I have a Windows 2008 Server IIS7 running ASP.NET 3.5 SP1 and ASP.NET 4.0 in Medium Trust. I am trying to execute System.IO.Directory.CreateDirectory method. It works fine with ASP.NET 4.0 but under ASP.NET 3.5 SP1 I get : SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib. What is going on ? Is this an ASP.NET 2.0 (3.5 SP1) bug ?
View 5 RepliesThere appears to be a recent issue with how CreateDirectory resolves FileIOPermission that is causing issues on our server.
Reading through some similar posts on the issue there is a lot of misinformation being given out, so I am hoping to get some kind of clarification.
Given the following setup:
1. Windows Server 2003 SP2 running IIS6 with latest version of .NET Framework 3.5 SP1 fully patched
2. A web site created under IIS6 running under Medium Trust and with the Network Service user being given Full Control over the virtual directory.
3. Running System.IO.Directory.CreateDirectory with the following code:
System.IO.Directory.CreateDirectory(Server.MapPath("~/testfolder"))
4. Fails with:
[Code]....
It appears CreateDirectory is breaking the permissions somehow, as the medium trust rules are as follows:
<IPermission version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>
These rules all point to being able to create directories within the virtual directory/application folder. In fact I am certain this has worked in the past, but recently has stopped working.
Note that this is not an NTFS permissions issue, files can be written,read and deleted in the virtual directory, only CreateDirectory is restricted somehow.
So what is going on, has a recent security update changed this functionality so that Medium Trust no longer has the ability to create directories?
I have created a C# registration page that includes a secret question and answer. The secret questions are in a dropdown list. When the form is submitted, all field information gets written to my mssql database successfully but the value selected in the dropdown ListItem gets NULL inserted instead of the question.
What am I missing? Here is my code.
[Code]....
well i designed a simple login form which checks the user and password with sql server
but now i want to make it a little bit more secured
basically i want if a user attempts wrong password with more then 3 /5 times.
his id or username should be locked(which i will be running a update procedure) or he must be redirect to denied.htm
and one more thing he should be able to get only n only 3/5 attempts whether he opens firefox browser, internet explorer ,safari,google chrome or any other browser
we would like to redirect the user to a given page if the authentication to our SharePoint site fails (i.e. the standard windows login prompt pops up three times - we are using windows authentication). No matter what option we try it always ends up bringing the user back to a blank page.
We have tried writing a HttpModule (and catch the if Response.StatusCode = 401), which doesn't seem to fire any events if the user is not authenticated. We have tried writing a HttpHandler, but of course we can redirect the user if there is an error code but can't continue onto the desired site if not. We have tried doing the following in the web.config:
<customErrors mode="Off">
<error statusCode="401" redirect="http://social.msdn.microsoft.com"/>
</customErrors>
Which doesn't work, again taking us to a blank page.
i intent to prevent user to login after 3 fails. After that, system said the user have to wait about 20 minutes.
How the best approach to do that?
I am in the process of designing application in case user authentication if failed i need to redirect to default page (NT Authentication). Is there any way you can redirect the user on IIS if the user is fail go through the NT authenticaiton at IIS level.Options 1 : Always land the user to defalut page and validate there and redirect to site based on the access give the directory level access. I am looking if there any options to let the user to default page in case user access is denied.
View 4 Replies"How to: Customize the ASP.NET CreateUserWizard Control" [URL]
In the final example, a wizard step, "CreateUserWizardStep0", is used to validate the username as unique before proceeding to the createwizardstep that collects the remainder of the user's registration information. In order to keep the user from changing this username on the next screen I have set the textbox for username to ReadOnly=true. However, this changes causes the registration to fail without ever executing the method "CreateUserWizard1_CreatedUser."
I have a website that requires users to login, but I am having problems when authenticating a users.I create a user which works fine, I then test the login on the development machine and everything works fine the user is logged in.But if a try to login the user in via the live website (same database) I get errors stating that the login attempt has failed.I don't understand why it would work on the development machine but won't work with the live version of the website.
