Security :: Self Signed SSL Not Working Outside The Web Server?
Mar 22, 2011
I have created a self signed certificate for IIS6 for my app. App works fine when I access it from the web server. But when I access the app from client machine it gives an error "The connection has timed out" on IE, and on Firefox it does not load the page.
I am using the aspnet membership features and check to make sure the user is logged in before display the page:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me .Load 'Check for UserName If Context.User.Identity.Name Is Nothing Or IsDBNull(Context.User.Identity.Name) Or Context.User.Identity.Name = String.Empty Then Response.Redirect( "~/Login.aspx" ) End If Session( "UserName" ) = Context.User.Identity.Name UserName.Text = Session( "UserName" ) UserIDValue.Text = Membership.GetUser().ProviderUserKey.ToString() End Sub
Everything was working fine when I had two separate applications (two web.config files) using the same data base and the same "applicationName" in the web.config files...............
I created a self-signed certificate for testing in IIS7 (win 7 64 bit environment ). I attached the cert to the bindings, etc and everything was fine. But when I crank up the site I get the generic error: There is a problem with this website's security certificate. Continue to this website (not recommended). What should I be looking at to fix this
I there a way to get the user id that they signed on to the computer with from web site project, without changing IIS so they will have to login? This will be interanet and remote internate users.
I have a login control that is working beautifully on my localhost, but not working on the server. It validates my username & password - and gives me an error if I enter an invalid username/password. However, if I enter the correct username/password, the page refreshes, but does not redirect me to the "ReturnUrl" that I see in the URL. I've seen posts on this, but nothing that I tried worked. I've tried setting the 'MembershipProvider'attribute of the login control. I don't want to set the DestinationUrl...I want it to take what is in the ReturnUrl in the querystring. I don't think it's a web.config issue cuz it works on localhost??
On our website users can sign up. The sign up controls (converted to a template) has the usual text boxes and then the create user button. When pressing this button the account is created. After reloading the website, the user can see his credentials in his 'my account' tab. Question: How can we access the newly created user (especially his userid) right after the create user button was clicked? Right now this does not work, we can only start accessing this after the page has been reloaded. But surely the account is created the instant the button was pressed. I have tried this:
But it looks as if the user is not yet logged in at this stage. Can this somehow be forced so that we can access the newly created userid right after the user has clicked the create user button?
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
There is a possibility that the web server computer (host) resets and there is nobody that can log in to system after reseting . I dont want my webpage stop working at this state until the Admin login to the server. so I want my webpage do its main job at logoff state of the server.
how can I create this webpage? what technology can I use to do this?
I made a login control in a webapplication with a membership provider and a role provider. The problem is when I enter the username and the password in the login control (on my system i.e localhost) the user authenticated and redirected without any problem, but when I deploy my webapplication with my database on a host server the login control cant authenticate the same user and tells me "Login attempt was not successful".
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
On my PC everything is all rigth but on the webserver I get an error: 'OrderBy' is not a member of 'System.Array', maybe due to the trust level. Is there I way to bypass this or I have to resign myself to it?
I'm using membership that created by asp.net configuration when you create users with roles when you create a user for your website using asp.net configuration in Visual Studio
After uploading my project and creating the Database, I can't login using the users that i have created, i'm 100% sure im using the right username and password but still can't login but they are working 100% in my local DB
after few search in google i found the solution is to execute the following command:
I am a newbie to asp.net and have recently been building a web... I have a login control on the main page which when logged in verifys the user and redirects them to the home page... I published this to the server previously and it worked. Today when I tried logging into my system however I got the following error message:-
"Your login attempt was not successful. Please try again."
The accounts did work before but since I have uploaded a newer version of my program onto the server the above message is displayed. I have been on many websites and read previous forums with suggesstions to add <roles> in the web.config file however the login control worked before and I have not changed anything on the site apart from a different page that doesnt affect the login.
Few points to make... the login control is using the asp.net configuration pre built tables it generates for you, I have created the users and roles inside of asp.net configuration so it is not a custom membership... I am at a complete loss as how to get my login control to work having tried to insert roles into the webconfig file.
i have been creating a website on my computer which has VWD 2008 and SQL Server 2008, i have membership and role system set up, (using the aspnet_regsql) and that worked perfectly fine on my compuetr.
Now when i was ready to deploy it on my web server, i simply copied the whole database, and added it onto the SQL Server on my server, so it has exactly the same rows, tables, data, etc etc.
Now, when i run the website via the domain, users are able to login etc, and my authentication code that redirects users if they are not logged in also works, so im sure it cant be a problem with the membership provider, as it all seems to work.
But all the users that were already in the set roles, it still shows them in the role in aspnet_roles table, but its not working, the thing i have in the roles loginview does not display, and even after running the web administrator tool, it shows that the user is in that role, but does not work (even while viewing on the local machine)
So i added code in a page_load event that would auto add that user to the role
I am trying to open my homepage with HTTPS in my test server. Is there a way i can create Self signed certifcates and see if https works. some links or any ideas with how to do Its an ASP.Net project and IIS V6.0
I am using a Self signed certificate for HTTPS. I have it ready. what should be changed in IIS and also what should be changed in the code for https to come into affect. I need https for some pages(not all).
