AJAX :: Forms Authentication To Prevent Methods Access
Nov 24, 2010
I am building a sort of administration control panel which is basically just giving the end user the ability to manage the database through my app rather than knowing Management Studio. Creating lists of users, creating events that the users can attend etc, nothing too complex. So I am basically building the whole thing using JQuery AJAX with ASP.Net to make the DB connection and what not. My Jquery code just calls a different static method in my pages code behind for each different task, passing JSON back and forth.
From what I've seen results-wise so far, my interfaces are much quicker (almost instant) and even tasks on the server take less time to return through JQuery. But if you looked at my javascript code, you can see the "Page.aspxMyMethod". That means that people can access my methods just by sending a request from anywhere? Will forms authentication prevent this because it goes through an aspx page or what?
View 2 Replies
Similar Messages:
Jul 19, 2010
I have set up the Auto complete control and the web service to populate it, this web service resides within the project that uses it, it works fine on my machine (if I had a nickel for every time I heard that from a developer...) , but when I install it on Dev, the site asks for authentication, then when I select the tab with the textbox that has the Auto Complete control, it asks me for authentication again. If I remove the Auto Complete control, it no longer asks me. The funny thing is, I can enter authentication info OR just click cancel and the web service works fine.
In the IIS site on Dev and in the Web config, I have turned off authentication (in IIS I use anonymous and in the Web.config, I set it to "none") My development machine is in a domain, for some reason beyond my control, both Dev and Prod are not in a domain; both Dev and Prod machines are Server 2008. how to prevent this authentication form from showing???
View 4 Replies
Jun 7, 2010
We are developing a web app that will have a pretty complex user and permission system. The general idea is that we have 3 levels of security:
a simple user - that can only access basic data that is in a data repository
a manager - that can open up data repositories
a superuser - that can open up repository factories.
Each repository contains various data types(text, images, etc etc). We are looking for authentication methods that will allow us:
1. Scalability.
2. Customization.
3. To create permissions that will effect the GUI + deny access to certain pages.
4. To create predefined roles - that will allow for easy setup of new users.
5. To create custom roles for specific users - allowing them permission sets that are different from the predefined roles.
View 4 Replies
Mar 4, 2010
I'm in a project where it's pretty much my first time doing all the architecture myself, and I'm running into a frustrating situation. My architecture for forms seems to be correct from a heuristic perspective, but I don't think its implementation is correct.
Base Class: OrderForm
Child Classes: PurchaseOrder, Invoice, Credit
Child Class of PurchaseOrder: StockingOrder
Architecturally this makes sense (to me) because all the child classes are OrderForms ("is a") and a Stocking Order "is a" Purchase Order, just a special kind.
View 4 Replies
Jan 14, 2010
I'm building a new ASP.NET MVC application (in C#) and one of the requirements is to create a new database of members. For this, we'd need roles to manage the different types of members and profiles to manage the additional metadata attached to each member. So far so good, just use the standard MembershipProvider, RoleProvider and ProfileProvider provided as part of the .NET Framework.
However, the catch is that I'd like to allow different authentication methods. I'd like Accounts and Login Credentials to have a one-to-many relationship (one account can have a number of login credentials attached). A user for example, might have both an OpenID and ActiveDirectory account attached to their account.
However, after experimenting with a few ways we opted for the MembershipProvider route (explained how it was achieved as an answer below).
It appears to be something that is achieved on quite a number of sites, yet a search on here doesn't return anything solid to play around with.
EDIT: After looking around for a good period of hours overnight and this morning - I'm still not convincinced that butchering a single MembershipProvider would have been the easiest option. Does having multiple MembershipProviders give the same effect?
BOUNTY EDIT: With no responses, I am assuming that there is no more optimal solution that the one I posted as an answer. Is this really the case? I'm offering a bounty to try and see if anyone has any further thoughts on this and whether there are better alternatives.
BOUNTY ACCEPT EDIT: I think that WIF is the answer as accepted below, for a .NET 4 release and maybe other versions as it probably works with 3.5. Other than that, maybe a butchered MembershipProvider or adapted one may still be relevant.
