Need Recommendations With WCF And Security
Jul 5, 2010
i'd like to recieve comments on the way i'm trying to build an asp.net web application which uses a WCF service that is hosted in another asp.net application. Both applications will live on the same machine, but the app with the WCF service will not be accessible from the outside. there will be two web servers sharing the load behind a load balancer.
The app pool of both applications will use the same local user account (web server is not part of a domain) and so i was thinking to use WsHttpBinding with windows security for communication between client and internal wcf service.
The fron-end asp.net app uses forms authentication through a custom membership/role provider to athenticate and authorize users. The user database is in a sql server database.
i need to somehow pass to the wcf service the user details (username + roles) so that in the wcf it will be possible to validate and authorize according to the roles of who is logged in the front-end. I read i need to use "support tokens", but i haven't figured out how to use this.
I read also something about claims and WIF, which seems interesting but have no idea how i could use these in my scenario.
is there anyone who can give me recommendations about the architecture and maybe also show me how to pass the username to the wcf service and also show me if possible to use claims based authorization?
View 1 Replies
Similar Messages:
Dec 17, 2010
Looking for design recommendations in asp.netwhat be better to use for design controls on the screento put controls in table ? or absolute position for the controls ?what is better to use ? What all developers use ?
View 4 Replies
Dec 21, 2010
From the following URL i got some doubts about the Recommendations for using Abstract class vs interfaces
[URL]
1. If you anticipate creating multiple versions of your component, create an abstract class. Abstract classes provide a simple and easy way to version your components. By updating the base class, all inheriting classes are automatically updated with the change. Interfaces, on the other hand, cannot be changed once created. If a new version of an interface is required, you must create a whole new interface. { Is there any example for this t ounderstand throughly ?} If you are designing small, concise bits of functionality, use interfaces. If you are designing large functional units, use an abstract class. If you want to provide common, implemented functionality among all implementations of your component, use an abstract class. Abstract classes allow you to partially implement your class, whereas interfaces contain no implementation for any members. { Is there any example for this t ounderstand throughly?
View 3 Replies
Apr 16, 2010
I look after a number of divisional websites for a uk based membership organisation and what we want to do is provide, as well as other address functions, is a closest member lookup to a web user from the websites themselves.A few use cases that I want to fill:ase 1: The user puts in their post code and wants to see all the members in a 5/10/15/20/30/40 mile radius from themCase 2: The member puts in an area (city, county, etc.) and gets a list of members in that area.Essentially what I'm looking for is a programmable API which I can code against to do:post code lookup and returns addresses (after picking house number for example).
search post code + radius (5miles, 10miles etc) and get a set of applicable post codes to then join onto the membership records in the databaseAny recommendations? It can be a quarterly update install on the server, it can be a queryable web service.
View 4 Replies
Mar 8, 2010
I'm looking for recommendations for a basic site search control or example of creating some code to provide a way for users to search a site I am developing. I'd like to keep it quite simple if possible and ideally want something I can use straight away.
View 4 Replies
Jan 17, 2011
I'm starting to plan an architecture for a big web application, and I wanted to get suggestions and/or recommendations on where to begin and which technologies and/or frameworks to use. The application will be an Intranet-based web site using Windows authentication, running on IIS and using SQL Server and ASP.NET. It'll need to be structured as a main/shell application with sub-applications that are "pluggable" based on some configuration settings.
The main or shell application is to provide the overall user interface structure - header/footer, dynamically built tabs for each available sub-app, and a content area in which the sub-application will be loaded when the user clicks on the sub-application's tab. So, on start-up of the main/shell application, configuration information will be queried from a database, and, based on the user and which of the sub-apps are available, the main or shell app would dynamically build tabs (or buttons or something) as a way to access each individual application. On start-up, the content area will be populated with the "home" sub-app. But, clicking on an sub-app tab will cause the content area to be populated with the sub-app corresponding to the tab.
