.net - ScriptManager Be Made To Work With The Windows FIPS Security Policy?

Feb 19, 2010

If you enable the "Use FIPS compliant algorithms for encryption, hashing, and signing" security policy option in Windows, attempting to use many of the cryptographic classes in the .NET Framework will result in an InvalidOperationException. By default, ASP.NET uses AES to encrypt the ViewState blob, so it fails. You can work around this by adding a key like this to web.config:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

And that covers you for basic ASP.NET use. My problem is this: I have a large, complex ASP.NET web applications that makes heavy use of ScriptManagers (the foundation of ASP.NET AJAX) and needs to be deployed by a government customer who must enable this FIPS policy setting. Any ASP.NET page with a ScriptManager on it throws this exception:

[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.SHA1Managed..ctor() +3607454
System.Security.Policy.Hash.get_SHA1() +45
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfoInternal(Assembly assembly) +85
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfo(Assembly assembly) +99
System.Web.Handlers.RuntimeScriptResourceHandler.GetScriptResourceUrlImpl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +525
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +910
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +193
System.Web.UI.ScriptReference.GetUrlFromName(ScriptManager scriptManager, IControl scriptManagerControl, Boolean zip) +306
System.Web.UI.ScriptManager.RegisterUniqueScripts(List`1 uniqueScripts) +169
System.Web.UI.ScriptManager.RegisterScripts() +407
System.Web.UI.ScriptManager.OnPagePreRenderComplete(Object sender, EventArgs e) +200
System.Web.UI.Page.OnPreRenderComplete(EventArgs e) +11041982
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3672

Even adding the <enforceFIPSPolicy enabled="false"/> element to web.config does not resolve the exception.

Is there any way to configure ASP.NET such that ScriptManager can be used with the Windows FIPS security policy?

View 3 Replies


Similar Messages:

ASPX Pages Fail Due To FIPS 140 Security Policy?

Mar 18, 2011

I am working on a government site and am having some problems with my local security policy interferring with my web application. There is a setting called "System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms" which is enabled on my server.

Since that has been enabled, most of my aspx pages are returning the error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." These pages aren't accessing any cryptographic methods. They do communicate with another database server, but that's it.

My problem is similar to the one described here. However, I don't have the option of disabling this FIPS security setting.

I am using .NET 4.0, IIS 7.0, and Windows Server 2008 R2, if that matters. Has anyone encountered this problem before?

Update

Unfortunately, correcting the machine key element to use a FIPS compliant algorithm did not completely solve my problem. I am still getting the error on alot of my pages.

I found two hotfixes which may be related. I will try to install these and see what happens.

SQL Server Reporting Services R2 hotfix ScriptManager Control hotfix

View 1 Replies

Web Forms :: This Implementation Is Not Part Of The Windows Platform FIPS Validated Cryptographic Algorithms?

Feb 25, 2011

Our asp.net 2.0 app encountered the following error:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.After adding the following in web.config -> <system.web> section:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

The error occurs in those pages that uses AJAX.

View 1 Replies

Web Forms :: Security Exception - Application Attempted To Perform Operation Not Allowed By Security Policy

Apr 2, 2013

Error: 

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.

View 1 Replies

C# - Code Access Security Policy - Deploying A Third Party Dll To Bin?

Oct 15, 2010

I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.

WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80in and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.

<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated
[code]....

But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.

Here is my custom policy file -

<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />[code]....

After i deployed the wsp i verified

* the dlls going to bin

* the trust level changed to custom trust level

* custom policy file being added to config folder

But when i run the page i get the following error -

screen shot -

Error -Execution Permission Denied

I've checked my entire application for any assembly references of the dll. But i was not able to find one.

View 1 Replies

System.Security.Policy.PolicyException: Required Permissions Cannot Be Acquired

Apr 6, 2010

when i run my application i got this error like...

Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.

View 1 Replies

Getting Exception / The Application Attempted To Perform An Operation Not Allowed By The Security Policy

Nov 10, 2010

i have an dll file which is data access layer of my application.

i am getting this exception while accessing databse

Description:

The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission contact your system administrator or change the application's trust level in the configuration file.

Exception Details:

System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

View 3 Replies

C# - Scriptmanager RegisterStartupScript Does Not Work On Callbacks

Feb 8, 2011

I am using a third party UI Library (devexpress) to implement some data grids. These grids work with Callbacks (not UpdatePanel partial Postbacks).

