Security :: Opening A Webpage Impersonating The User?
Sep 16, 2010
I have a WebApplication1 running in a port (let's say 4000) and I'm trying to build a website (WebSite1), running on IIS, that is running on the same server. I have no control over the WebApplication1, it's a packaged software, WebSite1 is built by me.
The WebSite1 will do a custom user validation and then will let the user access the WebApplication1:4000 under the impersonated user under which the website is running, not the user in the client machine. Sort of like changing the user in the session.
View 1 Replies
Similar Messages:
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Mar 2, 2011
I have a basic WCF service using basicHttpBinding. I have my site project and my services project. In my site project, I have a regular Services Reference to a service in my services project. In my development environment, it works fine. However, in our staging environment, we have enabled impersonation on the services application. This service connects to a SQL database using this user, of course.
The issue is, while the other ASMX services seem to impersonate just fine with the user defined in the web.config, the WCF service is still running as the site's user, causing SQL authentication to fail.
Are there extra steps to enable impersonation for my WCF service? I have not done anything special beside adding:
service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
After I initialize my service proxy from my website.
View 1 Replies
Apr 16, 2010
I want to print a web page using javascript. But I do not want to open the page as a popup windows. How can I print directally a web page like 'mypage.aspx' using javascript window.print method without opening it as a popup window?
Also the condition is 'I dont want to use any Activex for this'
View 5 Replies
Feb 4, 2010
I am building a site which allows people to upload excel files to a secure D: on the IIS server. I am using the impersonate function (with username and password in webconfig) to allow people to save the files to the secure
Can someone point me in the right direction how I can then allow users to retireve / open these files? I have tried :
[code]....
View 1 Replies
Nov 22, 2010
I have a web page, that has lists of documents for a user to look at. I have the page working to allow a user to view any of the documents when they click the link. The only thing that wont work is a document that is .msg format for Outlook emails. I did some research and found that in order to get Outlook to open the document when opening a .msg document, you have to add the MIMEType application/vnd.ms-outlook to the list of MIMETypes that IIS will accept. I gave this a shot but still couldn't get it working.
Then what I tried was to output the MIMEType associated with a .msg when I was Saving the document so I could see what it was using. When I did this I got "application/octet-steam" So then I set the .msg extention to use octet stream. This allowed the document to be open, but used Notepad which then had really messed up formatting because of the email headers etc.
Does anyone know how I might get outlook to open up and show the email when a user clicks to view that document as opposed to Notepad?
View 12 Replies
Aug 17, 2010
am trying to get URL of the page that referred the request to my page, i tried the "
[Code]....
[Code]....
[Code]....
[Code]....
View 5 Replies
Jan 19, 2011
I am using visual studio 2005 and 2008.when i Right click and select view in browser in VS 2005,it is opening same web page twice.Can any one say why it is opening twice.
View 8 Replies
Apr 19, 2010
My web.comfig file in the webserver is encrypted . I want to do a change to the config file. While I'm trying to decrypt from the command prompt on the server using following command. "aspnet_regiis -pd "appSettings" -app "/AppName" I endup with the following error message. Failed to decrypt using provider 'CustomProvider'. Error message from the provider: The RSA key container could not be opened. The RSA key container could not be opened. Failed! The same command has been working in other environments except in my servers. Also I'm using web forms and I tried the same in both the servers. I have gone through all websites but no use.
View 6 Replies
Apr 11, 2010
I'm having a problem with opening ASP.NET configuration in Visual Studio 2008 Express. It just won't open. Nothing happens when I click ASP.NET configuration (under Website).
Odd things:
(1) It works fine (opens) in Visual Studio 2005 Express.
(2) I tried re-installing Visual Studio 2008 Express and the ASP.NET configuration opened fine for a couples of day, but now its not working again.
View 11 Replies
Mar 24, 2011
I am maintaining an ASP website and the users want to be able to click on a link that open up a folder where they could select which file they want from within that folder.
