Security :: Exceptions While Doing AD Related Activity?
Jun 8, 2010
i am not sure to which head does this problem belongs ....but this seems to be a security issue to me..I am writing this post after googling aroung for 2-3 days..Frown but still can't find any resolution to my problems. Let me describe my problem:-
I have created a website which does the following tasks:
1) Creates a user
2)Enables/Disables users
3)Delete users
4)Unlocks users
5)Reset password of a user
in Active Directory.
I have used impersonation in my application which uses the admin credentials to perform above tasks.When i run this application in debug mode through Visual Studio 2005 ,all the tasks are performed successfully .Now comes the deadly exceptions i am facing after publishing the website and hosting it on IIS. Task 2 & 3 are still working fine and i can enable/disable and delete user from AD even after hosting website but the problem comes in
Resettind password
Exception Details:-Exception has been thrown by the target of an invocation. || Trace: at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
at ADHelper.ResetPassword(String currentDomain, String userToResetPwd, String newPassword) in e:New ProjectAD [code]...
View 3 Replies
Similar Messages:
Jun 7, 2010
I want to know that is that the value of last activity date in aspnet_users table is changed when user is logoff from the application.
View 3 Replies
Apr 9, 2010
i have an administrators page that gets a list of the users that are members of my site and i want to display their profile each time i clikc on the user name.
In order to do so, i use the following code:
[Code]....
This way, the last activity date is updated and the IsUserLogedOn property is set to true, without the user actually enter the application (since it is a calculated value that depends on the last activity date). As a result, each time i click a user name to view his profile, the user seems to be loged in.
View 2 Replies
May 19, 2010
I have this web application built. I am using windows authentication for this application. I have to log all the user activity as wells as site activity in this application. I have the below mentioned class established to log some activity regarding the user to an SQL server database table..
[code]....
I would still need to log many other items regarding the user and also the site, like the time spent by the user on the site, no: of currently logged in users on the site. Can anyone here suggest me as to how do I capture those items?? let me know if I am going in the right direction too.....?? If you can provide me with some links on this "user activity logging for windows authenticated applications".
View 3 Replies
Jan 26, 2010
I'm building the standard 3-tier ASP.NET web application but I'm struggling as to where to do certain things - specifically handling exceptions.
I've tried to have a look around on the web for some examples but can't find any which go as far as a whole project showing how everything links together.
In my data-tier I'm connecting to SQL Server and doing some stuff. I know I need to catch exceptions that could be raised as a result but I'm not sure where to do it.
From what I've read I should be doing it in the UI tier but in that case I'm not sure how to ensure that the connection to the database is closed. Is anyone able to clarify how to do this? Also if anyone knows as to where I could find an example 3-tier web application that follows best practices that would be great too.
View 4 Replies
Feb 28, 2011
I have a simple method that is secured
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void lnkClearCache_Click(object sender, EventArgs e)
{
}
If this is clicked without the role, it generates a System.Security.SecurityException: Request for principal permission failed. as expected.
I use ELMAH to handle logging for my errors, and I have a custom ELMAH event in my global.asax to transfer to the error pages in ways that preserve status codes which works correctly.
[Code]....
This works all well and fine and redirects to my error page which works properly, however instead of displaying the content as expected. I immediately get a second request for the error page but this time using the value of customErrorsSection.DefaultRedirect that does not come from my code in any way that I can see.
As far as I can tell it's almost as if when .NET raises an exception for PrincipalPermission and then lets the entire request complete, then after the request is complete it throws away the application response and instead responds with the default custom error.
When I'm debugging I do break on 2 separate exceptions for PrincipalPermission, whether this is a just a rethrow by .NET I'm not sure but my .NET code never sees the 2nd throw, nor does ELMAH. I always end up with a single response, single error logged, but that the url that finally renders to the browser is the default url and not 403 url that I specifically server.transferred to. If I browse to a /location that is secure I properly get the 403 error page.
