intranet interview questions
Top intranet frequently asked interview questions
I am developing an ASP.net web application for my company. Some users use this site in the internal network (Intranet) and some use the Internet site. I am using Windows Authentication mode.
I need to find a way to not prompt Windows Authentication mode for an Intranet user and prompt Windows Authentication mode for an Internet user.
How can I do this?
Source: (StackOverflow)
If you were designing a core business intranet app for a small business, and wanted it to be as responsive-feeling as possible, where the staff are indifferent to being stuck with a certain browser, would you design for Firefox, Chrome, or test more widely than you need to just to avoid lock-in? Are there other factors you'd consider before placing all your eggs in one browser basket or not?
For instance, does Chrome have any speed-related features that other browsers lack that would need Chrome to be targeted in a cross-browser-unfriendly way, and if it did, would it be worth designing around them?
Source: (StackOverflow)
By default IE8 forces intranet websites into compatibility mode. I tried changing the meta header to IE8, but it doesn't acknowledge the meta header and just uses the browser setting. Does anyone know how to disable this?
Source: (StackOverflow)
I use JDBC to connect to MySQL. When it’s at localhost:3306, everything is OK.
But when I move my application to another computer in the intranet, and use <Intranet-IP>:3306 to connect to the MySQL database, it takes about 1 minute to connect to MySQL successfully. What’s up with this?
Source: (StackOverflow)
I am building a intranet application using MVC3 with a MSSQL backend. I have authentication and roles (through a custom roles provider) working properly. What I am trying to do now is overriding User.Identity to allow for items like User.Identity.FirstName. But I cannot find any code that will show me how do this in WindowsIdentity
I have tried writing a custom provider:
public class CPrincipal : WindowsPrincipal
{
UserDAL userDAL = new UserDAL();
public CPrincipal(WindowsIdentity identity)
: base(identity)
{
userInfo = userDAL.GetUserProfile(identity.Name.Split('\\')[1]);
this.identity = identity;
}
public UserInfo userInfo { get; private set; }
public WindowsIdentity identity { get; private set; }
}
and overriding the WindowsAuthentication to populate the custom principal.
void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs e)
{
if (e.Identity != null && e.Identity.IsAuthenticated)
{
CPrincipal cPrincipal = new CPrincipal(e.Identity);
HttpContext.Current.User = cPrincipal;
}
}
I have a breakpoint in the authentication function and the principal is being populated; however, when I put a breakpoint in the controllers, the User is just its normal RolePrincipal, instead of my custom principal. What am I doing wrong?
EDIT:
I commented out the code above in the global.asax.
I have overridden the AuthorizeAttribute using C#:
public class CAuthorize : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
return false;
}
IIdentity user = httpContext.User.Identity;
CPrincipal cPrincipal = new CPrincipal(user);
httpContext.User = cPrincipal;
return true;
}
}
And adjusted my principal to the following:
public class CPrincipal : IPrincipal
{
private UserDAL userDAL = new UserDAL();
public CPrincipal(IIdentity identity)
{
userInfo = userDAL.GetUserProfile(identity.Name.Split('\\')[1]);
this.Identity = identity;
}
public UserInfo userInfo { get; private set; }
public IIdentity Identity { get; private set; }
public bool IsInRole(string role)
{
throw new NotImplementedException();
}
}
Now I when I put a breakpoint in, the watch shows the following in user:
- User
- [CSupport.Model.CPrincipal]
- Identity
Identity is accessable; however, it is still the WindowsIdentity
CPrincipal is only accessible in the watch and not accessible directly.
EDIT:
Thanks to everyone who contributed to this. You have greatly expanded my understanding of how the various parts work.
I got both ways to work, so I thought I would share.
Option 1: Override the Authorize Request in Global.asax
This is the one I am going with.
I did not use Application_AuthenticateRequest because (according to this: HttpContext.Current.User is null even though Windows Authentication is on) the user has not been populated in a Windows authentication process and thus there is nothing that I can use to go get the user information.
Application_AuthorizeRequest is the next in the chain and happens after the windows identity is brought in.
protected void Application_AuthorizeRequest(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
Context.User = new FBPrincipal(HttpContext.Current.User.Identity);
}
}
This is the override of the Principal
public class CPrincipal : IPrincipal
{
private UserDAL userDAL = new UserDAL();
public CPrincipal(IIdentity identity)
{
userInfo = userDAL.GetUserProfile(identity.Name.Split('\\')[1]);
this.Identity = identity;
}
public UserInfo userInfo { get; private set; }
public IIdentity Identity { get; private set; }
public bool IsInRole(string role)
{
return userDAL.IsUserInRole(userInfo.UserName, role);
}
}
This is how you access the updated info in the new Principal that was created.
