.net - ScriptManager Be Made To Work With The Windows FIPS Security Policy?
Feb 19, 2010
If you enable the "Use FIPS compliant algorithms for encryption, hashing, and signing" security policy option in Windows, attempting to use many of the cryptographic classes in the .NET Framework will result in an InvalidOperationException. By default, ASP.NET uses AES to encrypt the ViewState blob, so it fails. You can work around this by adding a key like this to web.config:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
And that covers you for basic ASP.NET use. My problem is this: I have a large, complex ASP.NET web applications that makes heavy use of ScriptManagers (the foundation of ASP.NET AJAX) and needs to be deployed by a government customer who must enable this FIPS policy setting. Any ASP.NET page with a ScriptManager on it throws this exception:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.SHA1Managed..ctor() +3607454
System.Security.Policy.Hash.get_SHA1() +45
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfoInternal(Assembly assembly) +85
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfo(Assembly assembly) +99
System.Web.Handlers.RuntimeScriptResourceHandler.GetScriptResourceUrlImpl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +525
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +910
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +193
System.Web.UI.ScriptReference.GetUrlFromName(ScriptManager scriptManager, IControl scriptManagerControl, Boolean zip) +306
System.Web.UI.ScriptManager.RegisterUniqueScripts(List`1 uniqueScripts) +169
System.Web.UI.ScriptManager.RegisterScripts() +407
System.Web.UI.ScriptManager.OnPagePreRenderComplete(Object sender, EventArgs e) +200
System.Web.UI.Page.OnPreRenderComplete(EventArgs e) +11041982
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3672
Even adding the <enforceFIPSPolicy enabled="false"/> element to web.config does not resolve the exception.
Is there any way to configure ASP.NET such that ScriptManager can be used with the Windows FIPS security policy?
View 3 Replies
Similar Messages:
Mar 18, 2011
I am working on a government site and am having some problems with my local security policy interferring with my web application. There is a setting called "System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms" which is enabled on my server.
Since that has been enabled, most of my aspx pages are returning the error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." These pages aren't accessing any cryptographic methods. They do communicate with another database server, but that's it.
My problem is similar to the one described here. However, I don't have the option of disabling this FIPS security setting.
I am using .NET 4.0, IIS 7.0, and Windows Server 2008 R2, if that matters. Has anyone encountered this problem before?
Update
Unfortunately, correcting the machine key element to use a FIPS compliant algorithm did not completely solve my problem. I am still getting the error on alot of my pages.
I found two hotfixes which may be related. I will try to install these and see what happens.
SQL Server Reporting Services R2 hotfix ScriptManager Control hotfix
View 1 Replies
Feb 25, 2011
Our asp.net 2.0 app encountered the following error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.After adding the following in web.config -> <system.web> section:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
The error occurs in those pages that uses AJAX.
View 1 Replies
Apr 2, 2013
Error:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
Oct 15, 2010
I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.
WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80in and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.
<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated
[code]....
But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.
Here is my custom policy file -
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />[code]....
After i deployed the wsp i verified
* the dlls going to bin
* the trust level changed to custom trust level
* custom policy file being added to config folder
But when i run the page i get the following error -
screen shot -
Error -Execution Permission Denied
I've checked my entire application for any assembly references of the dll. But i was not able to find one.
View 1 Replies
Apr 6, 2010
when i run my application i got this error like...
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.
View 1 Replies
Nov 10, 2010
i have an dll file which is data access layer of my application.
i am getting this exception while accessing databse
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission contact your system administrator or change the application's trust level in the configuration file.
Exception Details:
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
View 3 Replies
Feb 8, 2011
I am using a third party UI Library (devexpress) to implement some data grids. These grids work with Callbacks (not UpdatePanel partial Postbacks).
I am trying to use Scriptmanager RegisterStartupScript to execute some code on the client after the callback. This works great with partial postbacks but does not work with Callbacks.
Is there any way to queue client side code for execution inside the callback server side handler?
View 1 Replies
May 25, 2010
I am trying to show client side confirm messages
from a button click event within Update Panel.
I find that ScriptManager.RegisterClientScriptBlock does not work.
I need to get the response value i.e yes or no from the confirm msg
and if it is yes call another js function.
What is the best solution to the problem?
My call is:
[Code]....
View 6 Replies
Sep 20, 2010
I am using a masterpage that contains a javascript script (does not matter what it does) and on each page under that masterpage I am registering that script to run on page load. On the page under the masterpage, I am calling a modalpopupextender to display on a button click. Now, if I disable the register startupscript, the popup extender works fine, if I register the startup up script it does not
here is the script regster call
ScriptManager.RegisterStartupScript(Me, Me.GetType(), "addscript", "miscscript()", True)
I have also tried this
Page.ClientScript.RegisterStartupScript(Me.GetType(), "addScript", "miscscript()", True)
I had this working fine using the second example when using .net 4 and the Ajax toolkit for 4 but I am now having to rollback to 3.5 due to a vendor requirement.
Here is a little bit of extra info:
If I put the script in page and not in the masterpage and just run with a window.onload, both work fine, which is why I have figured that it must be something that I am doing with the registration of the script.
