MVC :: Custom Authorization Attribute Throws Security Exception
Mar 4, 2010
I have a custom authorization attribute, that basically check if the current user's role is equals to the current area name, and if not, redirect them to the signup view in that requested area. (dummy role provider at this this stage, therefor check it against the user's name at the moment)
It runs fine (IIS) but when I debug it I can see a Security Exception are being thrown by the code
The code:
[Code]....
View 2 Replies
Similar Messages:
Mar 2, 2010
I want to create a single custom authorization attribute to be added to controller actions that require authenticated users.
My first shot at this, so I may have it all wrong
Got 3 Roles which corresponds to 3 Areas in my application (Client app, so I'll just call them RoleOne, RoleTwo, RoleThree and AreaOne, AreaTwo, AreaThree).
Each area have similiar (to a point) views and actions, like Sign Up, Area specific home, etc.
In the attribute I want to determine the current area, controller and action. Then I just add code like:
If not logged in, and in AreaOne, go to AreaOne Signup (etc)If logged in as RoleOne, and AreaOne Home is requested, go there, but if AreaTwo Home is requested ,go to AreaTwo Signup So in my attribute class I need to determine the current area, controller and action, and see what kind of user we have logged in (if any)
Using ActionExecutingContext it seems I can determine the contoller and action method names, however I cannot find the Area name, and altered the attribute to be called like this:
[Code]....
View 4 Replies
Mar 29, 2010
I am using Membership.DeleteUser("username",true) method to delete the user from DataBase. This works fine in my local machine. When i publish the same code, i am not able to delete the user..... it throws an javascript error saying..... "Login failed for user NT AUTHORITY/NETWORK SERVICE"
View 5 Replies
Mar 29, 2011
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
View 1 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
View 1 Replies
Aug 17, 2010
I have simple 3 tier web application and have mostly CRUDE functionalities. Recently I required to add new console application to the existing solution in which I call data layer methods for retrieving data from DB but I get an exception "The type initializer for threw an exception."When I debugged I found that the exception is thrown at datalayer on first line of class where I get connectionstring from
web.config, the code is public static readonly string CONNECT_STRING =
ConfigurationManager.ConnectionStrings["DbConnectString"].ConnectionString;
Now if I hardcode the connection string value like public static readonly string CONNECT_STRING = "Data Source=XYZ;uid=sa;password=XXX;initial catalog=ABC;"
it works fine.I don't understand what is the issue here as web application works fine with this datalayer.
View 2 Replies
Jan 17, 2011
every now and then my server throws an exceeption. When it first starts to throw an exception the server wont work until I reinstall my web app (copy and Paste). I think this forces a restart of IIS and somethiong gets cleared bercause the app is working again for some hours, sometime less. Now I have created a scheduled task recopying all the web site files every 15 minutes. This restarts the server and the users are able to use the site. Problem is that now the server either start throwing exceptions, or the user is kicked because the server restarts. So you see, this is absolutly not a good solution.I have looked in the Event Viewer on the sever. Her is some examples of the exceptions:
[Code]....
An other exception:
[Code]....
As you can see, the common part of all the exceptions is the Exception message: Unable to cast object of type 'System.Int32' to type 'System.String'. Her is the code of one of the places throwing an exxception:
[Code]....
View 3 Replies
Jul 22, 2010
We have an old asp application that instantiates a .NET com visible class. In this class, we do some serialization to store our object in the session.
When I call the following line of code in my test class, it works fine.
var cereal = new XmlSerializer(couponApplicator.GetType());
However, when it gets called in the website and I am debugging, it throws the following error:
{"Cannot execute a program. The command being executed was "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\WINDOWS\TEMP\rwot-yx9.cmdline"."} System.SystemException {System.Runtime.InteropServices.ExternalException}
I thought maybe it was permissions related so I tried giving 'EVERYONE' full control to the windows/microsoft.net folder as well as the windows/temp folder. For reference, I am running this on a Windows XP machine.
View 2 Replies
Dec 29, 2010
i have this (simple) code
<% Html.RenderAction("Version", "Generic"); %>
in my masterpage of my asp.net mvc 2 app. This method returns the version of the application.
i also have this code in my controller:
class GenericController : BaseController
{
[ChildActionOnly]
public string Version()
{
try
{
string assemblyFile = Assembly.GetCallingAssembly().FullName;
FileInfo fi = new FileInfo(assemblyFile);
string version = fi.LastWriteTime.Year.ToString( ) + fi.LastWriteTime.Month.ToString() + fi.LastWriteTime.Day.ToString();
return version;
}
catch (Exception e)
{
return "1.0";
}
}
}
Now i get this error:
Execution of the child request failed. Please examine the InnerException for more information.
and the innerexcpetion is:
{"The controller for path '/Account/LogOn' was not found or does not implement IController."}
What i was thinking is that maybe the code can't execute because the user is not logged on yet, and tries to redirect to the logon method etc.
So the first thing i was thinking is to grant access in the web.config (like i do with the directory that has the css and images in it, it should also be accessable when you're not logged on:
<location path="Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
but what is the path for this (version) method ?
(or maybe there is another reason for the excpetion.
