Security :: Extending Model To Use Rights And Permission?
Oct 18, 2010
I am new to ASP.NET security model, I need to perform a RIGHT-based security checking for every actions in my applications (e.g. CreateUser, UpdateUser, SearchUser....etc)
However, the built in ASP.NET security model only support ROLE-based security, and I would like to do something like that, but using RIGHTs.
Is there any idea, experience and post I can read and extends the ASP.NET Security Model to use RIGHT-based security to perform granular control.
e.g. How to I write my own HTTPModule, or make use of IPrincipal object.
If there any details steps/tutorial will be great, as I am very new to the ASP.NET.
View 1 Replies
Similar Messages:
Dec 12, 2010
if I have this code:
How can I run the cmd using and admin rights? Is it possible to run the command using an admin name and password?
[Code]....
View 1 Replies
Jul 7, 2010
I've got a site that users can use to check in and out documents. To check out a document, the user slects a file from a list, and clicks 'check out' . The document is taken from a 3rd party source control tool and placed in a dedicated directory on the server. Then, the file needs to be copied from this directory to a client directory the user has specified.
Copying to the Server is no problem.
I'm trying to use the WebClient objects DownloadFile method to write to the clients directory, but I keep getting "Access to the path '<path>' is denied.". I've set the UseDefaultCredentials flag to true, but no joy.
I'm obviously missing something, but I'm not sure what.
View 3 Replies
Mar 14, 2011
Roles: - administators
If it administator shows menu "Admin".
If I want to display the menu: "Create new employee ', have to create Roles: new_employee?
If so, how to choose a user and store specify their rights in c#?
View 3 Replies
Feb 20, 2010
I have implemented Membership and Role Provider in my web site. Membership and Role information is stored in database created from aspnet_regsql option.
I want to store the access rights given to the pages in ASP.NET Configuation option in Database inspite of web.config file and want to give page wise add, edit, view and delete rights that should also be stored in database.
Is there any inbuit class like Membership and Role to add page access rights?
View 3 Replies
Aug 27, 2010
iam using masterpage and sitemap in my project, what i want to is that if user login is did, based on the user previlage in need to show the sitemap menu page if user i have the previlage to see the page then i should enable that page otherwise i need disable that page
View 1 Replies
Jul 2, 2010
i am currently developing an asp.net mvc 2 web application and i would like to create new foldersprogrammatically with access rights, in order to enable loged on users upload their image files.My question has to do with how to assign write access using Directory.CreateDirectory function and assigning DirectorySecurity rules (meaning for which user should i enable user rights, etc...). Note that the hosting envirnoment uses IIS 7.
View 1 Replies
Jun 3, 2010
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
View 2 Replies
May 19, 2010
We have an ASP.NET 2.0 site in which we use ASP.NET login / authentication controls.
Our users currently timeout after approx 20 minutes, forcing them to log back in, and this appears to be causing downstream errors in our application.
I have tried increasing the SessionTimeout value to 120 mins (<sessionState timeout="120" />) in the site's web.config file, and the "<membership userIsOnlineTimeWindow="5000" >" value in the web.config is set to 5000 minutes.
These are the only values / settings I can think of to affect this behaviour.
View 3 Replies
Feb 23, 2011
am having an argument at work on the asp.net membership provider.One of my colleagues says we should modify the tables and add our own custom columns, and i prefer we create additional tables and add relationships.
View 1 Replies
Jun 23, 2010
1) Extend the CreateUserWizard control to insert additional User fields (eg. Gender, Age, Occupation, Address, Phone, etc...).
OR
2) Create a brand new Custom Membership Provider of my own and skip using the inbuilt ASP.NET membership system.
What is the best way to create a new User system with my own tables of User data as described above?
Should i perhaps still use the standard ASP.NET membership system and then extend my own Registration page to add more User data to my own SQL backend table using the Identity value inserted into the aspnet_users table?
View 3 Replies
Jan 24, 2010
I am developing a web application which implements membership, roles and profiles. I also want it to be multi-tenant / multi-domain. By this I mean that I will have hundreds of domain names pointing at the same web application. I want users to be able to create accounts at each individual domain. I want the opposite of "single sign on". I want users to be able to use the same username, email address and password (or different ones, at their choice) to create accounts at the different sites. I do not want users to have any awareness that the different domains have any relation to each other as they will look different and have different content. The first problem I run into is that usernames have to be unique within the forms auth aspnet db.
Well, if they want to use the same username to register on 10 different sites then I need to support that. My first thought was that instead of identifying a user by their username, I need to extend the aspnet tables and sprocs to consider the username + a unique site identifier. Is there any sample code or has anyone else ever done this before? Should I just abandon the built in aspnet forms auth and roll my own custom auth scheme? The data on the sites is not sensitive so security isn't really that important to me.
View 8 Replies
Feb 22, 2011
Here is my code
[Code]....