I am trying to use Scriptmanager RegisterStartupScript to execute some code on the client after the callback. This works great with partial postbacks but does not work with Callbacks.

Is there any way to queue client side code for execution inside the callback server side handler?

View 1 Replies

AJAX :: ScriptManager.RegisterClientScriptBlock Does Not Work

May 25, 2010

I am trying to show client side confirm messages

from a button click event within Update Panel.

I find that ScriptManager.RegisterClientScriptBlock does not work.

I need to get the response value i.e yes or no from the confirm msg

and if it is yes call another js function.

What is the best solution to the problem?

My call is:

[Code]....

View 6 Replies

AJAX :: Modal Popup Does Not Work With ScriptManager.RegisterStartupScript

Sep 20, 2010

I am using a masterpage that contains a javascript script (does not matter what it does) and on each page under that masterpage I am registering that script to run on page load. On the page under the masterpage, I am calling a modalpopupextender to display on a button click. Now, if I disable the register startupscript, the popup extender works fine, if I register the startup up script it does not

here is the script regster call

ScriptManager.RegisterStartupScript(Me, Me.GetType(), "addscript", "miscscript()", True)

I have also tried this

Page.ClientScript.RegisterStartupScript(Me.GetType(), "addScript", "miscscript()", True)

I had this working fine using the second example when using .net 4 and the Ajax toolkit for 4 but I am now having to rollback to 3.5 due to a vendor requirement.

Here is a little bit of extra info:

If I put the script in page and not in the masterpage and just run with a window.onload, both work fine, which is why I have figured that it must be something that I am doing with the registration of the script.

When I say it does not matter what I put as the sript, I mean, it can be a complex element property adjustment or a simple alert, nothing seems to work.

I have this script in the masterpage because the script is used on everypage of the website.

I am also using the modalpopextender.show() on button click instead of using the element that it is attached to being the launching element.

View 5 Replies

ScriptManager CompositeScript Doesn't Work With Javascript That Requires Querystring Parameter

Feb 9, 2010

I have a jQuery function in a .js file, and the function requires a querystring parameter to be passed. If I try to use the CompositeScript feature in the ScriptManager, it pukes on the file that has the querystring.

View 1 Replies

Security :: Custom Made Login Page With Session State?

Jan 6, 2011

I have a login ascx module that needs to handle logged in users.

I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.

Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.

Imports System.Data

View 3 Replies

SQL Reporting :: AllowPartiallyTrustedCallersAttribute Or RSClientController Undefined - Error "Type Microsoft.Reporting.RdlBuildProvider Cannot Be Instantiated Under A Partially Trusted Security Policy"

Feb 26, 2010

first of all: this probelm was already an issue in [URL] but it does not resolve my problem: I have VS2008 and SQL Server 2008 Express with Adv. Option istalled. When compiling a page with the reportviewer control I get the error Type 'Microsoft.Reporting.RdlBuildProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly). C:websitesadAgencyweb.config

From the obove mentioned post I learned to use <trust level="Full" /> in the web.config file (which I never used on other Implementations that work). Now the compilation works, but when I start the web application and call that page I get a lot of JScrip Errors like: Runtime error in Microsoft JScript: 'RSClientController' is undefined, which comes from a line in the dynamic page.aspx file: document.getElementById('ctl00_maincontent_ReportViewer1').ClientController = new RSClientController "ctl00_maincontent_ReportViewer1_ctl03", "ReportFramectl00_maincontent_ReportViewer1", ...

I should mention, that I had SQL Server 2005 Express uninstalled before the 2008 version.

View 1 Replies

Security :: Forms Authentication In Web.config / Access To Folder Be Made Via Login Form?

May 28, 2010

i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config

<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>

Then this to restrict folder

<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>

the problem is that when the user login with valid information the website return to the login form.

View 7 Replies

AJAX :: UserControl With ScriptManager And UpdatePanel, Some Pages With ScriptManager?

Feb 8, 2011

I have a user control with both an UpdatePanel and a ScriptManager.

Some pages in the system have a ScriptManager of their own, and need to include the UserControl.

This throws the "You can only have 1 ScriptManager" exception.

If I remove UserControl's ScriptManager, I'll get 'UpdatePanel1 requires a Script Manager" exception.