View 1 Replies
Oct 30, 2010
I'm trying to improve my password change function in my app that allows members to change their passwords. I do have some password rules e.g. min 7 characters, etc.
There's a nice MembershipCreateStatus enumeration in the framework for creating new members. Is there a similar tool for catching password exceptions where the user's newly selected password doesn't match the rules?
View 3 Replies
Dec 9, 2010
We have a asp.net application and want to implement logging. The first idea was to use the Application_Error method in the global.asax file.
The problem is that ASP.NET very often seem to throw exceptions internally that are not caused by the application and which seem not to interfer with the users normal workflow. For example we often get HTTPExceptions, UnauthorizedAccessExceptions and others caught in this method, although there is no real error in the application.
View 2 Replies
Feb 16, 2011
After running the aspnet_regsql.exe tool, i notice a bunch of different tables pertaining to the ASPNET security (e.g. aspnet_Applications, aspnet_Membership, aspnet_Paths, aspnet_Personalations, aspnet_Profile, aspnet_Roles, aspnet_SchemaVersion, aspnet_Users, aspnet_UsersInRoles). Do the different providers (AspNetSqlMembershipProvider, AspNetSqlProfileProvider, AspNetSQLRoleProvider) relate or associated with certain aspnet_xyz tables? I imagine the AspNetSQLProfileProvider is responsible for the aspnet_Profile table correct? The AspNetSQLRoleProvider probably is tied to the aspnet_Users, aspnet_Roles, aspnet_UsersInRoles table? Any links documenting the relationship between teh providers and the aspnet_xyz tables?
View 1 Replies
Mar 21, 2010
I've created a membership system based on asp.net 2. There are other tables that store user information, such as emails sent etc. I've created a users table based on the TableProfileProvider. My question is concerning deleting the member
Is it OK to delete the member from the aspnet_membership table and roles related tables using Membership.DeleteUser, though keep all the custom tables and the information including the information in the Users table created by the TableProfileProvider? or can you foresee problems?
View 1 Replies
Nov 30, 2010
I'm using default ASP.NET user controls and SQL user provider. How can I log somewhere when users login to web and when logout? Is there some tricks for it or just write to some .log file manually each time after user login. (Also , how can I check user IP adress?)
View 2 Replies
Feb 24, 2011
I am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
View 1 Replies
Sep 20, 2010
I have an ASP.NET WebForms page with forms authentication. When users create a login, I use 'remember me' to create the authentication cookie.
What I now want to do is check the time of their last access. But LastLogin time is updated only when the user uses the login control (which they don't need to use when they have the authentication cookie on their machine), and LastActivity control is updated before any of my code runs.
It looks like the only way I can do this is to hook into the application event Application_AuthenticateRequest - right? Or is there some better way to do this?
View 2 Replies
Jan 16, 2011
I am running my application locally -- ie. No external traffic and very low number of queries, fully under my control. I see tons of 'Audit Login' and 'Audit Logout' events. What are these and where are they actually stored (ie. Where is this audit log)? Are these a hint of a problem with connections, because I have only a simple connection string within my app and thought that connections would remain active throughout the operation of my app (ie. a single login at launch, and then a single logout when terminating).
View 2 Replies
May 8, 2010
I need to display current status of a document approval workflow task in asp.net web page with a specific activity highlighted.
I have seen the Visual workflow tracker example (in wf & wcf samples) but I have two issues,
I have to render workflow in asp.net not in a WPF app. I don't need to display current status with workflow running, all activities that need to be highlighted are the ones that require user input. e.g. "waiting for approval from department head" etc.
If I could just convert the workflow XAML to JPG after highlighting a specific activity by activity id "that created a bookmark and waiting for resumption the bookmark" it would do the work.
check the attached file for required workflow image to be rendered on asp.net page:
Workflow with current activity highlighted (that is waiting to be resumed)
View 1 Replies
Apr 1, 2010
Im working on my first ASPX webpage now, and Im wondering if there is some way to make a cache?