[Authorize(Roles = "super admin")]
public ActionResult Dashboard()
{
string firstname = (User as CPrincipal).userInfo.FirstName; // <--
DashboardModel dModel = reportDAL.GetChartData();
return View(dModel);
}
Option 2: Override the AuthorizeAttribute
This is the overridden Principal (It is the same as above)
public class CPrincipal : IPrincipal
{
private UserDAL userDAL = new UserDAL();
public CPrincipal(IIdentity identity)
{
userInfo = userDAL.GetUserProfile(identity.Name.Split('\\')[1]);
this.Identity = identity;
}
public UserInfo userInfo { get; private set; }
public IIdentity Identity { get; private set; }
public bool IsInRole(string role)
{
return userDAL.IsUserInRole(userInfo.UserName, role);
}
}
Here is the override of the Authorize Attribute
public class CAuthorize : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
return false;
}
IIdentity user = httpContext.User.Identity;
CPrincipal cPrincipal = new CPrincipal(user);
httpContext.User = cPrincipal;
return true;
}
}
This is where you change which AuthorizeAttribute to use and utilizing the new information.
[CAuthorize(Roles = "super admin")] // <--
public ActionResult Dashboard()
{
string firstname = (User as CPrincipal).userInfo.FirstName; // <--
DashboardModel dModel = reportDAL.GetChartData();
return View(dModel);
}
Option 1 handles everthing globally, option 2 handles everything at an individual level.
Source: (StackOverflow)
I am trying to move images for my site from my host to Amazon S3 cloud hosting. These images are of client work sites and cannot be publicly available. I would like them to be displayed on my site preferably by using the PHP SDK available from Amazon.
So far I have been able to script for the conversion so that I look up records in my database, grab the file path, name it appropriately, and send it to Amazon.
//upload to s3
$s3->create_object($bucket, $folder.$file_name_new, array(
'fileUpload' => $file_temp,
'acl' => AmazonS3::ACL_PRIVATE, //access denied, grantee only own
//'acl' => AmazonS3::ACL_PUBLIC, //image displayed
//'acl' => AmazonS3::ACL_OPEN, //image displayed, grantee everyone has open permission
//'acl' => AmazonS3::ACL_AUTH_READ, //image not displayed, grantee auth users has open permissions
//'acl' => AmazonS3::ACL_OWNER_READ, //image not displayed, grantee only ryan
//'acl' => AmazonS3::ACL_OWNER_FULL_CONTROL, //image not displayed, grantee only ryan
'storage' => AmazonS3::STORAGE_REDUCED
)
);
Before I copy everything over, I have created a simple form to do test upload and display of the image. If I upload an image using ACL_PRIVATE, I can either grab the public url and I will not have access, or I can grab the public url with a temporary key and can display the image.
<?php
//display the image link
$temp_link = $s3->get_object_url($bucket, $folder.$file_name_new, '1 minute');
?>
<a rel='nofollow' href='<?php echo $temp_link; ?>'><?php echo $temp_link; ?></a><br />
<img src='<?php echo $temp_link; ?>' alt='finding image' /><br />
Using this method, how will my caching work? I'm guessing every time I refresh the page, or modify one of my records, I will be pulling that image again, increasing my get requests.
I have also considered using bucket policies to only allow image retrieval from certain referrers. Do I understand correctly that Amazon is supposed to only fetch requests from pages or domains I specify?
I referenced:
https://forums.aws.amazon.com/thread.jspa?messageID=188183𭼗 to set that up, but then am confused as to which security I need on my objects. It seemed like if I made them Private they still would not display, unless I used the temp link like mentioned previously. If I made them public, I could navigate to them directly, regardless of referrer.
Am I way off what I'm trying to do here? Is this not really supported by S3, or am I missing something simple? I have gone through the SDK documentation and lots of searching and feel like this should be a little more clearly documented so hopefully any input here can help others in this situation. I've read others who name the file with a unique ID, creating security through obscurity, but that won't cut it in my situation, and probably not best practice for anyone trying to be secure.
Source: (StackOverflow)
I've been tasked with development of an intranet interface for command line software, and now I'm researching security options. Our command line application is finished, but I haven't started writing the web interface. I don't know exactly what the security requirements are for potential customers, although I believe ssh is generally acceptable for the command line interface. With this in mind, I'm asking for help developing a menu of choices with their associated pros/cons. Some day, we may consider releasing our web interface to the internet, so I'm willing to consider more security than currently necessary if it's easy and/or free.
I've been doing a lot of reading, and my tentative conclusion is that SSL security with no certificate is the best approach, not because less security is unacceptable, but because SSL is the standard and because it doesn't appear to be difficult to set up. I, a security non-expert, wouldn't need to explain why less security is acceptable to security non-experts. I could upgrade my application to use a certificate in the future if necessary.
Here's a list of SSL related security choices, sorted by my perception of security level with my comments. What level of protection do I need?
No SSL. This might be acceptable if our customers aren't worried about their employees seeing/changing each others' data. Their employees might want to share results with each other anyway, and I could use IP based access control and/or passwords for security.
Do SSL with no certificate. This encrypts the communication, which at least protects the data from being read by unauthorized employees. Using a password, this is the same level of security as ssh on the command line, right? I don't need to worry about man-in-the-middle attacks in an intranet, right? A con for this approach would be if there were loads of browser warning messages.