I tried to making a link with the tag <a href=[folderpath]>Text</a> but I can a 403 HTTP error saying that the website requires a login for this action. Is there some way that I could send the person's credentials along with the request so the folder can be opened?
View 2 Replies
Oct 17, 2010
I'm trying to access global shared memory from an ASP.NET web method while impersonating a client, but I get access denied when trying to open the handle. As an example:
[WebMethod]
public string Testing()
{
string result = null;
using (var ctx = WindowsIdentity.Impersonate(IntPtr.Zero))
[code]...
View 1 Replies
Apr 19, 2010
Short Version: Can anyone say whether it's possible or not to use impersonation in ASP.NET to access mapped drives?
Long Version:
I'm currently using impersonation in ASP.NET to gain access to network files. This is working perfectly for any network file using a UNC path, but it is failing to access any files on mapped drives defined for the user account I'm impersonating.
For example, let's say a file lives on the network at "machinefolderfile.txt", and let's also say that drive S: is mapped to "machinefolder". We need to be able to access both the full UNC path, "machinefolderfile.txt", as well as the shorter, mapped drive path, "S:file.txt".
Obviously the standard ASP.NET process cannot access either.
Using a console application that runs under the local account with the mapped S: drive, calling File.Exists(@"machinefolderfile.txt") returns true, and File.Exists(@"S:file.txt") also returns true.
However, when impersonating in an ASP.NET context with the same local account, only File.Exists(@"machinefolderfile.txt") returns true. File.Exists(@"S:file.txt") returns false.
I'm testing with IIS 7 running on my local Windows 7 Professional box, though this will need to run in both IIS 6 and IIS 7.
Impersonation is handled with a couple of classes in C# which I'll include here:
public static class Impersonation
{
private static WindowsImpersonationContext context;
public static void ImpersonateUser(string username, string password)
{
ImpersonateUser(".", username, password);
}
public static void ImpersonateUser(string domain, string username, string password)
{
StopImpersonating();
IntPtr userToken;
var returnValue = ImpersonationImports.LogonUser(username, domain, password,
ImpersonationImports.LOGON32_LOGON_INTERACTIVE,
ImpersonationImports.LOGON32_PROVIDER_DEFAULT,
out userToken);
context = WindowsIdentity.Impersonate(userToken);
}
public static void StopImpersonating()
{
if (context != null)
{
context.Undo();
context = null;
}
}
}
public static class ImpersonationImports
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_LOGON_NETWORK = 3;
public const int LOGON32_LOGON_BATCH = 4;
public const int LOGON32_LOGON_SERVICE = 5;
public const int LOGON32_LOGON_UNLOCK = 7;
public const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
public const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
public const int LOGON32_PROVIDER_DEFAULT = 0;
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int RevertToSelf();
[DllImport("kernel32.dll", SetLastError = true)]
public static extern int CloseHandle(IntPtr hObject);
}
Then, during Page_Load, we basically do something like this:
Impersonation.ImpersonateUser("DOMAIN", "username", "password");
if (!File.Exists(@"S:file.txt"))
throw new WeCannotContinueException();
I realize using mapped drives isn't a best practice, but for legacy reasons it's desirable for our business. Can anyone say whether it's possible or not to use impersonation in ASP.NET to access mapped drives?
View 2 Replies
Sep 29, 2010
I am stumped. i want my asp.net website to access a network share folder which is located at say, //hero/superman. I can do it manually.
I've done the following:
1. Included <identity impersonate="true" userName="IUSR_TEST" password="test" /> in my web.config.
2. Set anonymous access in IIS 5.1 with username IUSR_TEST and password: test in the account that is used for anonymous access. Checked integrated windows authentication.
3. Created a profile for IUSR_TEST in computer/management/local users and created the password: test for it. It is a member of guest.
4. Created a user account IUSR_TEST for the network share computer. gave it the same username and password.
4. On the network share computer, I've enabled access for the following people: ASPNET, NETWORK SERVICE, and IUSR_TEST.. all with full potential (for now) for the directory path in question //hero/superman which is really located on: c:herosuperman. I've given it full access.
