I have a custom authorization attribute, that basically check if the current user's role is equals to the current area name, and if not, redirect them to the signup view in that requested area. (dummy role provider at this this stage, therefor check it against the user's name at the moment)
It runs fine (IIS) but when I debug it I can see a Security Exception are being thrown by the code
I want to create a single custom authorization attribute to be added to controller actions that require authenticated users.
My first shot at this, so I may have it all wrong
Got 3 Roles which corresponds to 3 Areas in my application (Client app, so I'll just call them RoleOne, RoleTwo, RoleThree and AreaOne, AreaTwo, AreaThree).
Each area have similiar (to a point) views and actions, like Sign Up, Area specific home, etc.
In the attribute I want to determine the current area, controller and action. Then I just add code like:
If not logged in, and in AreaOne, go to AreaOne Signup (etc)If logged in as RoleOne, and AreaOne Home is requested, go there, but if AreaTwo Home is requested ,go to AreaTwo Signup So in my attribute class I need to determine the current area, controller and action, and see what kind of user we have logged in (if any)
Using ActionExecutingContext it seems I can determine the contoller and action method names, however I cannot find the Area name, and altered the attribute to be called like this:
I am using Membership.DeleteUser("username",true) method to delete the user from DataBase. This works fine in my local machine. When i publish the same code, i am not able to delete the user..... it throws an javascript error saying..... "Login failed for user NT AUTHORITY/NETWORK SERVICE"
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
I have simple 3 tier web application and have mostly CRUDE functionalities. Recently I required to add new console application to the existing solution in which I call data layer methods for retrieving data from DB but I get an exception "The type initializer for threw an exception."When I debugged I found that the exception is thrown at datalayer on first line of class where I get connectionstring from
web.config, the code is public static readonly string CONNECT_STRING =
Now if I hardcode the connection string value like public static readonly string CONNECT_STRING = "Data Source=XYZ;uid=sa;password=XXX;initial catalog=ABC;"
it works fine.I don't understand what is the issue here as web application works fine with this datalayer.
every now and then my server throws an exceeption. When it first starts to throw an exception the server wont work until I reinstall my web app (copy and Paste). I think this forces a restart of IIS and somethiong gets cleared bercause the app is working again for some hours, sometime less. Now I have created a scheduled task recopying all the web site files every 15 minutes. This restarts the server and the users are able to use the site. Problem is that now the server either start throwing exceptions, or the user is kicked because the server restarts. So you see, this is absolutly not a good solution.I have looked in the Event Viewer on the sever. Her is some examples of the exceptions:
[Code]....
An other exception:
[Code]....
As you can see, the common part of all the exceptions is the Exception message: Unable to cast object of type 'System.Int32' to type 'System.String'. Her is the code of one of the places throwing an exxception:
We have an old asp application that instantiates a .NET com visible class. In this class, we do some serialization to store our object in the session.
When I call the following line of code in my test class, it works fine.
var cereal = new XmlSerializer(couponApplicator.GetType());
However, when it gets called in the website and I am debugging, it throws the following error:
{"Cannot execute a program. The command being executed was "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\WINDOWS\TEMP\rwot-yx9.cmdline"."} System.SystemException {System.Runtime.InteropServices.ExternalException}
I thought maybe it was permissions related so I tried giving 'EVERYONE' full control to the windows/microsoft.net folder as well as the windows/temp folder. For reference, I am running this on a Windows XP machine.
in my masterpage of my asp.net mvc 2 app. This method returns the version of the application.
i also have this code in my controller:
class GenericController : BaseController { [ChildActionOnly] public string Version() { try { string assemblyFile = Assembly.GetCallingAssembly().FullName; FileInfo fi = new FileInfo(assemblyFile); string version = fi.LastWriteTime.Year.ToString( ) + fi.LastWriteTime.Month.ToString() + fi.LastWriteTime.Day.ToString(); return version; } catch (Exception e) { return "1.0"; } } }
Now i get this error: Execution of the child request failed. Please examine the InnerException for more information.
and the innerexcpetion is: {"The controller for path '/Account/LogOn' was not found or does not implement IController."}
What i was thinking is that maybe the code can't execute because the user is not logged on yet, and tries to redirect to the logon method etc.
So the first thing i was thinking is to grant access in the web.config (like i do with the directory that has the css and images in it, it should also be accessable when you're not logged on:
I have several text boxes in an asp:Panel. When the user hits Enter from any of those boxes, I want the form to submit as if they've clicked btnAddTag. (When the cursor is not in those boxes, I have a different default submit button.)
I have a date field in a typed dataset that created from database.
I get an NULL Value exception when I try to enter some null value. I am not able to set the Nullvalue property of the DateTime field in XSD to other value other than Throw Exception.
The following code listed on the bottom is a dropdown extender contained with a listview insert template. The code works fine however int VS 2008 Debug mode, its throwing the exception:Microsoft JScript runtime error: Sys.InvalidOperationException: Handler was not added through the Sys.UI.DomEvent.addHandler method.If I click ignore or continue, the taret label is properly populated with the appropriate value. Has anybody encountered this and is
In Asp.net application. i cache a Linq to Xml result to a Cache object. when i cast the cache object back to generic list. i get the following exception.
