Security :: Access HttpApplication Cache From Different Application / Domain?
Sep 18, 2010
How can I access the cache of one web application/domain from another web application/domain?Here is my scenario. I need to verify/check the existence of a certain object in one web application/domain's cache from another web application/domain.
Im working on an application that has a login section that accepts a username and password. On successful login a userid is returned and encrypted with TripleDesKey. The user details are then stored in a session object. We already have a class library that performs encryption and decryption using a key in the web.config file. I basically want to be able to access the user details of the currently logged in user in a page accessed from the main site that may be in a different domain, but is effectively part of the same site, so I wont have access to the session object from the main site. so basically a user logs in, I have the user details stored in a session object, I also have access to the encrypted userid also in a session object. If a user then clicks a link to another page that is in a different domain, how do I persist the userID?
I suppose I could I tag the encrypted userid to the querystring, but security could be an issue here (even though the id is encrypted, someone could still modify it)
Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
Server A exists on domain A and server B exists on domain B. From server A I need to output file names that exist on shared folder on server B. I tried the following with no success (Access denied error):
DirectoryInfo dir = new DirectoryInfo(@"\serversharedFolder");
After some Googling I found that I need to use personlization to impersonate an existing user on Server B that has access to that shared folder. I used a C# personlization class as explained on codeproject (http://www.codeproject.com/KB/cs/cpimpersonation1.aspx). I supply the domain, the user, and the password and hope to get access to the shared folder BUT the error I see now is"Login failure: unknown user or bad password".
I am 100% sure that the domain, user, and password I supplied are correct. When trying to access the share via windows explorer from server A I am prompted for a username and password. After entering domainusername and the password I have access to the folder. So I know that the credentials I supplied are correct.
Am I going about this the right way? I have full access to server A and B so maybe there is an easier way to accomplish my goal.
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
I'm working on an ASP.NET application that accesses Team Foundation Server 2010 and creates new work items. The application is running in the DefaultAppPool, using NetworkService as the identity. I'm getting the error below:
[UnauthorizedAccessException: Access to the path 'Cachev10' is denied.]
[code]....
We were able to work around the issue by turning the Cache folder into a network share and giving NetworkService full access to the share. I'd prefer not to have to do this, but it seems to be working correctly now.
i would like to be able to do is to, lets say i have 10 users running a web application , how can i get the names of all these users. There names , logon times and any other info availabel.
i would like to get this data into a dataset and just bind to a gridview .
I have no problem accessing these variables form .ascx.cs or .aspx.cs file -- ie. files that are part of the Web content. However, I can't seem to access 'Application' from basic class objects (ie. standalone .cs files). I read somewhere to use a slight variations in .cs files, as follows, but it always comes throws an exception when in use:
I want to be able to maintain certain objects between application restarts.
To do that, I want to write specific cached items out to disk in Global.asax Application_End() function and re-load them back on Application_Start().
I currently have a cache helper class, which uses the following method to return the cached value:
return HttpContext.Current.Cache[key];
Problem: during Application_End(), HttpContext.Current is null since there is no web request (it's an automated cleanup procedure) - therefore, I cannot access .Cache[] to retrieve any of the items to save to disk.
Question: how can I access the cache items during Application_End()?
Does anyone have a clue why setting the Principal for the context would be so slow that a request times out? I have a custom HttpModule that subscribes to the "AuthenticateRequest" event. I have this call which works fine to create the Principal (which makes all the DB queries)
[Code]....
where context.User is source.Context.User where source is the HttpApplication.
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
Im building a image gallery which reads file from disk, create thumbnails on the fly and present them to the user. This works good, except the processing takes a bit time.
I then decided to cache the processed images using the ASP .NET Application Cache. When a image is processed I add the byte[] stream to the cache. As far as I know this is beeing saved into the system memory. And this is working perfect, the loading of the page is much faster.
My question is if there are thousands of images which gets cached in the Application Cache, will that affect the server performance in any way?
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp). I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
I am using Visual Studio 2008 Pro SP1. Every time I try to access the security tab in Web Application Administration Tools I get this message:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may in diagnosing the problem: Unable to connect to SQL Server database.
I am trying to find a good pattern to use for user access validation.
Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent.
When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately.
However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages.
I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly.
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx this tells me to add a domin attribute like below <forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/> but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
During Application_End() in Global.aspx, HttpContext.Current is null. I still want to be able to access cache - it's in memory, so want to see if I can reference it somehow to save bits to disk.
Question - is there a way to reference cache in memory somehow when HttpContext.Current is null?
Perhaps I could create a global static variable that would store pointer to cache that I could update on HTTP requests (pseudo: "static <pointer X>" = HttpRequest.Current) and retrieve a reference to cache through that pointer in Application_End()?
Is there a better way to access Cache in memory when there is no Http Request is made?