View 5 RepliesTo me this should be much easier, but I can't seem to retain the values that are put in the Insert template upon a validation failure or when the sql fails. This will prevent the user from having to retype everything agin in the event of a failure.
As you can see I am using the Sub Insert_Click and not using an insert through the wizard. so the fields are unbound textboxes on the form. There are 2 dropdowns that provide choices for the other fields.
I pasted in the code using the text only option becuase the format was getting messed up. I probably need more background on why the fields are blanking out.
[code]....
I created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
While running an app from the server where it is deployed the website works fine, however when trying to access it from a different machine(placed in same network), using the same credentials, it shows that I am not an authenticated user.
[code]....
I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:
Web.config (root):
[Code]....
Web.config (Member directory):
[Code]....
Login.aspx:
[Code]....
Global.asax:
[Code]....
Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue?
In my project i'm using the concept of impersonation to implement "File Upload functionality".i.e.
to save the file uploaded to a network share.This n/w share is accessible to an application id only.So i'm impersonating with that user id when uploading a file. I'm importing "advapi32.dll" and using the LOGONUSERA method of that dll to validate the user and get the token for that userid and then impersonate using the Token returned. THis approach is working fine in the development environment but LOGONUSERA always fails in TEST and PRODUCTION environments. It always return "0" which means user id is invalid and the token is zero hence i cannot impersonate. Is it something related to accessing the dll in other environments? Any suggestions to resolve this issue will be a great helpp for us. We are hung with this issue for the past 5 days.
I am attempting to create a user programatically with Email as the username. My code calls one of the CreateUser overloads, passing only Username, Password and Email. It consistently fails with a status of MembershipCreateStatus.InvalidAnswer. How can this be? I'm not even passing it a security question or answer.
[Code]....
Just to describe the scenario. I have a website. This lives on a webserver. On that webserver is an SQL server. The website connects to this database using windows authentication. I have written a windows form application that connects to the SQL Server on the webserver. This application is being run from a location on out intranet. The Winform application use SQL authentication to connect to the database. The SQL Server didn't have mix mode authentication enabled. So I enabled it. The winform application could now connect to the SQL Server.
This is where it starts getting a little strange.
The Website that was already connecting find using integrated authentication starts failing with:
Login failed for user 'NT AUTHORITYNETWORK SERVICE'
When you are enabling mixed mode authentication, you are adding another authentication method, why would the original Windows authentication fail?
In IIS I have a virtual directory with only windows authentication enabled. From Javascript I call into a ASMX webservice. From the ASMX webservice I make a call to the SharePoint Search.asmx Webservice. whatever I try I keep getting the followin gerror message:
"The request failed with HTTP status 401: Unauthorized"
I use the following code to call the SharePoint webservice
[Code]....
My web.config settings are:
[Code]....
The Sharepoint farm is configured to use NTLM authentication.
Strangely everything works when I am testing in Visual Studio using the builtin webservice, but when I deply to my local IIS or Test Server it breaks.
I am having problems getting the security.aspx to load up on my primary development computer which is using Windows 7 Ultimate and Windows IE 8. Clicking on the ASP.NET Configuration icon from the IDE in the Solution Explorer within Visual Web Developer 2008 Express Edition loads up default.aspx with no problem. But when I click on the "Security" hyperlink to access "security.aspx" I get a message along the lines of "The configured SQL data source provider is not properly configured". It goes on to state a list of potential reasons for this problem. One that includes not having the proper credentials or permissions. Im almost 100% sure it has something to do with permissions because I can't even get to the "security.aspx" page from opening a new empty project. I have recently installed Visual Web Developer 2008 Express Edition on my laptop which is running Vista with all latest updates and this issue does "not" exists. I can click the "ASP.NET" icon, load up "default.aspx" and click "Security" and it loads the page with absolutely no issues.