[A]System.Collections.Generic.List`1[CarRentalAddress] cannot be cast to [B]System.Collections.Generic.List`1[CarRentalAddress]. Type A originates from 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' in the context 'LoadNeither' at location 'C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll'. Type B originates from 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' in the context 'LoadNeither' at location 'C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll'.
My code looks like this.
if (!Page.IsPostBack) { if (Cache["xml"] == null) { DataSet ds = new DataSet(); ds.ReadXml(HttpContext.Current.Server.MapPath("~/CarRentalAddress.xml")); var grid = (from d in ds.Tables[0].AsEnumerable() orderby d.Field<string>("City") where d.Field<string>("Enabled") == "1" select new CarRentalAddress { City = d.Field<string>("City"), HotelName = d.Field<string>("HotelName"), Address = d.Field<string>("Address"), EmailID1 = d.Field<string>("EmailID1"), EmailID2 = d.Field<string>("EmailID2") }).ToList(); Cache["xml"] = grid; totalrows = grid.Count().ToString(); grdAddress.DataSource = grid; grdAddress.DataBind(); } else { //Exception is thrown by this line var grid = (List<CarRentalAddress>)Cache["xml"]; totalrows = grid.Count().ToString(); grdAddress.DataSource = grid; grdAddress.DataBind(); } }
This problem is trivial to duplicate. Do any query on a table which contains a timestamp / rowversion column. Set a breakpoint and examine the resulting query in the Linq to SQL visualizer. Click on Execute which displays the results in a DataGridView. For each row you get "System Argument Exception: Parameter is not valid" when it tries to display the timestamp / rowversion in the grid. What is most annoying is that there is no way to get out of the visualizer without going to Task Manager and killing the Visual Studio process, devenv.exe.
This is definitely a bug. How can you presume to be able to display a database query when you can't display an essential datatype like timestamp / rowversion? Is there any way around this ? I would like to add that in general the CLR is woefully inadequate in the way it handles timestamp / rowversion fields. It would be nice if they could be defined, copied, compared, displayed and serialized in some standardized automatic way.
AjaxControlToolkit.ToolKitScriptManager.OnInit() throws thread abort exception for every aspx page. I have an asp.net 2.0 Ajax application, where I have set the following properties of ToolScriptManager on my pages.
I have this configuration on all the aspx pages in my application. When I checked the .NET CLR exception Performance counter I figured out a large number of exceptions, mainly one exception per page load is occuring. On running windbg I was noticed that
AjaxControlToolkit.ToolKitScriptManager.OnInit() has the following code block which is getting executed. The OutputCombinedScriptFile() returns true. But since I am setting my controls on DesignTime still designmode is set to false for toolkitscriptmanager.
if (!DesignMode && (null != Context) && OutputCombinedScriptFile(Context)) { // This was a combined script request that was satisfied; end all processing now Page.Response.End(); }
I am not sure if this is a reported bug or even a bug with ajax, but this is causing havoc in my load test results as I have around 3 hundred thousand HTTP requests to be handled per day out of which 80% are aspx page requests resulting in a large number of threadafbortexceptions, thus affecting the performance.
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
This works fine locally. A 404 throws a 404. On the shared hosting it throws up the standard server 404 page unless I specifically set 404 to point to /Error/NotFound. That's fine. Now it will show the custom 404 page except the response status code is 200. So if I try to throw Response.StatusCode = 404; in my NotFound action in ErrorController like this:
Csharp Code:
[code]....
the server throws a status code 500 Internal Server Error but my GeneralError page doesn't show, just a blank white page with no source.
I've tried many different combinations but I can't seem to find how to make it show my custom 404 page along with a 404 response.
3. Data Access Layer to do the dealing with the database.
Now i have a Contacts page from where i can add a new contact to the database.So to add a New Contact i fill in all the required details and then call a Add Method (residing in the BLL) from the page, which in turn call a Add Method residing in the DAL.this method in the DAL returns the Current Identity of the record which is then return back to the BLL method and finally delivered on the page.this is fine. but what if a get an exception how do i handle it properly because the method in DAL has a return type of int and i dont want to throw another error!! coz other wise i will have to write try catch in almost all the methods.
//something like this public int AddMethod(ContactClass contactObj) { int result = 0;[code]...
rather i want to show the user a user-friendly message which they can easily understand and in the mean while i will send a mail to myself documenting the Error that just occurred.how can i implement my custom exception classes.
I have used standard asp.net roles and membership provider in my asp.net mvc project. The resources like creating an employee and setting its role can only be done by administrator. Now at first delivery of software to client, there will be no user, i want to implement a functionality where if there are no users in the system user can directly create new employee and assign roles without logging in. Once the roles are assigned user will have to log in to access authorized resources. Can i implement custom action filters that will assist me in implementing this functionality? How can i impelment this functionality?
Does [HandleError] attribute in MVC replaces the traditional try catch exception handling?
As I have seen codes in controllers where the top line of code is [HandleError] also I have not seen much of try catch in the code of the application I am working on.
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.