When I say it does not matter what I put as the sript, I mean, it can be a complex element property adjustment or a simple alert, nothing seems to work.
I have this script in the masterpage because the script is used on everypage of the website.
I am also using the modalpopextender.show() on button click instead of using the element that it is attached to being the launching element.
View 5 Replies
Feb 9, 2010
I have a jQuery function in a .js file, and the function requires a querystring parameter to be passed. If I try to use the CompositeScript feature in the ScriptManager, it pukes on the file that has the querystring.
View 1 Replies
Jan 6, 2011
I have a login ascx module that needs to handle logged in users.
I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.
Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.
Imports System.Data
View 3 Replies
Feb 26, 2010
first of all: this probelm was already an issue in [URL] but it does not resolve my problem: I have VS2008 and SQL Server 2008 Express with Adv. Option istalled. When compiling a page with the reportviewer control I get the error Type 'Microsoft.Reporting.RdlBuildProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly). C:websitesadAgencyweb.config
From the obove mentioned post I learned to use <trust level="Full" /> in the web.config file (which I never used on other Implementations that work). Now the compilation works, but when I start the web application and call that page I get a lot of JScrip Errors like: Runtime error in Microsoft JScript: 'RSClientController' is undefined, which comes from a line in the dynamic page.aspx file: document.getElementById('ctl00_maincontent_ReportViewer1').ClientController = new RSClientController "ctl00_maincontent_ReportViewer1_ctl03", "ReportFramectl00_maincontent_ReportViewer1", ...
I should mention, that I had SQL Server 2005 Express uninstalled before the 2008 version.
View 1 Replies
May 28, 2010
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
View 7 Replies
Feb 8, 2011
I have a user control with both an UpdatePanel and a ScriptManager.
Some pages in the system have a ScriptManager of their own, and need to include the UserControl.
This throws the "You can only have 1 ScriptManager" exception.
If I remove UserControl's ScriptManager, I'll get 'UpdatePanel1 requires a Script Manager" exception.
I've tried to modify the UserControl to dynamically include it's own script manager if none exists. But all the methods I've used before involve adding a delegate to Page.OnInit-- which won't work, since the UserControl Init fires first.
Because the system designers here like making my life difficult, I can't create a MasterPage, or a BasePage for the system in inherit off of. I'd be stuck going to each page an adding a ScriptManager before the UserControl on each of them. Is there any way of, in the UserControl, detecting if the page has a ScriptManager, and if not, adding it dynamically in a way that makes the UpdatePanel happy?
View 3 Replies
Dec 30, 2010
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 Replies
Sep 8, 2010
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
View 3 Replies
Sep 3, 2010
I am developing one intranet website. Being an intranet application, one of the requirement is to have a single sign on feature.
It means that the windows PC username (i.e the "ctrl + alt + delete" username) is going to be the username for the system.
How do i fetch that username?
I tried the following two ways which are working in debug mode but not on live site.
System.Security.Principal.IPrincipal user = System.Web.HttpContext.Current.User;
Response.Write(user.Identity.Name);
&
Response.Write(Request.ServerVariables["AUTH_USER"].ToString());
Both the above method works when i run the page from visual studio.
However when i run the page from IIS or any other server, it gives me a blank value
View 12 Replies
Feb 24, 2010
I'm working on a project in which we have a database, data layer (entity framework), business layer and web/UI layer.I want to use ASP.NET Dynamic Data for the web layer, but don't want it to access the data layer or database, as I want it to be purely running off business logic, and not directly accessing the data.However, it appears that Dynamic Data only allows Linq-to-SQL or entity framework data sources to be used.Has anyone used it with business-layer objects instead?
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Mar 16, 2010
The MVC 2.0 RTM works great on my old Vista machine with VWD 2008 Express, but I just bought a new computer with Windows 7 Pro, installed VWD 2008 Express SP1 and MVC 2.0 RTM by using Web PI 2.0. but after installation, I found the VWD doesn't have any MVC options, that means I can't either create new MVC projects or compile existing MVC projects.Why? What other steps I need to do to make it work?
I'm sure the MVC has been installed properly since my MVC site on the new computer works well (so the IIS side has no problem), just the VWD can't 'realize' that the MVC framework is already installed... (tried to uninstall and install many times, but won't work)
View 2 Replies
Feb 17, 2011
I have developed a website in asp.net webforms, I've tested this website in IE7, IE8, Ie9 (RC), Firefox, Chrome and Safari, in Windows XP and Windows 7. Everything works fine.
But in Internet Explorer in Windows Vista, does not working. The website opens in browser, but when the application needs a postback it does not work. I don't know why it is happening.
View 2 Replies
Jun 9, 2010
I feel certain this has been asked before, but while I can find a number of discussions related to Server 2003 x64 and the Jet 4.0 provider, none pop up for Windows XP x64 and the Jet provider.I need to work on a .Net application that uses Access databases. There's no changing data stores and no changing of the Operating Systems.How do I get a Jet provider to work in Windows XP x64?FOLLOW-UP: I solved this; it uses exactly the same steps as used for Server 2003 x64 PLUS (and this is missing even on MSDN) it requires an aspnet_regiis to register 32-bit asp.net.
View 3 Replies