I have locked a set of administration pages on a website using the PrincipalPermission syntax ie:
<PrincipalPermission(SecurityAction.Demand, Role:=RoleBLL.ROLE_NAME_ADMINISTRATOR)>
Possible Duplicate: Best practices for exception management in JAVA or C# I am using class libraries and I try to put maximum code in class libraries so that it can be reused in other projects.Please advice me where I should put try catch blocks in class library functions or in front end forms (aspx pages) ?
View 3 RepliesI got the error
System.Security.SecurityException: Request failed.
when i use project dll in my code.
I'm getting the error
"System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."
When trying to access my simply aspx form on our local network. It works fine when debugging using Microsoft Visual studio 2008 however, when I deploy the aspx form on IIS 7.0 I get the error above. The form was working fine until I added a ajax calendar extender. I've also reviewed other posts relating to this one, such as changing<trust level="Full"> with no avail. I have listed a portion of my web.config file below.
<system.web>
<trust level="Full" originUrl=""/>
<compilation debug="false">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
[Code]....
I am trying to implement the Ajax HtmlEditor into my application. I currently am using a regular TextBox to load and save some data to some EMail template files and had to do some work-arounds to get it to accept the HTML Input. I am trying to upgrade it to use the Editor, but as soon as I insert the Editor and do a PostBack, I receive the Security Exception below. There is absolutely no change to the code-behind, so I don't understand the issue. There is so little on Google for the Version 3.5 Editor that I'm stumped. I have Debugging enabled, but it won't give me the Soruce Error either.
Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error:
[Code]....
:: REMOVED FOR SIMPLICITY :: Stack Trace:
[Code]....
I have wcf web service, I works fine on my local machine,but when I move it to live then it throws following error
System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
I have an ASP.NET application that was working fine on my server up until last night when I installed a bunch of windows updates, now it's throwing this exception : System.Security.SecurityException: Requested registry access is not allowed.Unfortunately there is some things that makes this hard to debug. I added the debug="true" attribute to the web.config file to get the line where the exception is lauched. The line identified in my code is an End If and the code just before seems benign :
<body id="body" runat="server">
<div class="conteneur-confirmation">
<%
[code]...
in my web project i got an error that i couldnt find any solution. the error says: System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. when i work in local there were no problem i put files to our server and i changed the database also. when i work in server in web application in Default.aspx i can connect db and get values without any problem using my DataLibrary
BUT the problem in my web service i also use my DataLibrary in webservice but when i try to run a method in web service it gives me the error which is : System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
my new db connection is
strConnectionString = "Data Source=OURSERVERNAME\SQLEXPRESS;Initial Catalog=DoveTR;Persist Security Info=True;User ID=sa;Password=123456789;Pooling=True";
In a CreateUserWizard there are 2 dropdownlist to set the country and city of a new user. Where and how can those dropdownlists be assigned datasources from datareader, refreshed and accessed in codebehind for interaction between country and city? I tried but keep getting errors saying control not found. Is it impossible to do codebehind events with CreateUserWizard?
View 3 RepliesHow should one handle the situation where you may need to filter by a group of users.
Here is the scenario.
I have an administrator role in my company. I should be able to see all the data belonging to me plus all the other users who I have control over.
A plain old user however should only be able to access their own data.
If you are writing regular sql statements then you can have a security table with every user and who they have access too but i'm not sure how to handle this situation in the OO and ORM world.
Any one dealt with this scenario in a web application using an ORM?
I am using the standard createuser wizard (but got same issue with other wizard) and in the CreatedUser event an exception is raised causing the wizard not to reach the next step. If no exception are raised the wizard behave as expected. I have tried to force the wizard to move to the next step using CreateNewMember.MoveTo(this.CompleteWizardStep1); as an exemple but still the web page is in waiting stage for about 5 to 10 mins before it finally reach the final step. I have tried to deal with the exception in the routine it occured or throw it back to the CreatedUser event and deal with it there but nothing changes as of to the move to the next step in the wizard.
View 16 RepliesI have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.
The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.
Currently i have membership and roles setup on my site. Now what is my next step to get more specific control.
Based on what i hav now, i have my pages setup so they are visible or not and links not visible and so on. But now on a more detailed level, say im setup as a user. As a user my default permissions is just to view data.. no editing. But say someone was let go, now instead of granting me full access to everything, i need to be able to go in and provide more permissions to the account.
Example:
Admins:
Add Users
Modify Users
Delete Users
Users:
View Users Detail (only the person that is logged in)
Since the the user that was let go was an admin. They had all the other options, but as a temporary thing, we need to be able to add say permission "Add Users" to the individual user account.
To accomplish this type of control, what do i need to look at to accomplish such a setup?
I've an ASCX control (WebParts aren't used in this solution) which interrogates CMS 4's data via the API provided by Microsoft.Crm.Sdk and Microsoft.Crm.SdkTypeProxy.The solution works until it's deployed to Sharepoint.
Initially I received the following error:
[SecurityException: That assembly does not allow partially trusted callers.]
MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
Then I tried wrapping the calling code in the ASCX with SPSecurity.RunWithElevatedPrivileges:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// FBA user may not exist yet or require refreshing
MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});
But this resulted in the following error (I'm thinking RunWithElevatedPrivileges isn't for this sort of thing anyway, but someone [SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission,Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
When I elevate the trust level in the Sharepoint site to full everything works fine, however I need to come up with a solution that uses minimal trust (or a customised minimal trust). I'm also trying to stay clear of adding anything to the GAC.I assume the issue is occuring when trying to call functionality from Microsoft.Crm.*
I have an actionlessform class that is giving me issues in Medium Trust. I have narrowed down what the cause is.
Here is the class:
[Code]....
The bolded line is where the problem lies. Specifically if I remove "BindingFlags.NonPublic" it will work in medium trust.
I just created a small site with form authentication with route handling. Without forms authentication, the pages route just fine. With forms, it returns back to the login page as it is not one of my allowed locations specified in my web.config file.
I know I probably need to write a custom route handler. Does anyone have an example I can follow for this?
What is the common practice of input validation? In other words do you check for input validation on client-side, on server-side or on both sides?
Also, if performance is crucial to me, would just the client-side input validation be sufficient for my website without presenting any security risks?
I have a web application where users can upload the photo. I do have a windows service running which takes the uploaded photo and crops it to different sizes. This runs in a specified interval. Photo will be visible to the user once after it's cropped. So once user uploads the photo and photo cropper has not yet run, they wont be able to see the photo. Due to this behaviour user thinks that there was some error uploading the photo and they will upload it again and again.
where the photocropper runs immediately when the user uploads the photos which is queued.
I am using asp.net & C#.
I'm about to begin an ASP.NET MVC project and I'm not sure how to approach an aspect of the design. Basically, there is a user site and an admin site. In the admin sites, administartors design a form and send an e-mail link out to a handful of people. When the users click on the link, they are sent to the form.
Essentially what I'm wondering is what are the best practices when the model resembles looks more like a dictionary than a table?
In other words, instead of:
CREATE TABLE FormResponse (ResponseId, FormId, UserId, FirstName, LastName, BirthDay, Comments)
...containing 1 row per complete response
It's more like:
CREATE TABLE FormResponse (ResponseId, FormId, UserId, QuestionId, Value)
...containing 4 rows. 1 for the FirstName, 1 for the LastName, 1 for the BirthDay, and 1 for Comments.
I'm very new to MVC (just started 2 days ago), and I would like to know what the best practice is for outputing HTML.
I have a model named Tools.cs which contains the code below. It uses a stored procedure to return a recordset of menu items, and another to return a second level of menus for each first level menu. In another function, I then loop through the recordset and generate the HTML code to display the menu in a string, which is then returned.
I then have a controller MenuController.cs which calls the GetMenu method and puts the returned HTML string in the ViewData["RightMenu"].
I then have a view which displays the result.
My question is: would it be better practice to return my datareader to the controller into ViewData["RightMenu"], and then loop through it and construct my HTML in the View instead?How would I get that to work with that second level of menus?[Code]....
For WPF, there's the Microsoft Patterns & Practices's Prism project.
Prism provides guidance designed to you more easily design and build rich, flexible, and easy-to-maintain
Windows Presentation Foundation (WPF) desktop applications, Silverlight Rich Internet Applications (RIAs), and Windows Phone 7 applications I was wondering whether a similar project (reference implementation) intended for software developers building WCF applications exists.
In our main internal project (a .Net WinForms rich client app), we don't talk directly with the database but instead fetch and update data with ASP.Net web-services that we also control. Our current setup is giving us some bottlenecks. For a new smallish project, we want to try WCF. Objective question: Where do I find a not-too-basic WCF reference project?
In my experience building web applications, I've always used a n-tier approach. A DAL that gets data from the db and populates the objects, and BLL that gets objects from the DAL and performs any business logic required on them, and the website that gets it's display data from the BLL.I've recently started learning LINQ, and most of the examples show the queries occurring right from the Web Application code-behinds(it's possible that I've only seen overly simplified examples). In the n-tier architectures, this was always seen as a big no-no.I'm a bit unsure of how to architect a new Web Application.
View 2 RepliesAll too often I find myself being required to design pages that flow through a series of steps. 1) Select from a set of options. Submit.2) Populate a page with results. Make changes. Submit.3) Do something based on the previous results. Submit.4) Confirm previous actions. Submit.5) Goto 1.An ecommerce site with shopping cart would be a textbook example of this.Now, there are any number of ways to deal with this. My question is, what is the recommended way to do it in asp.net? In PHP or ISAPI I would just use standard html controls, get the post data and do stuff with it, each on a different page
View 3 RepliesWe are working on a project which has lots of routes that can be changed on-the-fly or new routes can be added dynamically. What are the best practices about managing lots of routes and adding routes on-the-fly without recompiling? Reading-Writing from-to database or from Xml Document in Application_Start?
View 4 RepliesHere is the code of my Repository class:You see, I use singleton here. Also you see, there is a data context as class variable of Repository class.The main reason to use singleton here is a wish to avoid using 'using(NorthwindEntities context = new NorthwindEntities())' in every function.
[Code]....
This Repository is used in ASP.NET application. So only instance of NorthwindEntities (context) is used everywhere and that's why I never dispose it.So my question is: Won't this code cause connections to the DB that are not closed?