"fileUpload" is the FileUpload ASP.NET control. The SaveAs method writes the user uploaded file to a specified location on the server. IT WORKS. That tells me that the ASP.NET process has the proper write permission to write to the file.The next line uses an assembly called PdfSharp which you can use to open PDF files and manipulate them. In this case, the line simply opens up the user uploaded file. That is where the error occurs. WTH?
It works on my production machine. It does not work on my local machine. It USED TO. It was never a problem before.So why would it be fine to WRITE to the server, but trying to open a file give an error? Makes no sense. Googling yields a suggestion to put <trust level="Full" originUrl="" /> under <system.web> in web.config. It does not work.
View 3 Replies
Nov 10, 2010
I develop one application that create folder with special permission.
It works, but when I install the application on server I can't set any permission.
I think because it needs domain admin to set this permission... I've one account of one domain admin but how can I do to impersonate when the application set (try to set...) the permission ?
View 2 Replies
Nov 17, 2010
If I want my button to go to another page instead of going to its own page, I can set the PostBackUrl to destination page.Howevery, I read in microsoft website that Server.Transfer is not good if you are concern with security and permission.Is PostBackUrl the same with Server.Transfer?Does the user will not be authenticated again in the new page?
View 6 Replies
Apr 5, 2010
i am mohammed working on website development,as i am having user,admin and employeeif the user enters the page he should see all the user pages,if admin he should see all the pages,if employee only specfic pagesso can i know where exactly i have to give the permissions in to login page,so dat when emplooyee loggs in he will be seeing only his pages,can any one let me know the code,as i am developing site in vb.net,its
PartialClass Users_login
Inherits System.Web.UI.Page
Protected
[code]...
View 4 Replies
Dec 9, 2010
i have created loing form and create user form. then how to apply login rights..? i have 2 types of user. admin and normal user admin can move and use all pages while normal user can acces limited pages.
View 4 Replies
May 13, 2010
I have a dll which i downloaded from a lightbox website. It is in the bin folder But i get the error permission cannot be acquired.can anyone assist?
View 1 Replies
Jan 3, 2011
I have several features in admin panel. like userslist,change password for the user,delete user... Still now only one admin user can handle all this.
Now I want to give some features to some users.. ie certain users can view the list ,certain user can edit items in the list etc...
View 3 Replies
Dec 21, 2010
I have a web application which is using IUSR_machineName, anonymous OFF, integrated windows authentication ON which will call a web service. The web service failed to be called if anonymous in web service is turned OFF. I was thinking to assign Credential programmatically from my web application via "DefaultCredential". But how could I know if IUSR_machineName has the permission to call the web service?
View 1 Replies
Feb 9, 2010
i have a situation where i need to develop a web system where sys. admin can create a shared folder in server and set who can access the shared folder programmatically.
i've manage to find example to create a shared folder from here:[URL]
and i also manage to find example to add user and set folder Security setting from here:[URL]
My problem is how can i add user in the Sharing permission setting since it is a shared folder. Default sharing setting is set to 'everyone'. This mean anyone in my company can browse to the shared file unless i set everyone security setting. I want to remove "everyone" and add users based on the user that i've already add at Security setting.
View 7 Replies
Dec 14, 2010
I am getting this error on my web site and it is preventing the site from compiling. The site is in full trust and the web site files are on the local drive. Web searches show that the only two issues are full trust not enabled or the files on a UNC path that is not trusted and neither is the case here. This site is on an Win2008/IIS7 server. Anyone have any ideas as to why this is happening or where to look for other trust level or security settings to resolve this.
View 2 Replies
Oct 11, 2010
two weeks ago I read a MSDN(?) article how to grant/revoke permission for some users/roles/groups on a specific page or holder temporarily or with condion. The article shows how to do it Form_Load() in c#. But I can't find the link with googling or in MSDN library.
Please let me know if you know the url?
What I want to do is:
There is a folder called employeePDFs.
The folder will have 1000s employees' sub folder ({lastname}{firstname}{employeeID}). Each folder will have very personal indivual PDF files which are manually uploaded.
If an employee logs on, then the logon employee can view a page which has a list of PDF files in his own folder only.
Those PDF files can be assessed only by the user.
View 1 Replies
Aug 27, 2010
Currently i have membership and roles setup on my site. Now what is my next step to get more specific control.
Based on what i hav now, i have my pages setup so they are visible or not and links not visible and so on. But now on a more detailed level, say im setup as a user. As a user my default permissions is just to view data.. no editing. But say someone was let go, now instead of granting me full access to everything, i need to be able to go in and provide more permissions to the account.
Example:
Admins:
Add Users
Modify Users
Delete Users
Users:
View Users Detail (only the person that is logged in)
Since the the user that was let go was an admin. They had all the other options, but as a temporary thing, we need to be able to add say permission "Add Users" to the individual user account.
To accomplish this type of control, what do i need to look at to accomplish such a setup?
View 3 Replies
Sep 21, 2010
I have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform
[code]...
When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?
View 3 Replies