This is in VS 2005. And IIS is 6.0. I am trying to use Self signed certificate for HTTPS. In the code i am redirecting from http to https for few pages. It is nt working fine. and in the IIS manager, for each page that i want HTTPs, i have changed its setting by checking "Require Secure Channel(SSL)" and "Require 128 bit encryption".
public void setSecureProtocol() { string redirectUrl = null; bool bSecure = true; bool SecureConnection = true; if (bSecure && SecureConnection) redirectUrl = Request.Url.ToString().Replace("http:", "https:"); else if (!bSecure && SecureConnection) redirectUrl = Request.Url.ToString().Replace("https:", "http:"); if (redirectUrl != null) Response.Redirect(redirectUrl); }
Pages throw me an error like this The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets
Layer (SSL).
Please try the following:
* Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource. Internet Information Services (IIS)Internet Information Services (IIS) When i try to put https in the start of the URl, it wont call. I have no idea whats wrong in here. Here, Its not redirecting from http to https. For the pages that i am not redirecting in the code behind, and changing in the IIS, i can see the HTTPS when i check the two checkboxes. Internet Information Services (IIS)
Using the form view control, when I click on the edit button to modify a record. the form is in update mode. When I clcik the update button any modified data is posted, but, for some reason the name in one filed named, user_update_name, does not. The name in the field will not change unless the field was empty. For example, if test1 was the last user to modify the record and the user_update_name field was empty, the field was now say Test1. If Test2 modified the same record, Test1 name will still display in the field. The command that fires when the update button is clicked.
Imports System.Data Imports System.Data.Common Imports System.Configuration Imports System.Collections Imports System.Web Imports System.Web.Security Imports System.Web.UI Imports System.Web.UI.WebControls Imports System.Web.UI.WebControls.WebParts Imports System.Web.UI.HtmlControls Imports System.Data.SqlClient Imports Microsoft.VisualBasic Protected Sub FormView1_ItemUpdating(ByVal sender As System.Object, ByVal e As System.Web.UI.WebControls.FormViewUpdateEventArgs) Handles FormView1.ItemUpdating frmPartsDS.UpdateParameters("user_update_name").DefaultValue = User.Identity.Name End Sub
In the control Chart, I add few points, selected from the database:
var Diagram_1 = Razrez_D1.Series ["D1"]; sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure; sqlDA.SelectCommand.CommandText = "Razrez_D1"; sqlDA.SelectCommand.Parameters ["@ date1"]. Value = Session ["date1"]. ToString (); sqlDA.SelectCommand.Parameters ["@ date2"]. Value = Session ["date2"]. ToString (); sqlDA.Fill (dataSet1, "Razrez_D1"); sqlDA.SelectCommand.CommandType = CommandType.Text; for (int i = 0; i <dataSet1.Razrez_D1.Rows.Count; i + +) ( string name_s = dataSet1.Razrez_D1 [i]. Name.ToString (); name_s = name_s.Substring (name_s.IndexOf ('â„–')). Trim (); Diagram_1.Points.AddXY (name_s, dataSet1.Razrez_D1 [i]. Count); Diagram_1.Points [i]. BorderColor = System.Drawing.Color.Black;; Diagram_1.Points [i]. BorderWidth = 1; if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count)> 5) ( Diagram_1.Points [i]. Color = System.Drawing.Color.Red; ) else if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count)> = 4 & & Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count) <= 5) ( Diagram_1.Points [i]. Color = System.Drawing.Color.Yellow; ) else if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count) <4) ( Diagram_1.Points [i]. Color = System.Drawing.Color.Green; ) )
The problem is that the points on the X axis are signed that way: first is not signed, second is signed, third is not signed etc How can I sigh all points?
I developped a light WinForm Control that run like an ActiveX in a Web Page. No problem yet.However, when i want to access System.IO I got a Security Exception. It seems that I have to sign my assembly, so that's what I did. When my assembly is signed, my Web Browser can't show the Winform. I set IE to download any ActiveX in the Security tab ... Nothing happens. Uncheck "Sign Assembly" ... works fine ...
I'd like to add a typical 'Signed in as' bar, cf this site.Since it's 'common', first thought is: master page.However any controls designed on a master page are only rendered 'in' the final page...... so you need the 'this' (Page reference) to access the control... so you can't write code 'on' a master page, whose 'this' is not a Page.HttpContext has Session, Request, etc - all useful but none with a 'Page' reference that I've noticedUpdatePanel looks neat, but I'd prefer a non-Ajax solution to learn the 'basic' way before perhaps later making it 'smarter' with Ajax.Question therefore is: how to write a script that is site-wide, for a master page, that references controls on the (rendered) master page, with or without a 'Page' reference.
I'm aware of the following two different types of web projects in Visual Studio 2008:Website projectWeb application projectA web application project can reference a signed assembly as long as the web application's assembly is also signed with the same key. However, this doesn't work with the website project because there is no place to sign an assembly. I think this is because the assembly is compiled dynamically on the server?
Anyway, is it possible to get the website project working with this signed assembly? Or will I have to convert this website project into a web application project?Edit:The following situation has required me to ask for clarification in this matter:I have a class library that is being referenced by several other projects in my solution in Visual Studio. One of the projects is a windows application that will be deployed to specific external users. In order to make sure that the application is using the correct assembly and to also prevent others from using the assembly (I am aware of the limitations with respect to its effectiveness), all assemblies have been signed and all the classes in the library are declared as Friend (internal).
The website project doesn't seem to have a way for me to sign its assembly and I get the following message when attempting to use anything from the library: "CLASS is not assessable in this context because it is 'Friend'", which is to be expected.The following attributes are inside the AssemblyInfo.vb file in my class library project:
My Conclusion:Looks like the cleanest way to do this would be to convert the website into a web application but this would require a bit of time to do since our site is pretty fleshed out already and as pointed out in other discussions, can be quite a pain to do. Going forward, I think creating a web application in the first place may have been a better idea and much more flexible for future development.