I have configured forms authentication for my MVC 3 RTM application. I updated the configuration to the following and set the autoFormsAuthentication per the Gu and StackOverflow to false. However, when my application is deployed to my web server (W2k3 Standard SP2, II6) the controllers marked with [Authorize] are always redirected to /Account/LogOn instead of the configured value.
[Code]....
I want to authorize the asp.net account to access some folders in my project.
However, I get this error::
System.UnauthorizedAccessException: Access to the path 'D:ProgramingPartFromYamnWebExerciseWebExerciseAccordionImgs' is denied.
I am using win 7 so what is the name of the asp.net account that I should use?
I'm getting "Windows NT user or group 'domainwebservername' not found" when I query the following. Why? This is how I got ny domain and webservername.
Response.Write(Environment.UserDomainName);
Response.Write(Request.ServerVariables["SERVER_NAME"]);
-- Create a SQL Server login for your application's domain account
sp_grantlogin 'domainwebservername$'
-- Grant the login access to the membership database
USE aspnetdb
GO
sp_grantdbaccess 'domainwebservername$', 'Web Server Name'
-- Add user to database role
USE aspnetdb
GO
sp_addrolemember 'aspnet_Membership_FullAccess', 'domainwebservername$'
i just have asp.net mvc 3 beta installed, and i get an issue with loginUrl.
my little project works fine with asp.net mvc 3 preview, but now it always ignores my loginUrl setting in web.config and always redirects me to ~/Account/Login.
i follow the instructions, install WebPages first then mvc 3 beta.
I have a web app Which Uses Forms Authentication.
One thing that we want to be able to do on Support is login to a specific users account Via our admin account.
We are using the standard asp.net membership authentication.
The idea would be for the support technition to be able to login using credentials like admin(<Troubled User>) using the Admin Account password
We are using a a Standard ASP.Login Control
The real Issue is that the Me.Page.User.Identity.Name is set to the value on the CtlLogin.Username Property. I need it to be the the Support Login?
Login Control
Code:
<asp:Login ID="ctlLogin" runat="server" DisplayRememberMe="False" Font-Names="Arial Rounded MT Bold" Font-Size="12pt" ForeColor="Black"
MembershipProvider="MembershipProvider" Width="100%" TitleText="" UserNameLabelText="User" VisibleWhenLoggedIn="False" RememberMeSet="True"
PasswordLabelText="Password" EnableTheming="False" Height="35px" >
[Code] ....
Validate User Script
Code:
Dim objstrSupUser As String = ""
'Load the user from the membership provider
Dim strUserName As String = ctlLogin.UserName
If ctlLogin.UserName.IndexOf("(") > 0 Then
objstrSupUser = Regex.Match(strUserName, "(([^)]*))").Groups(1).Value
[Code] ....
Do I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
View 7 RepliesI have an ASP.NET page where at the top of the page is a search box. There are 2 text boxes - one is an autocomplete extender for the Name on a database, and one is just inputting the ID.The page features DetailsViews and GridViews primarily, and even when no account has been searched for, these display blank data which is not ideal. I sort of fixed this by using if (IsPostBack), encasing the elements in a placeholder and setting it to visible only if the page ispostback. But this doesn't cover if the user types in an incorrect ID.
Also, some accounts have huge amounts of data inside the GridView's. I had an issue where because I have no way of detecting when a data source's rows has changed, I end up binding whenever the page loads (Page_Load method). I've come to realise this is simply very bad - there are lots of times when the user can click various things in the page and have the page postback, and it takes an eternity to load each time I click something for accounts with lots of data.Anyway, my question is essentially two-fold but I have a feeling the solution will be similar:1: How can I detect when there are no accounts returned when searching, and disable the Grids/Detailsviews and show an error message?2: How can I figure out when the user searches for another account and only rebind the grids after that has happened?
I have use the mvc 2 web site template and I would like to attach
A user db that I have already created
In my web config file I have change the connection string to this"
[Code]....
When I'm tring to register I'm getting this error :
Login failed for user ''. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user ''.Source Error:
[Code]....
I have set a break point in line 127 and I can clearly see that is getting the data (username ,password ,email) What is wrong( with the contion string)?
I know i can authorize an action result for named users
[Code]....
but how do i do it for an unknown username? so i have the username stored in the database
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process();
p.EnableRaisingEvents = true;
p.Exited += new EventHandler(p_Exited);
p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath;
p.StartInfo.WorkingDirectory = @"c:mydomain.comworking";
p.StartInfo.UseShellExecute = false;
p.StartInfo.FileName = "pdflatex.exe";
p.Start();
p.WaitForExit();
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
I have to develop an authorize filter in asp.net mvc.I have got five categories of users in my site and my site uses custom created authentication system.Now i have a controller action which should be accessible to 3 out of those five type of users.How to create a filter (basically authorize) and use it which fulfills my requirement?I think i need to create the authorize filter with parameter.I should be able to use something like this in my controller action.
Authorize[UsersType="admin,accountant,operator"]
public ActionResult Test()
{
}
technology used : Asp.net MVC
After browsing the MVC section on CodePlex I noticed that the [Authorize] attribute in MVC returns a HttpUnauthorizedResult() when authorization fails (codeplex AuthorizeAttribute class). In the source of HttpUnauthorizedResult() from CodePlex is the code (I'm not allowed to enter another URL as my rep isn't high enough, but replace the numbers on the URL above with 22929#266476):
// 401 is the HTTP status code for unauthorized access - setting this
// will cause the active authentication module to execute its default
// unauthorized handler context.HttpContext.Response.StatusCode = 401;
In particular, the comment describes the authentication module's default unauthorized handler. I can't seem to find any information on this default unauthorized handler. In particular, I'm not using ormsAuthentication and when authorization fails I get an ugly IIS 401 error page. Does anyone know about this default unauthorized handler, and in particular how FormsAuthentication hooks itself in to override it? I'm writing a really simple app for my football team who confirm or deny whether they can play a particular match. If I enable FormsAuthentication in the web.config the redirect works, but I'm not using FormsAuthentication and I'd like to know if there's a workaround.
