Security :: User Control Library Causing Security Exception?
Jul 22, 2010
I have created user web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Local server , it is throwing security exception
Error 1 Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibraryinDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=126.96.36.199, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Library
I am stuck into a problem, i have a user control ProductListing.ascx that contains ListView binded to an object datasource, SelectMethod and SelectCountmethod are provided as well. Everything works fine but the problem started when i add another user control declarativlly Filter.ascx in the productListing.ascx. I want to assign value to a public property MaxPrice in Filter.ascx. I am trying to set this property in the SelectMethod of ObjectDataSource. Usercontrol "Filter.ascx" throws null reference exception when i try to set its MaxPrice Property.
I tried to acced the usercontrol in Databind method of ListView , it is accessible here but viewstate is empty at this point, i saved the value in viewstate in SelectMethod of objectDatasource but i cant access viewstate in ListView Databind. Its empty. Its a simple code and no rewriting to viewstate elsewhere.
Important: My Codebehind files are in a seperate project and .ascx files in seperate project
Im using Visual Studio 2010. I'm new to asp.net. I'm trying to do a simple user login page but whenever I try to launch the Web Administration tool, I keep getting some exception error. The below images is the error I encountered.
I have a web page which is using PasswordRecovery control.Its working fine but I have a scenario in which I have to disable Viewstate for the whole application.Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2).
Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
I've downloaded the recaptcha.dll in both 184.108.40.206 and 220.127.116.11. When trying to render the control, I get the following exception: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=18.104.22.168, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Stack Trace:[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0System.Web.UI.NamespaceTagNameToTypeMapper.GetControlType(String tagName, IDictionary attribs, Boolean throwOnError) +209
The solution to this, as provided by a quick Googling, is to use caspol.exe to add full trust to the recaptcha.dll assembly. C:\%path%caspol -af C:inetpubwwwroot\%path%in ecaptcha.dll At this point, I get the following error: ERROR: This assembly is not strong name signed Short of downloading the source code and recompiling it locally, is there any other way to get this working?
I am trying to implement the Ajax HtmlEditor into my application. I currently am using a regular TextBox to load and save some data to some EMail template files and had to do some work-arounds to get it to accept the HTML Input. I am trying to upgrade it to use the Editor, but as soon as I insert the Editor and do a PostBack, I receive the Security Exception below. There is absolutely no change to the code-behind, so I don't understand the issue. There is so little on Google for the Version 3.5 Editor that I'm stumped. I have Debugging enabled, but it won't give me the Soruce Error either.
Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error:
After adding personalization and authentication to my site, I was getting pitched out of my application( which is on a hosted server), and sent back to the log in screen . I disabled authentication to see if I could figure out what was going on. I found that
I was getting a system error:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
This error has been reported elsewhere [URL] so I made the following change to my web.config
This seems to have worked to a point, because with authentication DISABLED, I no longer get the error. But when I RE_ENABLE authentication, I get pitched out randomly back to the login screen. Time out is not an issue. It only happens when I move very quickly through screens that are doing a lot of postbacks.
This is the authentication stuff from my web.config
I have a website where different comapny and users can login. Till now I have not seen any issue on IE 6. But in case of one account, when try to login the website, users are getting security information "This page contains both secure and non-secure items.
I can reproduce the same easily for the same customer but not happening for any other customer. I have "ReportViewer" control (gets rendered as iframes) on the page.
In this scenario, whether user selectes "Yes" or "No" button, the home page with charts loads 30% and other controls remains invisible. Though I see same out in "View source" for this and other customers. We dont change anything much then the data and charts for the users. We use https for this website and has few links with "http" in page. But then this is same for all the users, but it happens only in case of one customer.
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
In my default.aspx page I have a PlaceHolder control within an UpdatePanel. In this placeholder control I will dynamically load a web user control, which is just a form with a submit button. On this user control, I have the form within an update panel and I have the "Submit" button's Click Event added to the triggers.
When I submit the form, the UpdatePanel on the web user control nor the update panel on the default.aspx page are capturing the post back, thus causing a full post back which refreshes my page.
how to capture this post so its rendered in Ajax and not a full post back?
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only .
I got only one ideas to control with the session. When user log into the master page, I insert the current login user and session ID and active status to the SQL table. if user logout manually or close the browser or session expired, I want to change the inactive status. So I can check how many active user are there and the system can prompt the required info to the user. But now, I can't find the soultion to change the inactive
status in above condition.
That doesn't seem right to me. I m sure I 'm making incorrect assumption about this matter.
I want to use the Control of ASP.NET (User wizard Control) to create user, but it only provide its default field like: -username, password, securityQuestion.All I want is the addtional information like Address, Company Name, Telephone number. And I know a solution by building it in 2 step, first the default username, passworld and the next step is the additional information. BUT i don't want to do like that.
I am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName