I know how to impersonate a user for the entire site but how best to impersonate for a block of code; WindowsImpersonationContext or NetworkCredential?
And how would this code look like?
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
View 3 RepliesI know a user can use the following code to access the content of web.config
string connectionString = ConfigurationManager.ConnectionStrings["MyConnect"].ConnectionString;
If I set EnvironmentPermission, can I block user to access the content of web.config?
I'm working on an ASP.net app and i'm trying to impersonate a user
I'm creating a windowsIdentity with a token
WindowsIdentity winId = new WindowsIdenty( token );
this token was got by calling the un managed code
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
is there any other way to get a token without using this advapi32.dll unmanaged code?
I have 2 separate code-block asp.Net expressions in an aspx markup, with an html content between (span element in the example below). In the first code-block, there is "i" as an increment variable for the for loop.Then the code-block is cut with an html content.And another code-block expression is opened but as I see I can reach the "i" variable which was declared in the previous code-block.
So, how asp.net handles -compiles- the pieces of code-block experrions declared in the mark up? Does it check the semi-colons and generates some anonymous methods which will end up with many calls to Response.Write in the last place?
<p>
<%for (int i = 0; i < 30; i++)
{
[code]....
I'm using WCF services ensuring that UserName/Password must be provided for each request. I need use same service from many clients, but I need impersonate the call to access the appropriate resources for each client. When I call the service directly from the client there is no problem, because I use for each client a pair UserName/Password defined in theirs web.config. The problem came when I need to call a second Web service from a call to the first-one using the same identity. This second Web service requires UserName/Password, but I only know who is the caller (UserName) but not the password.
How I can impersonate this second call without knowing the password for the corresponding username?
EDIT: The app (Web App and Services) is running in a shared hosting environment where I can't use Windows Authentication to configure Kerberos for Delegation. I have defined a UserNameValidator to process on each call the pair UserName/Password against a custom SQLServer database. Moreover, the intended customers of this app will use it from Internet, without requiring a windows account, that is because I need a more flexible, SQL-based, authentication schema.
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
I Need Block User After 3 Failuer Attempts....
View 1 RepliesIn .NET is it possible to get the HttpContext of the current page from within an external class?
So, for example in my page test1.aspx codebehind I've got:
Dim blah As New FeedWriter()
blah.Run()
But inside FeedWriter.vb, can I get the HttpContext of test1.aspx? Or would I have to pass it in to Run()? (I'm unwilling to do the latter because FeedWriter implements an interface which will need to be re-written if it's to take arguments)
Given the following simplified code block in ASP.NET
<% foreach( item in Model) { %>
<%=item.OriginalText.OriginalText1 %>
<%} %>
OriginalText is a class which may be null. I am looking for a simple (clean) way to check for this null and return an empty string ("") instead.
Basically what i am trying to do is display a list of categories. And if the admin is logged in
i want to show some buttons next to each category. For example a button to delete it. The problem is that i dont know how to pass a parameter to the function that does the action.Like i specify that on button click the function 'DeleteCat' must be called but if i cant pass the ID of the category to be deleted this wont work.I know this can be done with commands and a repeater, but its not an option, i cant use a repeater.So apparanly this is what i am aiming for:
[code]...
I'm using asp.net membership provider. and I need to block user account in case if the user post spam. How can I accomplish it using build in features of the Membership Provider.Can I use IsLockedOut? If so how can i update it programmatically?
View 2 Replieswe can download other site css like right clikc their websites and we can see the css src / js src, then if we providee that filename in the address bar then it'll download, how to avoid this?
View 2 RepliesI have an extension method which I can use from the .cs codebehind of an aspx page, but if I try to do it in a code block in the aspx, it can't find the extension method. Is there something I need to add to the page?
View 2 RepliesIn my code i am running an exe file through a process call. How to handle exception generated by the exe file.
View 1 RepliesI have the need to fire off a modal pop-up inline. I have a modal panel defined, and works when I click a test button on the page. Unfortunately I need it to work like this:
1.) A user clicks a 'Save' button
2.) In the code block for that button's Click event, there is a check for a certain constraint.
3.) If that constraint exists, I need to show the modal pop up and determine if the following code in the Click event is executed based off of the return of that modal pop up.
Easily accomplished using a Forms message box. But this is an ASP.net app. What I've tried so far is creating a button that uses a style with "display: none" and programmatically firing off that hidden button's click event. Unfortunately the code does execute but no modal pop up is displayed and the code continues to execute.
I use some basic code to create userid (emailaddress) and assign the id to a role:
[Code]....
But I don't find how to automatically login the created userid and redirect him to page.asp
I have login control on my asp vb project i want when i press button
fill user name and password in login control
with some thing i have in code and then call submit button in control
all that using button1 control i dont want use login control to insert
What i want to do is code in Global.asax file to check if current date is greater than EndDate(appsetting) it will block access to rest of the pages as what happens when using [Code]....
Moreover it will be a licencing system which will block the application after its EndDate that will be mentioned in web.config.
[Code]....
[Code]....
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 2 RepliesOn my website, www.pakdev.net, I create screencasts to which are streamed through silverlight.
I create a custom handler to block the download of .wmv files from the url like [URL]
But the problem is now the silverlight has also stopped streaming files.
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 1 Replies