View 1 Replies
Feb 12, 2010
After googling for couple of days, I really cannot solve described issue. Hope here will find a solution
I'm using attached code when calling WCF service on the same server. I get Timeout error randomly in call WebReq.GetRequestStream()
When I'm check netstat I see that connection remains open, so probably is there a problem, but I don't know how to solve it
//request inicialization
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(url);
WebReq.Method = "POST";
WebReq.ContentType = "application/json; charset=utf-8";
WebReq.ContentLength = buffer.Length;
WebReq.Proxy = null;
WebReq.KeepAlive = false; //also tried with true
WebReq.AllowWriteStreamBuffering = false; //also tried with true
//this produces an error
using (Stream PostData = WebReq.GetRequestStream())
{
PostData.Write(buffer, 0, buffer.Length);
PostData.Close();
}
//open and read response
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
Stream Answer = WebResp.GetResponseStream();
StreamReader _Answer = new StreamReader(Answer);
WebResp.Close();
//return string
return _Answer.ReadToEnd();
Timeout is thrown mostly after some 10 seconds of idle time, but also after five or so requests in the row. Really cannot find a pattern.
What could be wrong with this code? Is there any other (better) way for calling WCF service?
View 4 Replies
Jan 31, 2011
I have several text boxes in an asp:Panel. When the user hits Enter from any of those boxes, I want the form to submit as if they've clicked btnAddTag. (When the cursor is not in those boxes, I have a different default submit button.)
The aspx:
<asp:Panel id="thePanel" runat="server">
<asp:Button ID="btnAddTag" Text="Add Tag" runat="server" />
</asp:Panel>
The vb:
tagPanel.DefaultButton = btnAddTag.UniqueID
The exception:
The DefaultButton of 'tagPanel' must be the ID of a control of type IButtonControl.
The value of btnAddTag.UniqueID is ctl00$phMain$btnAddTag (there's a master page, this section is called phMain).
I've also tried CType(tagPanel.FindControl("btnAddTag"), Button).UniqueID.
View 3 Replies
Sep 30, 2010
What is the purpose of adding a try catch condition that simply throws the Exception?
Sample Code (Note: The db object is proprietary code that simply uses ADO.Net):
[Code]....
View 6 Replies
Nov 12, 2010
I have a date field in a typed dataset that created from database.
I get an NULL Value exception when I try to enter some null value. I am not able to set the Nullvalue property of the DateTime field in XSD to other value other than Throw Exception.
View 1 Replies
Apr 23, 2010
The following code listed on the bottom is a dropdown extender contained with a listview insert template. The code works fine however int VS 2008 Debug mode, its throwing the exception:Microsoft JScript runtime error: Sys.InvalidOperationException: Handler was not added through the Sys.UI.DomEvent.addHandler method.If I click ignore or continue, the taret label is properly populated with the appropriate value. Has anybody encountered this and is
<td>
<asp:Label ID="lblTest" style="height:25px;border: solid 1px black" runat="server" Text='<%#Bind("TestCode") %>' Width="90%"></asp:Label>
<asp:DropDownExtender ID="ddExtTestCode" runat="server" TargetControlID="lblTest" DropDownControlID="pnlTestCode"></asp:DropDownExtender>
<asp:Panel ID="pnlTestCode" runat="server" style="display : none; visibility: hidden;">
<asp:LinkButton runat="server" ID="Option1" Text="12345-New York" CommandArgument="12345" OnClick="OnTestCodeSelect"></asp:LinkButton>
<asp:LinkButton runat="server" ID="Option2" Text="45678-New Jersey" CommandArgument="45678" OnClick="OnTestCodeSelect"></asp:LinkButton>
</asp:Panel>
</td>
View 1 Replies
Mar 17, 2011
In Asp.net application. i cache a Linq to Xml result to a Cache object. when i cast the cache object back to generic list. i get the following exception.
[A]System.Collections.Generic.List`1[CarRentalAddress] cannot be cast to [B]System.Collections.Generic.List`1[CarRentalAddress]. Type A originates from 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' in the context 'LoadNeither' at location 'C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll'. Type B originates from 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' in the context 'LoadNeither' at location 'C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll'.
My code looks like this.
if (!Page.IsPostBack) { if (Cache["xml"] == null) { DataSet ds = new DataSet(); ds.ReadXml(HttpContext.Current.Server.MapPath("~/CarRentalAddress.xml")); var grid = (from d in ds.Tables[0].AsEnumerable() orderby d.Field<string>("City") where d.Field<string>("Enabled") == "1" select new CarRentalAddress { City = d.Field<string>("City"), HotelName = d.Field<string>("HotelName"), Address = d.Field<string>("Address"), EmailID1 = d.Field<string>("EmailID1"), EmailID2 = d.Field<string>("EmailID2") }).ToList(); Cache["xml"] = grid; totalrows = grid.Count().ToString(); grdAddress.DataSource = grid; grdAddress.DataBind(); } else { //Exception is thrown by this line var grid = (List<CarRentalAddress>)Cache["xml"]; totalrows = grid.Count().ToString(); grdAddress.DataSource = grid; grdAddress.DataBind(); } }
View 4 Replies
Jul 30, 2010
I am working on application which is deployed in UK environment. But the machine which I am using has US as dateculture.