View 4 Replies
Dec 20, 2010
I am new to ASP.NET development and moreover I am only extending an existing application which i did not create.
I have a working ASP.NET application which uses "Forms authentication" throughout all its pages. I have added a new webservice in a subfolder "webservicesDummy.asmx". This webservice works fine but because it should be called by an external application which can't authenticate through a form, i need to enable "Integrated Windows Authentication (Basic Authentication or Digest Authentication)" ONLY for the subfolder "webservices".
I tried to configure it in IIS but it did not work. So that i can set a different authentication method i have to create the folder "webservices" as an "Application". But if i do so then my function stops working with the error "Could not create type 'Dummy'."
Is it possible to have one web application and to authentication methods ? If yes how is it configured in IIS ?
Or what would be the better way if i need ONLY one page (webservice) to use a different authentication then the rest of my application.
PS: I use Windows 2008 Server and the app runs on .NET Framwork 2.0
View 1 Replies
Sep 15, 2010
I write a simple static method in my web page. How can i access session["id"] into method? I dont have access.For example:
public static void myFunc()
{
Session["id"]= 100;
}
View 2 Replies
Sep 9, 2010
I have a a public method in my code behind on the site.master page
[Code]....
I wish to call applyUserRole() from Default.aspx
On Default.aspx I have ..
[Code]....
[Code]....
Master. the method is not appearing. I've seen other post where people are having this issue but I can't find an answer.
View 11 Replies
Oct 4, 2010
How to access the page controls in Static methods.
View 2 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Apr 15, 2010
'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
View 2 Replies
Nov 12, 2010
In ASP.NET, is there any reason not to make a set of functions that Add/Remove/Get from the Cache object Static?Get() - just gets the item, no reason not to be staticAdd(), Remove() - I've read that adding/deleting into the cache has it's own internal locking mechanism, so they can be static without me creating my own lock(){} wrapping.
View 1 Replies
Oct 14, 2010
I have a web site project using the .NET 2.0 Framework that I am working on in Visual Studio 2008. I am using a third-party DLL in my project. I have added a reference to the DLL in my project and I can use everything as expected, including a number of extension methods for certain objects. Intellisense sees these extension methods, and I am able to make use of them and I can build my project on my local machine without any errors.
However, when running my website on a production server, I get a Compilation Error saying that the extension method I am trying to use could not be found. I can use everything else in the DLL besides the extension methods on the production server.
This is my first exposure to extension methods and understand what they are, but I can't seem to figure out why I can't make use of these methods outside of my local machine.
View 2 Replies
Jul 23, 2010
public class CacheHelper { /// <summary> /// Removes object with the specified key. /// </summary> /// <param name="key">The key.</param> [code]....
I have this methods for caching..I need to change this methods to use in aDictionary<string,object>
How do I need to change this code Because I am new to asp.net I am still learning..
View 12 Replies
Feb 4, 2011
I am developing a web application, which has Data Access Layer and this layer has only one class, in which all methods are static methods like static Insert, static Update, static Search. It has no properties. I am using these methods in my Bussiness Logic class for my users who are visiting my website.Now my question is : 1. Is it right to use static methods in this scenario ?2. What will happen if 10 users call Insert method at the same time ?
View 3 Replies
Nov 15, 2010
I have created a table adapter in DAL. I have created a gridview in the page and want to fill the gridview with a table data by calling a method. My table has 11 columns but i want to display only 2 columns of the table. My getSong() method has a query as Select title, category from Muisc. But it diaplyas all columns with no data except title and category and the autoincrement primary key column with negative values. The pic is given below. How can i solve it?
View 2 Replies
Mar 2, 2010
I am seriously at a loss here. The three things that will not change in this project are the fact that we are using the Entity Framework to do our data access, the fact that we want thorough unit testing and that our UI is asp.net. My question is how the hell do you make this work in Asp.net? E.g. You can use an ObjectDataSource to connect a method to a control, but if this control is a FormView you have all these problems [URL] to deal with and it simply doesn't work.
