Security :: Role Class Methods Not Being Detected?
Feb 5, 2010I'm trying to create roles for my web application using the Role class methods provided in ASP.net but when I attempt to use the class methods as such:
[Code]....
I'm trying to create roles for my web application using the Role class methods provided in ASP.net but when I attempt to use the class methods as such:
[Code]....
I am beginner in web applications development. I started one little project and host it on source forge "https://homoco.svn.sourceforge.net/svnroot/homoco". And I started implementing authentication in this application to learn how it works. From my experience people never use out of the box things so I want to implement this stuff alone (like in real world projects). So some questions:
1) Is there any reason to use membership out of the box? To use database table schema, stored procedures etc. that tool generate for developer. I think that this lower control over code and I decided to implement it my self. I don't know if I am right.
2) Is my approach in this demo project good or bad (if someone have time I like to do just a little code review)? I created database based on business rules. Not using database schema that membership provider require. Extend "MembershipProvider" class to satisfy my needs. Implement queries to database myself.
3) Now, this question is a little wired but I have to ask it. If we make custom Membership Provider and do sql queries alone, implement all MembershipProvider class methods ourselves, and in application use Membership.blabla() why is this approach different from not extending MembershipProvider class and putting all this methods in some unique class and call its methods then? I hope that someone understand what I ask here.
I am sorry for three questions, but I really trying to find the best way to implement this feature in my demo project like it is a real world application.
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
1. Why we need override the methods? (i know what is ovwrriding but why ?)I gave answer to extend the functionality of method is it right ? again sub question was ,
Class A
{
method1()[code]....
if i can create the object of Class A in class B and can invok the method then why need to override metho here ? in fact i could not get this question , because i think both concept are irrelevat with each other. why he asked this ?same for overloading.
why we need overloading?If MSIL is there then what is need of CLS(common language runtime ) and CTS(common type system)List the 5 resposibilities of CLR (I explained only CTS,CLS,Garbage collection) was i right . what else?
What is role of abstraction and encapsulation? what the difference between them ? In which situation we have to devlop abstration and encapsulation.
6.What is included in signatures , when we said overloading means same name but different in signature. Is access modifiers included?
7.What is asp.net application life cycle?
8.Let say I am requesting for web application first time (genuine first time), how the request will executes? how IIS will know that for which application is this request is ?
9.If interfaces have empty methods (implicit abstract method) then what is its need? why we say it is reduces the code and provide reusability ?
10.In which scenario we need to implement interfaces?
11.In which circumstances we need to develop abstract classes?
12.Is class is static, means we can not create its instance, we can not derive it then how can we use method containing it? Why we need static classes?
Please guide me about these all question
13 What are the http handlers. http modules? who handle the request and resposes? why need of httpcontext ? what are the limitations of http handler, httprequest, httpcontext, httpresponse.
here is the code, where i am confused what to write in all the properties and functions of the base class stream?
I want to inherit abstract class Stream, but confused about what to write?
[Code]....
I could'nt understand how to define these Properties,Sub and Functions. How i start?
Why asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 Replieswhen I am trying to accept '<abc' as password in password field I am getting following error.
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$content$txtPass="<abc")
I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:
+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update="<SETIProducts><Produ...")."}
System.Exception {System.Web.HttpRequestValidationException}
I have a user control with a number of methods. I also have a dataset object that I'm filling in one method, but I also need to access that same dataset (and the data in it) in another.
I am filling the dataset from some xml that I get from a webservice when someone clicks on a button. The data from the dataset is then bound to a listbox control. When someone selects an item in the list control (I have autopostback set to true on it) it then fires off another method and it's this method where I need to access the data in the dataset, but when I check the immediate window it's telling me that the dataset is set to null.
Where am I going wrong?
[code]....
We have a base class that all our webpages in our application inherit from. I have a static method in the base class which when called will clear values from the application cache. Now the issue is this method needs to be triggered from a source outside the current application. I there any way this can be accomplished without creating an aspx page that will call this base method on page load.
View 1 RepliesI want to retrieve private (implementation and other) methods of a class which implements an interface and also is derived from (inherits) a base class.
How can I achieve this using reflection? Is there anyother way to achieve this?
This is wat m tryin to do. I need to view these private methods and their contents, I don't want to invoke them.
Dim assembly As System.Reflection.Assembly
Dim assemblyName As String assemblyName = System.IO.Path.GetFullPath("xyz.dll")
assembly = System.Reflection.Assembly.LoadFile(assemblyName)
assembly.GetType("myClass").Getmethods(Bindings.NonPublic)
assembly.GetType("myClass").GetMethods(BindingFlags.NonPublic) isn't working
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
How can i get the role id, rather than the role name?
For instance with the code below
Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1
GridView1.DataBind()
I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?
<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />
I want to update a log file(txt) everytime when methods in a an interface class are called? Is there any way to do this other than writing code in every method to create log?
View 3 RepliesI want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
is there any tools within VS2008 or Free 3rd Party tools where i can generate a Diagram of Class Methods and Code Behind events. think of the Table Diagram of SQL, it will show all fields, Primary Keys and to what table it is connected via foreign keys, etc.That is what i wish to make, in a much faster way, where it will show all class and within it is all the methods then linking them are the Code behinds and the event where the class is called.
View 3 RepliesI know it's possible to use this information in a winform, wpf or console application. But I rather to determine which user with what roles are running a sepecific method, so I could decide upon them and run different codes. In addition in a desktop app. how a user can login? Is there any special winform or wpf login control?
View 1 RepliesI am developing a couple of small ASP.NET application and would like to know what pattern. approach do you use in your projects.
My projects involve databases, using Data access and Business logic layers.
The data-access approach that I was using so far is the following(I read in some book and liked it):
For DAL layer:
Creating an abstract class that will define all database manipulation methods to implement.
The abstract class will contain a static "Instance" property, that will load (if instance == null) an instance (Activator.CreateInstance) of the needed type (a class that implements it).
Creating a classes that implement this abstract class, the implementation will be according to the databases (SQL, mySQL and etc) in use.
With this I can create different implementation according to database in use.
For BLL layer:
A class that encapsulates all all retrieved fields , and static methods that will call the DAL classes.
Is that possible? The reason why am doing this is because I need to parse that variable into a an JQuery function so I wanted JQuery to read that field. Can I Assign that value in base class or I have to do it within default.aspx pageload method?
View 1 RepliesI have a hierarchy in my website project as below:
[CustomControl1 - folder]
- CustomControl1.ascx
- CustomControl1.css
- CustomControl1.js
I load css and js files dynamicaly based on which controls are used on particular page. I am doing it by using following code:
[code]....
where AddLinks method adds HtmlLink controls to Page.Header with href attribute set to coresponding css and/or js file.
I would like to add Interface that would force new controls to have AddLinks method but it is impossible since it is a static method. Because my custom controls inherit from Control class I cannot use abstract class and/or virtual methods either. How can I achieve my goal?
i use membership provider in my website
i use membership methods like getUser() and so one
i need to add some other methods like getAllApprovedUsers()
where and how can i add this method to membership but i want to use standard membership methods
I have a couple of aspx pages in c# and want to apply security on them. The way the current security works is that each user is assigned a role to enable him to add,edit or delete . for instance I have 3 roles, Accountant, finance and clerk,
[code]...
I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.
Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.
I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:
authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)
Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?
Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
View 1 Replies