For example, we're going to have a reports application, a display application, and probably a couple other distinct applications. On startup of the main/shell application, after determining who the user is, the main app will query the database to determine which sub-apps the user can use and build out the UI. Then the user can navigate between available sub-apps and do their work in each. Finally, the entire app and all sub-apps need to be a layered design with presentation, service, business, and data access layers, as well as cross-cutting objects for things such as logging, exception handling, etc.
Anyway, my questions revolve around where to begin to plan something like this application. What technologies/frameworks would work best in developing a solution for this application? MVC? MVP? WCSF? EF? NHibernate? Enterprise Library? Repository Pattern? Others? I know all these technologies/frameworks are not used for the same purpose, but knowing which ones to focus on is a little overwhelming.
Which ones would be the best choice(s) for a solution? Which ones work well together for an end-to-end design? How would one structure the VS project for something like this?
View 1 Replies
May 4, 2010
I'm looking for advice on what .NET user interface components are out there on the market. I have been developing asp.net websites and have mainly been using the Visual studio toolbox build in controls supported by the AjaxcontrolToolkit and the applications have been mainly used inhouse running on our company intranet.
But now a new client wants a much more professional looking, commercial web application and they have a budget for some user components for use in the application. Any recommendations where value for money will be realised.
Interested in components that will integrate well with ASP.NET 3.5 SP1 or even .NET 4.
View 2 Replies
Jan 13, 2011
I'm considering going at this myself because my requirements are particular and highly customized:
The grid is bound to a collection of complicated objects, each of which may contain child and grandchild objects. Depending on data and context, the template'd cells vary from TextBoxes to ComboBoxes to Calendars to a combination of controls.TextBox cells have Google-style auto-complete functionality. Also each TextBox cell can expand into a small TreeView pane that allows hierarchy-navigating selection of a value should auto-complete be insufficient.Values from other controls can be drag-and-dropped into cells.Columns are re-sizable and re-orderable. Clicking their headers sorts data.All of the above is AJAX / client-side / Web 2.0 of course.
Has anyone built anything similar from scratch? Or used an effective tool to accomplish this goal? How well would Telerik meet my specs? Is it right to have the hunch that something this specific is best done by taking a Microsoft GridView and extending it myself?
View 5 Replies
Oct 20, 2010
where he sells paper products, as well as custom posters, banners, and the like. He doesn't have a website, so he's hired me to create one for him, where users can place orders, check the status of their order, etc.Other than his requirements, I'm trying to come up with other common functionalities that I should include in the site; things like a company blog, an admin section containing a simple CMS and error tracking/logging, a contact form, etc. Just common things that would be useful for a business site that he (or even I) might not think of
View 2 Replies
Aug 9, 2010
I am looking for a nice control that allows me to have a shopping cart on my webpage.
Requirements:- Easy to implement. I want to add items into the cart from everywhere. Like
mycart.Add(new CartItem("Name", "Description", Price"))
Implemented shopping cart overview with the ability to delete previous added items.Allows connection to Paypal
(I've already found http://stackoverflow.com/questions/1522832/looking-for-a-lightweight-asp-net-shopping-cart-that-is-paypal-compatible but the posted solution "shopping cart .net" does not seem to fulfill the third requirement, If I'm not mistaken.)
View 2 Replies
Jul 26, 2010
Looking for recommendations for a control which make can do spell checking for various languages.
View 3 Replies
May 30, 2013
I am using VS 2010 login form and aspnet table for user creation and role assignment. Every thing is working excellent.
My concern is that more 200 users will logon on this site simultaneously what will be the effect on performance? how to optimize site speed when more than 200 users will be log on.
View 1 Replies
Mar 17, 2011
I'm developing a CMS for my website.
I need track Users activities in my Cms Admin section (protected by password).
I would like to know:
If is possible add GA (Google Anlytic) code and use it even if the pages where the code is placed are covered by password.
If such use can create secrity vulnerability of any kind. (If is good or bad practice).
How to retrieve easily the statistics from pages in Admin section if the folder for admin is (example: ADMIN) in GA account. They come up like /admin/mypage.aspx??? Or how???
Generally, I would like your opinion about it and if you are using this approch it in your current web application.
View 2 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Jun 3, 2010
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
View 2 Replies
Apr 2, 2013
Error:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