I'm trying to add a directory for anon access in IIS 7.5. It works under Web Dev but not IIS 7.5
I'm currently using this web.config in the directory. This is a directory with style sheets:
<?xml version="1.0"?>
Note: As an alternative to hand editing this file you can use theweb admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in WindowsMicrosoft.NetFrameworkv2.xConfig
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
Update:
I've went to the folder and under Authentication, I've changed anonymous authentication from IIS_USR to pool. This seems to have correct it.
I will reward anyone who provides a very good explanation and resources for understanding this setting. Also, how to apply it globally would be good to know -- for all folders.
I had done a shoppingcart in asp.net and i have to connect it to Authorize.net for payment process.
I dont know anything about this.
I've an application that runs in a localhost.
So I can get the user logon to some recording data or some thing else.
I was thinking if that was possible to put some value in web config that gets the user logon and if that logon is authorizated for that page it let him open else it close the page...
Some one have some idea to accomplish it ?
I downloaded the Facebook C# SDK 4.1.1, and incorporated it on a small ASP.NET 3.5SP1 web project. When I run the application from VS Studio 2008, it allowed me to install my Facebook application. When I log onto facebook, I can see that my app installed, as I see it on my home page left nav.
When I click on the app, it displays the default.aspx page on my facebook app iframe. Looks like it worked, right? No it doesn't because when I debug the page on localhost, I see that the Authorize() on the CanvasAuthorizer app returns FALSE.
I created a web app in IIS 5.0 so that the default vs studio debugger doesn't interfere.
Here are they facebook settings I have set and other relevant information.
[code]....
I have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file)....
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class DispatchService [code]...
The idea is that the user logs into the website and is then authorised for all services. I do not want to have a login aspect to my Silverlight application to authenticate users.Therefore I dont want anyone to be able to call my service who is not authenticated.
Could I...Somehow determine this for each Operation Contract. I had a look inside the OperationContext object but couldnt find anthing that stood out as a way to determine who the user was.Somehow attribute the ServiceContract so that the method can only be used by authorised users?Put something in my web.config to stop unathorised users from being able to access the folder containing the services?
How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.
View 4 RepliesI am not being able to use User Role at model level. I need this to grant control to each repository's method individualy.
This works fine at the objectController, at the controller level:
[Code]....
But at the objectRepository, model level, the following compiles but is ignored:
[Code]....
ASP.NET MVC doesn't allow this? Is there any way arround?
How to Protect Web services from Un authenticated users.. right now Im Using Protected Access specifiers.. Is it Correct method To Protect Web services?
View 1 RepliesI'm trying to do the integration, i have designed my form already :
[Code]....
But i need to do the coding and i don't know how, I looks very complicated when i checked their sample codes in VB.Net the folder contains lots of files and codes.I have found someone that did the coding in c# and this is the link for the code :
http://www.keithfimreite.com/Codebehind.txt
and the link for the form http://www.keithfimreite.com/Form.txt
I'm making a custom MembershipProvider and RoleProvider.
I have database tables with Roles and UsersInRoles and I use LINQ-to-SQL to create objects of the tables.
When invoking [Authorize] on an action method, will it work with my custom RoleProvider?
How does it know if the user is authenticated and if the user is in the appropriate role?
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?
View 1 RepliesSummary: I need to authorize pages based upon the data present in the query string of a url, not just the page name.
Background:
Let's say I'm building a library inventory system. Users can be created and assigned to a single library in either an Admin or User role. There are hundreds of competing libraries in the same database, so it's important to ensure that users of one library cannot view inventory from another library.
Right now I'm using a pretty standard ASP.NET setup: Forms Authentication using the SqlMembershipProvider. Authorization using the SqlRoleProvider, configured via <authorization> sections in the web.config. Security trimming with the SiteMap provider to hide unauthorized pages.
To control the inventory information from leaking, I'm manually checking a user's associate library ID with every inventory query. It works, but it's tedious and prone to errors. There has to be a better way.
Question:
Now users have the ability to create arbitrary "collections" within a library. (e.g. Collection A has Books 1, 2, & 3 in it.) Admins want the ability to grant Admin / User access on individual collections, not just the entire library.
So, if a user goes to www.com/Book.aspx?BookId=1, the system needs to ensure that user has permissions for the collection that "Book 1" is in before showing the page. If they go to www.com/Reviews.aspx?ReviewId=23, I need to make sure the Review is for a book that is in a collection that they have permission to view.
1) How can I implement this in the most standard ASP.NET way possible?
Manual checking within a base page?
A custom HttpModule?
A custom Role Provider?
I'm not interested in how to store the admin/user permissions, but rather how/where to authorize based on those permissions.
(examples on how to implement any of those are appreciated)
2) To further complicate it, I'd still like security trimming to check if the user has Admin rights on any collection or library and hide the admin pages if he doesn't.
Been using MvcContrib for strongly typed redirects since MVC1. Aren't we there yet with MVC3 or did I miss something (just been scratching the surface)
View 5 Replies