But when I StreamReader fs = File.OpenText(Server.MapPath(@"\herosuperman est.txt"); I get the error "UnauthorizedAccess Exception". Access to the path \herosuperman est.txt is denied.
So what did I miss, what am I doing wrong. The key thing here are:
the webserver is on a domain. the network share computer is NOT on a domain, it is on it's own workgroup. This workgroup, lets just say is called "villains". So if I have to manually map the network drive to access the files, I must type: /villains/IUSR_Test and password: test to be able to map it on my webserver local computer.
View 2 Replies
Nov 16, 2010
count user online when opening the asp.net website.
View 4 Replies
Feb 10, 2010
My site is 100% private (only public facing page is login) I've had the need to open up a page to anon via the <location> node in the web config...and that all seems to work However the issue now appears to be that dynamic resources such as the Telerik.Web.UI.WebResource.axd and imagesjavascript changed via handlers dont load. A firebug of the situation shows that for those dynamic elements, it's trying to re-direct to login to get them Is there anyway around this?
View 3 Replies
Feb 2, 2010
I have a USER CONTROL with a <div> tag and a button. I want to print the content of the <div> when the button is clicked. Only the content of the div and nothing else no matter where the control is used. This without opening a new window.
View 3 Replies
Dec 7, 2010
Problem Statement: I have a details web page which has a unique sesssion ID generated per user. Now if a user does Ctrl + N or File > New Window and opens a new browser instance then the same session ID is genrated and user can update on both the windows differently and this leads to ambigous updates to DB. How can we stop user to open a new window or how can we detect that a new instance of the same session ID has been genrated twice so as to kill both the sessions with a user firiendly message.
View 1 Replies
Jul 21, 2010
I have a Google Document in the following path.[URL] Once i click on the link i am directed to a page where google asks for the username/password of the above document.I had created a test username/password in gmail.which i can send to you all usgbctester@gmail.com and the password being usgbcpassword. I hav a button click event wherein i need to open the above link bypassing google asking for username and password.I should be able to hardcode the username and password in the button click event.
View 1 Replies
Jun 26, 2010
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 Replies
Nov 9, 2010
I want to create a web page that will allow user to create a web page. The admin user should be able to give access rights to the controls which the user will place on his web page.
View 3 Replies
Dec 27, 2010
I am getting user name and password promt while trying to access reporting manager URL at a simple test server. and i have tried so many user name and password even of administrator for that machine . but nothing worked for me.also googled it but no success.. and the same thing working on my PC without doing anything EXTRA..Any one master of SSRS ?
View 5 Replies
Apr 28, 2010
I am new to this so forgive my lack of techical jargon/understanding.
We have and active directory setup in our dmz for 'external' user authentication to our web sites. This works fine...
We also have 'internal' users who have been authenticated to our 'internal' active directory. That works fine.
The problem is that we would like the internal users to be able to access the web sites on the web server in the dmz without getting prompted for authentication a second time...the user has already logged into the AD internally. Is there a way for this to happen? Currently they are being prompted for their credentials any time they go to login to a web site that is located in the dmz.
View 1 Replies
Aug 6, 2010
I currently have a website which I want everyone to be able to view, authenticated or not. But if someone does sign in, I want different controls and different C# code to be run on the page.
At the moment I have not put any asp security in. I just have two text boxes that check against the database then keep the user logged in using a session variable. Each page then checks to see if the logged in session variable has a user in it and runs the code.
I'm assuming this is not the most secure way, is there a way to do this correctly?
View 2 Replies
Jun 23, 2010
I do have a question with respect to cell phone locations.
f.i. how does google maps know my current position when using a cell-phone?
How can i make use of the current position of my cell phone. (How can i read that info and make use of it on a aspx webpage f.i.)
Ok this seems to be a tough one.
Example. when i use my iphone and start to use google. it automatically detects i have a mobile-phone (easy).
But then it request if it may use my gps locations. (if i then accept it reads my current locations).
My question is how can i do this myself using an asp.net webpage f.i.
View 1 Replies
