Secure WCF Operations Depending On The User For Authorization Means?

Jan 27, 2011

My scenario is a 3-Tier app where the data tier is a SQL Server database, the middle tier is a WCF application hosted in a Windows Service and finally the presentation is an Asp.Net MVC application.As usual, the middle tier is the one that performs all of the business logic. Access database, define business rules.. etc. BUT now here's question: How do you handle security in such a scenario? I mean, the user has to log in on the ASP.NET application, but I want to authenticate it not only in ASP but in the WCF middle tier as well, since a WCF service is supposed to be accessed by more apps.

I want the user to log in on the Asp.Net application and let WCF know the credentials as well. Is there some kind of session in WCF in which to specify a logged in user? How do pros handle security in this case? I know you can secure the WCF services with message security, but how do Asp.Net and WCF sync on a single logged user? I want to secure WCF operations depending on the user for authorization means.

View 2 Replies


Similar Messages:

Want To Disable Linkbutton Means Until Page Is Validated Means The Popup Should Not Be Displayed?

Aug 11, 2010

i am using validators for validation and on linkbutton i am diaplaying popup.my problem is i want to disable linkbutton means until page is validated means the popup should not be displayed till the page gets validated

<asp:LinkButton ID="LinkButton1" runat="server" CssClass="addProduct-disable" Enabled ="false"
Text="Assign Filter Criteria" CausesValidation="true"></asp:LinkButton>

View 2 Replies

Authorization - Why Does Authorization Boot The User To The Login Screen

Jun 28, 2010

When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.

Here's my Forms Authentication:

<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>

View 1 Replies

C# - How To Log User Operations For An Application

Sep 22, 2010

How can we log user operations for a asp.net application. Further what is the approach for saving the log data ?

View 3 Replies

Roles Authentication Works Using Authorization Attribute But Not Via Authorization In Web.config?

Mar 29, 2011

I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...

My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:

[Authorize(Roles="Administrators")]

However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:

[code]....

However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.

If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.

View 1 Replies

MVC :: Accessing Different Databases Depending On Logged In User?

Jan 14, 2010

I'm writing an application that will be accessed by different groups of users. I have one aspnetdb for logon; then depending on which group a user belongs to, I want to point them at a different 'content' database. Each user wants similar information, but unique to each group, so the schema of each database will be the same, but the content will be different. We're probably talking a dozen or so groups here.

What's the best way to achieve this? Would roles do? I could put each user into a specific role, group1, group2 etc, then check which role a user was in and use a connectionstring in the web.config file based on that. This seems like it would work, but it seems a bit of a cludge. A dozen or so connection strings doesn't seem too much of a problem, but it doesnt' really seem the correct use for roles.

View 7 Replies

Configuration :: Different Web.config Depending On User Logged In?

May 19, 2010

I've an application only used in my site, and I'm interested to put in production from a global scope and the same instance to all the sites.

The fastest solution I've in mind is to use the current database for each different site, as copy from current system and add/clean a new one when a new site will start using it.

For this purpose I though in a front database where to check the logged in user site and then, depending user configuration, access his own site database.

I'm using now a connection string called ConnectionString1 in all the controls/code-behind database access. Then, my trouble is how to make it configurable to point to a certain database with the same connection string name but different connection string value depending on the user who has logged in, in order to not modify the current code I did. The only work I must do is change LogIn page to select appropiate database to access.

web.config:

[Code]....

View 8 Replies

Security Tutorial 7 - User-based Authorization?

Nov 30, 2010

I am going through the Security Tutorials here on ASP.Net. I am currently working on the last part of the Membership - User-Based Authorization. The tutorial covers restricting access to specific pages or to directories using a second Web.Config file. I am running into a problem with the myLogin page DestinationPageURL. Here is what is happening: 1. When the website starts, the Login page opens. 2. If I log in with an existing user, I am sent to the Default.aspx page. That is what is in the yLogin.DestinationPageURL for the login page.

View 1 Replies

Web Forms :: Best Way To Change The Label Text Depending On The User?

Mar 31, 2010

Access to my application is controlled by user accounts. I would like my text labels to change within my pages depending on the user logged in. This needs to be easily managed.

What is the best way to achieve this? Would using the resources file work?

View 6 Replies

Web Forms :: Disable A Page Depending On A User Session?

Jun 30, 2010

I have a page that I need to disable, or re-direct to another page if a different type of user logs in.

The application has this page for one type of user but another type of user is not allowed access it.

How would you do this type of thing?

View 3 Replies

Security :: Redirecting User Depending On Group Membership?

Feb 15, 2010

I have two user groups set up in AD and Im "authorizing" against these in my web.config file :

[Code]....

What I need to do is redirect the user if they are a member of "CD" or "Individual".

View 2 Replies

Web Forms :: How To Get Local Time Of User Depending On His Country

May 7, 2015

Lets suppose my application is deployed on a server located in USA. Now if any client visits my website from anywhere and from any device e.g Mobile , iPad , Surface or Laptop. Now if i want to save his local time then what should i use ?

DateTime.Now;

or

TimeZone curTimeZone = TimeZone.CurrentTimeZone;
var yourTime = TimeZoneInfo.ConvertTime(DateTime.Now, TimeZoneInfo.Local, TimeZoneInfo.FindSystemTimeZoneById(curTimeZone.StandardName));

tell me the difference between both commands.

View 1 Replies

Security :: Authentication And Authorization Create User Control

Jan 27, 2011

I am using asp.net authentication and authorization with form authentication for my web application.

When I create a new user using asp.net create user control,the newly create user automatically gets logged in,the already logged users looses his session.

Don't know why this is happening.Is there some setting for this?

View 1 Replies

How To Configure User Authorization On Dynamically Created Resources In Web App

Mar 28, 2011

Suppose some users log in to my web app. They get authenticated (as something other than the anonymous user), so they can access any resource in the directory. The system.web/authorization section of web.config is set to deny access to anonymous users like this:

<system.web><authorization>
<deny users="?" />
</authorization></system.web>

Actually, from what I understand, this only protects files accessed through the ASP.NET system. If I drop a JPG file in there, it's accessible to everyone, without authentication/authorization. In order to ensure all files are protected, there's a different section for that:

<system.webServer><security><authorization>
<add accessType="Deny" users="?" />
</authorization></security><system.webServer>

Of course, now when someone attempts to access the JPG file, they don't get redirected to the login page. Instead, they get a nasty HTTP Error 401.2 - Unauthorized.

Now, suppose a user causes a file to be created on the server. How, in context of this elaborate Forms Authentication and Authorization scheme, do I ensure that only that user's web browser can access the file via it's URL? For example, must I modify the web.config file? If so, do I have to do this manually or can it be done through code? Will modifying it frequently cause the application to be interrupted/restarted?

View 2 Replies

How To Save And Use Persistent Information Depending On User Type Login

Jun 11, 2010

Iam building a website and i need to store somehow some informations that i will use in the whole site depending of the user type logged in.

Example:

1) User XPTO logs in

2) Query DataBase to see where he belongs

3) Store those 2 or 3 fields that i will get in Database in a persistent way to use it in the whole site.

Whats the best practices to do this?

View 4 Replies

Security :: Getting The Login Function To Redirect Depending On The User Logging In?

Oct 27, 2010

I am currently using the built in ASP login function... the destinationpageurl of that login function locates to "loginhome.aspx" for all users... but for one specific user ("Admin") it needs to link to "adminhome.aspx"... just wondering whats the best way to do this? Can I change the destinationpageurl of the login function depending on the user or creating an admin role so "If membershiprole = 'Admin' redirect to 'adminhome.aspx' End If" or can I just add some code behind the login function so "If User.login.Name = 'Admin' Then destinationpageurl = 'adminhome.aspx' End If" think I have already tried this on the login1_authenticate event but it didn't work

View 3 Replies

Save And Use Persistent Information Depending On User Type Login?

Jun 11, 2010

I´m building a website and i need to store somehow some informations that i will use in the whole site depending of the user type logged in.3) Store those 2 or 3 fields that i will get in Database in a persistent way to use it in the whole site.My question is: Whats the best practices to do this?

View 1 Replies

Secure Login With Additional Context Information Passed Through (which Also Needs To Be Secure)

Jul 13, 2010

My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).

My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.

My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?

View 1 Replies

HTTPS Doesn't Work - Secure And Non Secure Data On Web Page?

Oct 25, 2010

I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.

View 3 Replies

Security - Secure Way To Validate The User's Credentials Against AD?

Mar 1, 2010

In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?

View 3 Replies

Web Forms :: How To Control Visibility Of Menu Nodes Depending On User Role

Apr 16, 2010

I have a Menu control in MasterPage based on web.sitemap file. My website has roles enabled (AspNetWindowsTokenRoleProvider) and uses Windows authentication mode. So, user has to be in a specific Windows Group to be able to access the site. I need to allow some users to see all menu nodes and some restricted set of nodes. How do I do that?

I would like to be able to create, say following Windows groups:

domain_namemy_app_users
domain_namemy_app_superusers
domain_namemy_app_admins

and code sitemap nodes this way:

<siteMapNode url="~/MOC_Masterdata_MOC_Approvers_Plain.aspx" title="MOC Approvers" description="MOC Approvers" />

View 5 Replies

Security :: Secure Login From A Non Secure HTTP Page?

Oct 24, 2010

I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.

I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.

I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0

I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.

View 3 Replies

Security :: How To Secure Site From Multiple Logins Of Same User Id

Apr 8, 2010

Requirment is to stop more than one user to login at a time using same user id.I am storeing user id in session. I searched the internet and found some ways but somehow they do not work in these situations:If javascript in brower is turned off. If user do not click logout and directly close brower.

View 3 Replies

Security :: User.Identity.Name.ToString() Is This Secure And How To Store It

Feb 10, 2010

I have created an asp.net site with anonymous access turned off. Its for an internal (intranet) system which uses User.Identity.Name.ToString() to get the users login windows ID and then displays some records from a datagrid depending on their login ID. Is this secure? Also i am struggling to workout how best to store the result of User.Identity.Name.ToString() as I am not keen on storing it in a hidden text field and would rather not call it all the time unless this is the best way?

View 3 Replies

Web Forms :: Wondering What The Syntax Of This CSS Means

Nov 2, 2010

I have an asp TreeView that has images associated with each node. I am using this CSS that I found on the web to create spacing between the image and the node text:

[Code]....

It works fine, the thing I am struggling with understanding is the " img" part of the style declaration. What is that? It seems apparent that the style pertains to the image portion of a TreeView... How do I know what values can be there? I.E. Is ".TreeView node" valid?

View 5 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved