I have the following authorization settings in my web.config:
[Code]....
This deny's all anonymous access to the application accept the login page. In addition to this I am using authorization within each controller action via a custom authorize attribute.
I have one additional action that I would like to expose publicly in addition to the login page. This action does not have the authorize attribute on it. I have tried to make this view (resetPassword view) public by using the location tag in the web.config file like so:
[Code]....
In the path attribute above I have tried both the view as well as the action path, but it doesnt allow public access to the action.
I have even tried to put this view in a separate folder within the shared folder and put a separate web.config file to make that folder public like so:
[Code]....
None of the above configuration allow me to make this particular action (view) public. Can anyone suggest any other solutions, or what I may be doing wrong in this case?
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.
I have been searching internet in order to secure my connection string in the web.config file and setting the Login controls connection strings in runtime
TEverything about encrypting connection strings works fine on local machine. I can do it programmatically and on aspnet_regiis.exe
My questions are How can I set the connection string to any login control in runtime? How can I encrypt my connection string on my shared hosting ?How can I use aspnet.regiis.exe to encrypt my config file on shared hosting ? How to define the commands ?If I can find a solution to my 1st question, 2nd doesnt matter anymore.
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
I have a db connection string 'ApplicationServices' defined in the connectionString section of web.config and 3 Entity Framework connection strings which have the provider connection string attribute with the same connection string as the one in 'ApplicationServices'. Is there a way to reference connectionString in 'ApplicationServices' for the provider connection string attribute of the EF connection string in the web.config, rather than providing the connection string all over again?
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
I am preparing for an Access2007 db conversion at the beginning of the year and would like to know what the best process would be for connecting to the sqlserver2005 database. I have read about adding the connection string to the web.config file. I have also read about using ADO.NET and put the connection information into a class and not the web.config file.
I would like to hear from others as to what you have used, are using, or plan on using for a webapp (vs2010), and why so I can get an understanding.
in MyWeb there are all the aspx page and some entites datamodel, in MyApp there are the class with function like "getter data from DB" and there is a entity data model.
afeter the deploy, I have only the web.config and the connection string for the entity datamodel....itīs run ok, read/write the data on the DB.
The problem is with MyApp.....after the deploy it is a dll file and I donīt have the app.config and the entity inside it donīt run, not read/write nothing on the DB.
There arenīt error or messager but not read/write the data in the MyApp project.
all run on the iis 7
now...the question is:
I lose the connection string (in app.config) after the deploy?
Can I put a entity in the MyWeb and read it in another project (myApp)?
I added a database to my project. When I did so an app.config file was added to my project. (Yes I know I have dangerous info in the connection string. I shall change that but for now I am messing around with test stuff.)
I did a google search on how to get the connection string value and found. string sConn = ConfigurationSettings.AppSettings["ConnectionString"]; I am getting a warning that this is obsolete. It has been replaced by ConfigurationManager.AppSettings. Ok Fine. According to the docs, it is also in System.Confiuguration which I already have a using statement for above. But when I attempt to use it, it is not part of the assembly.
I have been preparing for a conversion of an old application to an ASP.NET webapplication at beginning of the year. Generally, the development version of the webapp will also be the webapp that goes into production. We here make "clones" of the database server, assign new name, etc, which is then used for development, training, and so on without any threat of changing data on the real db (sql server 2005). I know it is possible to have more then one connection string in the web.config. My question centers around if there is a simple method for allow multiple connection strings and pick the one that is to be used for dev, production, training, and so on? I originally thought about constructing some type of admin form that the connection string can be selected from.
I have an app that is a bit old and will eventiall be rewritten but until I get the time it needs to continue to be patched. THe app is desgined broken into three layers (Web, DAL, BLL) The web site uses the DAL.DLL and BLL.DLL and the Website has some dataaccess and the sonnection string is saved in the web.config. For the DAL it is stored in the app.settings. Is there a way for the DAL to use the connection string that is stored in the Web.config even thought it is in DLL for the production site?
I am doing a web project in asp.net. Now I am trying to keep each connection string for each user. And the user can decide which server he prefer. How to change this dynamically and where can I store this?. I happen heard about machine.config .Unfortunately i am not familiar with this. Can you just tell what it is and it's use.
I want to encrypt the connection string in web.config, the problem is each time a developer changes the connection string in web.config and publishes, it needs to be encrypted every time in the web server. Is there any way that the connection string can encrypted automatically every time someone publishes it?
Note :- All of us work on our local machines other than the server. So encryption using local machine key is not an option.
I am having trouble connecting to a ms sql database on the server. The hosting company said that the .sql file was imported successfully, but when I try to use the 'login' or 'create account' features im getting an error page saying:
Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. make sure the user has a local user profile on the computer. The connection will be closed.
I am sure all the connection info is correct so it is really frustrating trying to work the problem. I have listed the connection string in my web.config file to see if anyone can see anything wrong with it.