Do SSL with a self-signed certificate. What does this give me that no certificate gives me? If the DNS can be changed inappropriately, then the customer then my application is the least of their concerns. Worded another way, if the DNS can change, then I think ssh would be vulnerable too.
Do SSL with a local Certificate Authority. OpenSSL lets me make my own Certificate Authority. What does this give me that a self-signed certificate does not? I'm assuming that on a LAN, it's less important for the server to be verified.
Do SSL with an external Certificate Authority. Is there ever a reason to go this route for an intranet? I found some "intranet certificates" for sale online -- but it's not clear what they're offering I can't do myself.
For reference, this page might be useful for comparing certificates:
http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#aboutcerts
[update]
Here's an article discussing the risks and rules of obtaining an internal certificate from a public CA.
Source: (StackOverflow)
I have an intranet site where we host files and forms.
When someone clicks on a link to a file on Internet Explorer it opens the file from a shared folder on the server so people who have permission can edit it and save changes. Other people have read only permissions.
If a person clicks on the link in a browser other than Internet Explorer it downloads the file instead of opening it from the shared folder.
Is there a way to have other browsers open the file from the shared folder instead of downloading it?
NOTE: I should clarify that in IE I use the file:// protocol and in other browsers I use http:// because file:// does not work.
Source: (StackOverflow)
I am supporting a .NET 4.0 (Visual Studio 2010) web application that authenticates to a SQL Server 2008 database which resides on my work intranet. The application authenticates to the database using windows authentication. Thats all fine and dandy if Im developing on my host, but I am developing on a virtual machine that is not on the work domain. Thus when the project build and runs, it throws a SqlClient.SqlException
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."
Short of developing on my host and abandoning the VM, what can I do to avoid this error and successfully authenticate to the database so I can build/run the web app? I am willing to store my credentials somewhere locally, though preferably not somewhere that would be under TFS source control (like the web.config) because I couldnt keep the file checked out since there are other developers on the project.
I have tried running Visual Studio as a different user (as the user on my work domain) but I get a "unknown user name or bad password" error.
Note, adding the Virtual Machine to the domain (or connecting to it via VPN) are not options. The VM must remain off the domain. Also note, the virtual machine is running on the computer that is on the domain, and the VM uses a shared connection. So it CAN access the intranet but it can't perform windows authentication to SQL Server.
Source: (StackOverflow)
This code below checks for the user's credentials against ldap
<?php
$ldaphost = "ldap.domain.com";
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = "johndoe@domain.com";
$upasswd = "pass";
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{print "Congratulations! $username is authenticated.";}
else
{print "Access Denied!";}
}
?>
My users use Firefox and IE, and I know that can pass their ActiveDirectory credentials seamlessly.
I just want to check the AD group to see if that username is found in there, if so, display the page, otherwise prompt to enter in credentials.
Since our users are already logged into the domain controller, I want to grab their username, check to see if it was found in the specific group, then let them in, otherwise prompt user to input credentials. How is this possible?
Source: (StackOverflow)
I never really got the chance to do anything with Microsoft ActiveX in all of my programming career. So, I have very little knowledge of what it is or what it is used for. Although I've searched on the Internet for answer, I found many different definition for ActiveX or ActiveX Container. One of my customer is asking for ActiveX Container for my software which I don't have. He wants view or take control of my software remotely through this ActiveX Container. Is this possible? Also, is ActiveX still around? I am trying to see if I can put this ActiveX container real quick for him to use.
I am assuming that ActiveX is used to expose some part of your software to the Internet or the Intranet. So, that the user can get access to your application remotely.
Any response will be greatly appreciated.
Thanks,
Source: (StackOverflow)
What are the differences in considerations in respect to designing or developing an Intranet and an Internet application ?
Source: (StackOverflow)
I have an intranet site that lets users open files in the browser (by prompting for download). One of these files is an .xlsx workbook that contains hyperlinks which point to different locations of files (.pdfs, .docs) on the file server in which the .xlsx workbook is located.
It seems the file server path to the workbook is replaced by a "Temporary Internet Files/Content.IE5/" path, leading to the warning "cannot open the specified file" in Excel.
I tried downloading the Excel document first and then following the links, but they're still opening in the temp internet location
EDIT:
For instance, when hovering over the hyperlinks in excel they read: "file:///C:\Documents And Settings\%username%\Local Settings\Temporary Internet files\Content.IE5\40WSS3CB\" + filename
when they should read: "file:///\servername\Departments\Read\" + filename
How can I still open the excel file in the browser and retain the hyperlinks inside and have them not be replaced by the temporary internet files path?
can someone point me in the right direction ? Thanks!
Source: (StackOverflow)
I need to choose a framework for a new project I will start from scratch. The application performance requirements are very low. It needs to allow fast development and enforce good development practices. The final application should be easy to deploy and handle well database migrations.
The application will handle most of the time simple CRUD operations for a specific domain. It needs to be very secure. In the long term I will need to certify it's security. I have experience programming in PHP and now I am working as a Java developer.
The language for the framework is not important as long as it meets the requirements stated above.
Source: (StackOverflow)
I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc.
Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
Source: (StackOverflow)