I always face issues while running application on my machine as some of the functionality which involves date doesnot work and throws exception.
I tried to google on the datetime conversion issue but it did not help.
Can any one please guide me about the changes to be done so that the application works fine in both US and UK environments?
View 2 Replies
Jun 14, 2010
How i create a exception in location to allow access to page GanttViewer.aspx with other rol and others pages only with Admin rol
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
View 1 Replies
Jan 10, 2011
This problem is trivial to duplicate. Do any query on a table which contains a timestamp / rowversion column. Set a breakpoint and examine the resulting query in the Linq to SQL visualizer. Click on Execute which displays the results in a DataGridView. For each row you get "System Argument Exception: Parameter is not valid" when it tries to display the timestamp / rowversion in the grid. What is most annoying is that there is no way to get out of the visualizer without going to Task Manager and killing the Visual Studio process, devenv.exe.
This is definitely a bug. How can you presume to be able to display a database query when you can't display an essential datatype like timestamp / rowversion? Is there any way around this ? I would like to add that in general the CLR is woefully inadequate in the way it handles timestamp / rowversion fields. It would be nice if they could be defined, copied, compared, displayed and serialized in some standardized automatic way.
View 3 Replies
Nov 3, 2010
AjaxControlToolkit.ToolKitScriptManager.OnInit() throws thread abort exception for every aspx page. I have an asp.net 2.0 Ajax application, where I have set the following properties of ToolScriptManager on my pages.
<ajaxToolkit:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server" EnableScriptGlobalization="true"
EnableScriptLocalization="true" CombineScripts="true" EnablePageMethods="true">
<Scripts>
I have this configuration on all the aspx pages in my application. When I checked the .NET CLR exception Performance counter I figured out a large number of exceptions, mainly one exception per page load is occuring. On running windbg I was noticed that
AjaxControlToolkit.ToolKitScriptManager.OnInit() has the following code block which is getting executed. The OutputCombinedScriptFile() returns true. But since I am setting my controls on DesignTime still designmode is set to false for toolkitscriptmanager.
if (!DesignMode && (null != Context) && OutputCombinedScriptFile(Context))
{
// This was a combined script request that was satisfied; end all processing now
Page.Response.End();
}
I am not sure if this is a reported bug or even a bug with ajax, but this is causing havoc in my load test results as I have around 3 hundred thousand HTTP requests to be handled per day out of which 80% are aspx page requests resulting in a large number of threadafbortexceptions, thus affecting the performance.
View 3 Replies
Apr 26, 2010
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Replies
Mar 3, 2010
I've got customErrors set in my web.config
XML Code:
<customErrors mode="On" defaultRedirect="/Error/GeneralError">
<error statusCode="404" redirect="/Error/NotFound"/>
</customErrors>
This works fine locally. A 404 throws a 404. On the shared hosting it throws up the standard server 404 page unless I specifically set 404 to point to /Error/NotFound. That's fine. Now it will show the custom 404 page except the response status code is 200. So if I try to throw Response.StatusCode = 404; in my NotFound action in ErrorController like this:
Csharp Code:
[code]....
the server throws a status code 500 Internal Server Error but my GeneralError page doesn't show, just a blank white page with no source.
I've tried many different combinations but I can't seem to find how to make it show my custom 404 page along with a 404 response.
View 11 Replies
Jul 2, 2010
i have this application structure:
1. Presentation Layer which calls
2. Business Logic Layer which in turn calls
3. Data Access Layer to do the dealing with the database.
Now i have a Contacts page from where i can add a new contact to the database.So to add a New Contact i fill in all the required details and then call a Add Method (residing in the BLL) from the page, which in turn call a Add Method residing in the DAL.this method in the DAL returns the Current Identity of the record which is then return back to the BLL method and finally delivered on the page.this is fine. but what if a get an exception how do i handle it properly because the method in DAL has a return type of int and i dont want to throw another error!! coz other wise i will have to write try catch in almost all the methods.
//something like this
public int AddMethod(ContactClass contactObj)
{
int result = 0;[code]...
rather i want to show the user a user-friendly message which they can easily understand and in the mean while i will send a mail to myself documenting the Error that just occurred.how can i implement my custom exception classes.
View 2 Replies
Dec 29, 2010
I have used standard asp.net roles and membership provider in my asp.net mvc project. The resources like creating an employee and setting its role can only be done by administrator. Now at first delivery of software to client, there will be no user, i want to implement a functionality where if there are no users in the system user can directly create new employee and assign roles without logging in. Once the roles are assigned user will have to log in to access authorized resources. Can i implement custom action filters that will assist me in implementing this functionality? How can i impelment this functionality?
View 1 Replies
Feb 3, 2010
Does [HandleError] attribute in MVC replaces the traditional try catch exception handling?
As I have seen codes in controllers where the top line of code is [HandleError] also I have not seen much of try catch in the code of the application I am working on.
View 2 Replies
Jul 16, 2010
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
View 1 Replies