I have discovered a weird workaround but I don't like having to do this. If I add the following lines to my "web.config" file from any given project I can get to the "security.aspx" page without getting any SQL messages about improper configuration or permissions.
<<remove "LocalSqlServer">
<add
name="LocalSqlServer"
connectionString="data
source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
Basically, what I have to do to get to the security page to load without error is add a remove statement and then I just cut'n'paste almost the exact same connectionString from machine.config in the Microsoft.netFrameWorkV2.0.5027config directory. This does away with the "Improperly configured SQL datasource message" and gets me a new error message along the lines of "Could not create a SQL instance". My memory is fuzzy on exact error messages since Im not at development computer right now. However, when I change the User Instance attribute from true to false, then I have success at last.
I've been trying to set a STS project in my solution following these steps on Channel 9. Right after hitting "Finish", I get an exception saying: The system cannot find the file specified. (Exception from HRESULT: 0x80070002). After installing, uninstalling, rebooting, and so on, I still get the error.
My OS is Windows 7 Enterprise x64, both Visual Studio 2010 and Visual Web Developer 2010 Express are installed in my machine, the WIF SDK 4, the runtime 6.1 and the Identity Training Kit from January 2011.
We have a web application that makes a call to a remotely hosted ASMX service that worked in Server 2003 under IIS6. We are now migrating it to a Server 2008/IIS 7 setup and it doesn't appear that the application makes the call to the remote web service anymore. We ran Wireshark and don't see any traffic to the service URL. It seems to throw a 404 error without trying to connect.
Is there some security policy or restriction in Server 2008 or IIS 7 we need to set to allow an ASP.NET application make a call to a remote web service? We are using Network Service as our application pool user, but also tried using Local System as a troubleshooting step. In addition, the same code works if run from a console application on the server instead of the web application.
Is there some setting under IIS7 or server 2008 that would be causing this?
I have a simple WCF service that retrieves some data from the DB. When I host the service on local serviceHost everything works fine, but when I host the same service on local IIS (7.5 - windows 7) I get this exception: The Undelying provider failed on open.
I have some logging services inside the service and I found out that this exception occures only when the service calls some DB service (not one particular, any DB service). The strange thing is that when the service is not hosted on IIS this same DB call works fine.
Things I've done: enabled ASP.NET impersonation on the IIS server -> didn't help.
Another thing : I'm using sql server 2008 express.
The following message appears in our log:The control tree into which viewstate is being loaded must match the control tree that was used to save viewstate during the previous request. For example, when adding controls dynamically, the controls added during a post-back must match the type and position of the controls added during the initial request. alot has been written about this subject. However, I cannot reproduce this behavior, and I only find a couple thousand errors per day in the logs; so it's probably isn't that obvious.
The page in question has an UpdatePanel and loads one of three usercontrols depending on the querystring.Is there any known issue with some clients, or any other possible explanation?
We are using RDLC's in a Asp.net web application. For reasons beyond our understanding, the first call to the database server fails with the following error:
An error has occurred during report processing. Cannot open database "TryParkingIt2" requested by the login. The login failed. Login failed for user 'EXTRANETOurServerNameHere$'.
Run the report again, it works.
Update Click the button the first time, it fails. Click the button again, it works. The account being impersonated is a domain account. Also, this error occurs on all five different report pages, which is why I didn't include any code.
I am using MVC 2 Model Validation together withLocalization. For some strange reason, everything works fine except for one translation, namely the word "Password". It should change into "Wachtwoord", the Dutch term, but it doesn't. I checked everything and I can't find what's wrong.So, there's the AccountModels.cs file, containing the class RegisterModel (which is the basis for the view file and validation). It looks like this:
[Code]....
Obviously, there is also a Names.resx file which contains all the aforementioned "LocalizedDisplayName" elements:The Register.aspx file reads from this model:
[Code]....
The HTML output is like:As you can see, everything gets translated correctly, except for "Password".
Here is the code first :
Const localFile As String = "C:file.bin"