Furthermore, with grids, you don't get paging or sorting out of the box unless you use an EntityDataSource which basically circumvents your entire application. I can't be the only person who cries at this. What do you do?
View 1 Replies
Dec 8, 2010
i have added a service reference but i am unable to access the methods, there is a method call "GetContactById" which i can see when i add the service but i am unsure how i can get to this in code. i have tried creating an instance first but i get this error
Error 116 Core.omnetService.OMWCoreSoap' is a 'type', which is not valid in the given context
omnetService.OMWCoreSoap test = omnetService.OMWCoreSoap();
test.GetContactById(strKey, UserId.ToString());
what is the best way to solve this?
View 4 Replies
Nov 29, 2010
I'm using ASP.NET with VB, and .NET version 3.5. In the project, I've got some utility functions that I call from expressions in the aspx pages and also in code behind. This all works fine on my local machine, but when I deploy to the production server, I get this compilation error on each of those utility methods:
BC30456: 'XXX' is not a member of 'String'.
where XXX is an extension method defined on System.String. I'm baffled about this for a number of reasons:
Why is ASP.NET compiling anything at all, since I've precompiled the application and put everything in the bin directory. ASP.NET knows the functions are there because they work in code behind. It's only when used in the aspx page that I have this problem. (e.g. if I do something like this: <%= "A string to XXX-ify".XXX())%>) This method is public, which I verified with Reflector. I imported the relevant namespaces in the web.config file, and I can see that these namespaces are being imported in the call that ASP.NET makes to the compiler.
View 1 Replies
Apr 26, 2010
I'm developing a web site, and i'm using infragistics for web, but I want to use in some pages silverlight controls (Infragistics too). Is there a way to access a silverlight control's properties and methods from an aspx page?
View 3 Replies
Mar 30, 2010
I have lot of methids in my mastre page how do i use them in my User control? I dont want to copy paste the code
View 2 Replies
Oct 27, 2010
I'm not getting much help from the security group so I'm goign to post it here.Basically, I like to use Integrated Windows authentication so that I can authenticate all users who are at my company to access my web application in the browser. Each user resides on different domains and some are on the same.
So in order to authenticate them, the first thing I would do is to add them to my web root's security tab? I assume this is the virtual directory folder of which the web application (default.aspx, etc.) runs on the Windows 2003 web server? So I give each user a read security permission to access the folder? (which would mean that they can then access the web application?)
Is my understanding of this correct? Therefore, If i don't add users to the security tab of the virtual folder, then other users will be rejected by the browser?
Next, assuming I want them to log on as a Network Service user, and not impersonate any other user or impersonate as themselves such as LABob (domainuser) and instead just be NT AuthorityNetwork Service, I would set impersonation to false and I would also set anonymous access in IIS to false.I want to set up the fastest/easiest way to add users/remove users to access my application and be able to authenticate whether or not they can get on. Is this the right way to do it?
View 1 Replies
Dec 15, 2010
We have a customer who are using HP Web Inspect to test for vulnerabilities in our software.
The web inspect tool is complaining about about error messages being returned when a request such as the following is made [URL].
The ASP.Net framework returns a page with the following text content and a 500 status code.
System.IndexOutOfRangeException: Index was outside the bounds of the array.
[code]....
but the error seems not be an unhandled error and so neither 500 page is shown.
View 1 Replies
Oct 14, 2010
I am required to control access to a specific file on our server. I suggested, for the time being (rather than affording time for other routes until we can), that we simply use the web.config to lock this file down to everyone by means of a location/system.web/authorization setting.
This soon failed to protect the resource and I quickly became aware why (I think). It is a public site and is not using Forms authentication (currently just defaulting to Windows).
So, for clarity, here are the relevant parts the config file...
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="thefile.extension">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can I secure this resource without turning on Forms authentication? Or can I turn authentication on but never actually require authentication to occur, by allowing all resources but the ones explicitly stated, or by explicitly stating all allowed and denied resources?
View 1 Replies
Aug 25, 2010
is there any impact of using static methods in Business Access layer in 3 tier applciation,
View 4 Replies
