.0. Switch it back to 1.1 and IISRESET to fix.

*************
Event code: 3005
Event message: An unhandled exception has occurred.
Exception information:
Exception type: ArgumentException
Exception message: Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.


***********

Event code: 3005
Event message: An unhandled exception has occurred.

Exception information:
Exception type: HttpException
Exception message: Response is not available in this context.

Stack trace: at System.Web.HttpApplication.get_Response()
at career_exp.Global.Session_End(Object sender, EventArgs e) in D:\inetpub\xxxxx\Global.asax.vb:line 56

***********


Event code: 3005
Event message: An unhandled exception has occurred.

Exception information:
Exception type: HttpException
Exception message: The IListSource does not contain a data source named 'dataSetMain'. Check your DataMember value.

Is authenticated: True
Authentication Type: NTLM
Is impersonating: False
Stack trace: at System.Web.UI.DataSourceHelper.GetResolvedDataSource(Object dataSource, String dataMember)
at System.Web.UI.WebControls.ReadOnlyDataSource.System.Web.UI.IDataSource.GetView(String viewName)
at System.Web.UI.WebControls.BaseDataList.ConnectToDataSourceView()
at System.Web.UI.WebControls.BaseDataList.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

***********

Siteminder SSO - NTLM - multi domain

Correct/Simple Procedure for successful NTLM authentication using Siteminder in multi domain scenario is to use a custom NTLM Auth Scheme.

Auth Scheme Type : Custom Template
Library : SmExtendedAuthNTLM
Parameter : a1|a2|a3;http://ntlm.a1.com/siteminderagent/ntlm/smntlm.ntc

- Cookie Provider is not required.
- instead of simple NTLM scheme use the above Custom Template to authenticate into multiple domains.

- my old post below also works but is not necessary for our scenario.

Siteminder - SSO between different trusted domains

- updated post above....!

a1.com & a2.net are 2 different companies. a1.com and a2.net merged/takeover.

- users in a2.net want to access application app.a1.com/main.html in a1.com using SSO.
- a1.com and a2.net have a trusted relation-ship.

- app.a1.com is protected by Siteminder using NTLM authentication scheme which gives users in a1.com the ability to SSO into the application aa.a1.com
- a2.net users cannot use the same NTLM auth website ntlm.a1.com because it can serve only one domain.

So we create a NTLM Website in ntlm.a2.net and protect it using the policy server in a1.com. Since both domains are trusted user can login into a2.net ntlm site and get a cookie for a2.net. but we require cookie for a1.com. CookieProvider comes to help here.

- if using anon access in ntlm.a2.net, make sure that the user is from the AD in a1.com.

Sequence Below

- User in A2.net tries to access app.a1.com/redirect.html.
- CookieProvider site in a1.com is also involved.
- app.a1.com redirects to ntlm.a2.net/redirect.html
- ntlm.a2.net is protected by ntlm auth scheme on ntlm.a2.net/siteminderagent/ntlm/smntlm.ntc.
- Since ntlm.a2.net server is in a2.net domain, user gets a2.net cookie.
- because of CookieProvider in a1.com is involved, a1.com cookie is also created.
- now user has both a1.com and a2.net cookies.
- after authentication ntlm.a2.net/redirect.html redirects to app.a1.com/main.html with cookie.

A very good speech by Hillary Clinton about Internet Freedom.

http://www.state.gov/secretary/rm/2010/01/135519.html

Good basic analysis of TCP/IP

Good analysis of TCP/IP Protocol

Two Factor Authentication (PhoneFactor) and Siteminder

Enterprises are protecting the most sensitive information using another authentication mechanism in addition to just username and password. I worked recently with PhoneFactor who is a vendor of a software that provides 2nd factor authentication.

We use CA Siteminder for our application security purposes. Integrating PhoneFactor with Siteminder looks easy but we took a little time to figure it out.

Test URL: http://finance.domain.com/SuperSecure
Phone Factor AD Group: PF_AD_Group

Requirement: When ever a user in PF_AD_Group tries to access http://finance.domain.com/SuperSecure, Siteminder should send authentication request (RADIUS) to PhoneFactor software. PhoneFactor should call user, match the voiceprint to complete the 2nd factor. For users who are not in PF_AD_Group, PhoneFactor does not need to perform 2nd factor authentication.

- Setup PhoneFactor to receive RADIUS auth requests from Siteminder

- In Siteminder
- Setup PhoneFactor_AS Authentication Scheme
RADIUS Server Template
RADIUS Server IPADDRESS
Port
SharedSecret

- Setup PhoneFactorLDAP_UD
SERVER: PhoneFactor Server

- For Domain finance.domain.com
Add userDirectory PhoneFactorLDAP_UD (use this directory for Authentication)
Add userDirectory LDAP_UD (use this directory for Authorization)

For realm /SuperSecure
Use PhoneFactor_AS as Authentication Scheme
in Advanced -> Directory Mapping -> Map PhoneFactorLDAP_UD & LDAP_UD to perform authentication and authorization respectively.

(If applications require authorization and mapping is set to default, then PhoneFactor will just authenticate and send back the response. Siteminder will reject access and give an error as TimedOut. Or sometimes PhoneFactor will continuously call the user.)

Siteminder webagent on Windows 2008 x64

For Windows 2008 R1 x64, the 64bit version of Siteminder Webagent does not work very well incase you want to protect apps with ASP.NET 1.1. I wasted too much time trouble shooting this and websites with ASP.NET 2.0 would work without any issue.

Siteminder ISAPI6webagent.DLL would not fire for ASP.NET 1.1 applications.


As a test, I installed Siteminder x32 bit Webagent on the 64bit server, the issue was resolved. ASP.NET 1.1 and 2.0 applications both worked.

Webagent used is available for download here.
-*ftp://ftp.ca.com/pub/SiteMinder/SMIIS/WebAgent/6.0SP5/CRs/cr-35/

Error 1606

Just got this error while I was trying to install a software on Windows 2008 x64 bit Server, and got the below error

"Error 1606. Could not access network location %SystemDrive%\inetpub\wwwroot\"

How to fix this?

modify both locations in registry using regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\PathWWWRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\InetStp\PathWWWRoot

modify appropriately
"%SystemDrive%\inetpub\wwwroot" to "D:\inetpub\wwwroot".