With a cache, I mean a list of variables that gets transferred from a db to for insance a hashtable the first time a user loads the page. When the next user loads the page, the db doesent get touched, but the variable is collected from the hashtable.
I tried to make a static class, but it re-loaded for each time I refreshed the page.
View 8 Replies
Jan 22, 2011
I am running a Access Database and I have a Intranet site, Administrators can post News to a table in the Access database and Intranet users can see the news when they go to the Intranet site.
Any important/companie news is posted to the Front page and the user can access the news vie a link.
BUT;
if there are more than one post when the user clicks on the link they can only read the first post.
When they click on the 2nd link the first post opens but the Activity ID from my table in access changes!
The Activity Id changes but the page content does not, I am using form view on the Activitydetails2.aspx to view the news table
View 3 Replies
Jun 24, 2010
I have created a web user control called Activity. I have defined a public-facing event on that web user control called OnActivityDelete. There is a delete button in the Activity control. When the delete button is clicked, the Activity control fires the OnActivityDelete event. I am using this web user control in a repeater. I assign an event handler to the OnActivityDelete event on the repeater's item data bound event. When I click the delete button for the Activity control, the event fires from the Activity control, but it never hits the event handler in the page that's using the control. (I have stepped into the code with the debugger and confirmed this behavior).
My suspicion is that this behavior has something to do with the fact that the event handlers are added in code behind when I bind the repeater to a datasource, which I only do if the page is not posting back.Is it possible to define the event handler for the Activity control in the markup of the aspx page? If so, will this solve my problem?If not, do I have to bind the repeater and hook up to the events every page load in order to solve my problem (this works, I just tested it), or is there some viewstate trick to getting the events to persist? Markup of Repeater on page:
<asp:Repeater ID="rptrActivites" runat="server" EnableViewState="true">
<ItemTemplate>
<div class="activity">[code]...
Page's code behind:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
If Not Page.IsPostBack Then
GetActivities() [code]....
View 1 Replies
Nov 21, 2010
I have the following attributes in my table
[code]....
how do I create sql query to find out the number of times participant A took part in the club activity?
View 3 Replies
Nov 8, 2013
I want to make box where recent activity might be display in moving way from lower to upper.
View 1 Replies
May 7, 2015
Nowadays having activity logs of the system is needed for history and if someone who is trying to mess your site, it is easily to define who is it and when it happen. And even Facebook have it.
View 1 Replies
Jan 21, 2010
How should I log exceptions? I never tried logging in .NET before. Nor try to dump exceptions to a txt (or binary) file. I dont require a text file, just a way to view the logs with the file and line #.
-edit- using asp.net
View 13 Replies
Aug 5, 2010
I have the following code
[code]....
and while that presents a friendlier error message to a user, I've forgotten how to show me the "real" error.
View 2 Replies
Apr 1, 2011
I have a set of WCF services which I have been using with an ASP.NET MVC application so far. These service operations return a FaultException when the server has identified problem with what the client has submitted. For example:
[code]...
However with Silverlight this all fails. The server returns a 500 status code with the faultexception (as expected) but to Silverlight this just looks like a duff response.
The following MS article indicates a (ugly) work around for this: [URL] This workaround makes the service transmit 200 status codes, even if there is a FaultException, so that the Silverlight client can get them. But this will mess up 'normal' clients of my service (my ASP.NET application, other users in the wild).
However, the point of services is to have seperation from your clients. I still want my services to return 500 status codes so that my ASP.NET application can detect the FaultExceptions and handle them. But I also want Silverlight to be able to handle them too.
View 1 Replies
Mar 11, 2010
string lNewHTML = Regex.Replace(lOldHTML, "(�word1�|�word2|word3�)", "<a href="page.aspx#$1">$1</a>", RegexOptions.IgnoreCase);
The code works, but I need to include some exceptions to the replace - e.g. I will not replace anything i an img-, li- and a-tag (including link-text and attributes like href and title) but still allow replacements in p-, td- and div-tags.
View 2 Replies
