Security :: PrincipalPermissionAttribute?
		
			Jan 12, 2011
				I am using PrincipalPermissionAttribute to determine which methods can be called in my WCF based on roles.The only problem is that, after putting in these attributes in my c# code, i can no longer run/test locally. It has to be done on the server thats on the domain. Is there a way to disable PrincipalPermissionAttributes for loopback?
	
	View 15 Replies
  
    
		
Similar Messages:
	
    	
    	
        Mar 27, 2010
        I have an ObjectDataSource which refers to a class in my business logic.  I have added this code
[Code]....
to a method within the class.  That is the method specified as the UpdateMethod of the ObjectDataSource.  The ObjectDataSource is attached to a FormView. I am seeing the following behaviour: Before I add the attribute, the update function works as expected; With the attribute, if the user has TestRole then the update works as expected; With the attribute, if the user doesn't have TestRole then the update method does not execute, but no exception is thrown. So, the functionality is restricting access to the method exactly as it should.  However, no exception is thrown when access is denied.
As an aside, I have tried adding the attribute to the class rather than to the specific method.  With that in place, I do see an exception (if the user does not have TestRole) as soon as execution goes anywhere near the class. This cannot be my final solution though as different methods in the class need different restrictions. Obviously, I don't want the update to fail silently, I need the exception to be thrown so that I can handle it.
	View 5 Replies
   
  
    
	
    	
    	
        Dec 15, 2010
        I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
	View 1 Replies
   
  
    
	
    	
    	
        Apr 6, 2010
        We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the  LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
	View 5 Replies
   
  
    
	
    	
    	
        Aug 18, 2010
        I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods.  I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
	View 1 Replies
   
  
    
	
    	
    	
        Jul 12, 2010
        I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.
Source Error: 
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs    Line: 0 Stack Trace: 
[Code]....
	View 3 Replies
   
  
    
	
    	
    	
        Mar 17, 2011
        We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
	View 1 Replies
   
  
    
	
    	
    	
        Oct 27, 2010
        I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
	View 2 Replies
   
  
    
	
    	
    	
        Apr 24, 2010
        [ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have  3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
	View 1 Replies
   
  
    
	
    	
    	
        Jun 23, 2010
        i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
	View 1 Replies
   
  
    
	
    	
    	
        Sep 9, 2010
        I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
	View 1 Replies
   
  
    
	
    	
    	
        Nov 19, 2010
        I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says "  Login failed for ...  " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
	View 2 Replies
   
  
    
	
    	
    	
        Jun 3, 2010
        I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
	View 2 Replies
   
  
    
	
    	
    	
        Apr 2, 2013
        Error: 
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
	View 1 Replies
   
  
    
	
    	
    	
        Jul 22, 2010
        I have created user web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Local server , it is throwing security exception 
Error 1 Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibraryinDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Library
Anybody knows why this error occuring...?
	View 2 Replies
   
  
    
	
    	
    	
        Aug 9, 2010
        My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the 
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
	View 1 Replies
   
  
    
	
    	
    	
        Sep 21, 2010
        I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that  enables a user to be able to see a dataBase information only after that user has been successfully authenticated. 
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
	View 4 Replies
   
  
    
	
    	
    	
        Jan 30, 2011
        I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record.  I want to use the build in support of the membership and membershipuser objects. 
I see that via the passwordrecovery control that the actual answer can be returned.  However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not. 
	View 5 Replies
   
  
    
	
    	
    	
        Mar 22, 2011
        Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done?   Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
	View 4 Replies
   
  
    
	
    	
    	
        May 1, 2010
        I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.
	View 1 Replies
   
  
    
	
    	
    	
        Feb 9, 2011
        We have asp.net configuration tool to manage user's permission and role for our offline website,
it is working very fine.
Now, I have uploaded my website and aspnetdb.mdf
now i want to manage users and it security and roles online.
How can i have asp.net Configuration tool
	View 2 Replies
   
  
    
	
    	
    	
        Feb 17, 2010
        i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
	View 3 Replies
   
  
    
	
    	
    	
        Aug 17, 2010
        I am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.
	View 11 Replies
   
  
    
	
    	
    	
        Jun 15, 2010
        I have searched and could not find any article related to "How to implement Certificate Security in
production environment".
I could able to Create sample certificates for client and Server on my local machine and was able to authenticate my client app with the certificates . These certificates are test certificates.
How do I do this in Production. We have a domain certificate from GoDaddy which resides on the server. How do I create a Client Certificate off of that.
	View 2 Replies
   
  
    
	
    	
    	
        Jul 21, 2010
        I'm having the problem of my password fields being cleared when a postback occurs on a dropdownlist selection change.
Is it a security threat to fix it with this...
protected void Password_PreRender(object  sender, EventArgse)
{
(TextBox)sender).Attributes["value"]
= ((TextBox)sender).Text;
}
	View 2 Replies