I've tried to modify the UserControl to dynamically include it's own script manager if none exists. But all the methods I've used before involve adding a delegate to Page.OnInit-- which won't work, since the UserControl Init fires first.

Because the system designers here like making my life difficult, I can't create a MasterPage, or a BasePage for the system in inherit off of. I'd be stuck going to each page an adding a ScriptManager before the UserControl on each of them. Is there any way of, in the UserControl, detecting if the page has a ScriptManager, and if not, adding it dynamically in a way that makes the UpdatePanel happy?

View 3 Replies

Security :: Avoid Windows Login Userid And Password Window When Use Windows Authentication Mode For Website

Dec 30, 2010

I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...

View 1 Replies

Security :: Setting Up Windows Authentication In Windows 2008 RC2?

Sep 8, 2010

We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution

View 3 Replies

Security :: Getting Windows Username Using Windows Authentication?

Sep 3, 2010

I am developing one intranet website. Being an intranet application, one of the requirement is to have a single sign on feature.

It means that the windows PC username (i.e the "ctrl + alt + delete" username) is going to be the username for the system.

How do i fetch that username?

I tried the following two ways which are working in debug mode but not on live site.

System.Security.Principal.IPrincipal user = System.Web.HttpContext.Current.User;
Response.Write(user.Identity.Name);
&
Response.Write(Request.ServerVariables["AUTH_USER"].ToString());

Both the above method works when i run the page from visual studio.

However when i run the page from IIS or any other server, it gives me a blank value

View 12 Replies

Dynamic Data Be Made To Work With Custom Business Objects Rather Than Data Objects?

Feb 24, 2010

I'm working on a project in which we have a database, data layer (entity framework), business layer and web/UI layer.I want to use ASP.NET Dynamic Data for the web layer, but don't want it to access the data layer or database, as I want it to be purely running off business logic, and not directly accessing the data.However, it appears that Dynamic Data only allows Linq-to-SQL or entity framework data sources to be used.Has anyone used it with business-layer objects instead?

View 1 Replies

Security :: Webservice Security And Windows Authentication - Invoke SSIS Packages From Web Service

Dec 15, 2010

I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.

View 1 Replies

Security :: Windows Authentication - Get Role Security In Web Config File To Coincide With Controls

Apr 6, 2010

We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?

View 5 Replies

Security :: 4 Security Via Windows Authentication - Restrict Access To Safe / UCantSeeMe.aspx

Aug 18, 2010

I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?

View 1 Replies

MVC :: 2.0 RTM Cannot Work With VWD 2008 Express On A New Windows 7 Pro?

Mar 16, 2010

The MVC 2.0 RTM works great on my old Vista machine with VWD 2008 Express, but I just bought a new computer with Windows 7 Pro, installed VWD 2008 Express SP1 and MVC 2.0 RTM by using Web PI 2.0. but after installation, I found the VWD doesn't have any MVC options, that means I can't either create new MVC projects or compile existing MVC projects.Why? What other steps I need to do to make it work?

I'm sure the MVC has been installed properly since my MVC site on the new computer works well (so the IIS side has no problem), just the VWD can't 'realize' that the MVC framework is already installed... (tried to uninstall and install many times, but won't work)

View 2 Replies

Websites Does Not Work In Windows Vista?

Feb 17, 2011

I have developed a website in asp.net webforms, I've tested this website in IE7, IE8, Ie9 (RC), Firefox, Chrome and Safari, in Windows XP and Windows 7. Everything works fine.

But in Internet Explorer in Windows Vista, does not working. The website opens in browser, but when the application needs a postback it does not work. I don't know why it is happening.

View 2 Replies

Access :: Get A Jet Provider To Work In Windows XP X64?

Jun 9, 2010

I feel certain this has been asked before, but while I can find a number of discussions related to Server 2003 x64 and the Jet 4.0 provider, none pop up for Windows XP x64 and the Jet provider.I need to work on a .Net application that uses Access databases. There's no changing data stores and no changing of the Operating Systems.How do I get a Jet provider to work in Windows XP x64?FOLLOW-UP: I solved this; it uses exactly the same steps as used for Server 2003 x64 PLUS (and this is missing even on MSDN) it requires an aspnet_regiis to register 32-bit asp.net.

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved