Security :: WSAT Not Saving Full Info Into Db?
Feb 28, 2011
I have my database connected into project. Its located on different server. When I am managing users via WSAT everything is ok, it saves users into database on the server and additionally in my local App_Data folder. But when it comes to creating roles it only works with local database, but not applying into database located on the serwer.
Isn't it strange anyway, that it saves data into local database when there is not connectionString for this? I can delete database from App_Data and after doing some action with users/roles it creates new one.
View 2 Replies
Similar Messages:
Jul 13, 2010
I wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
View 6 Replies
May 12, 2010
I have created custome Membership Role and Profile provider using INGRES db. Now I can see my IngresMembership and IngresRole provider in the Provider tab(Select a different provider for each feature (advanced) ) of WSAT but when I clik on security tab I get this error:
"There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Object reference not set to an instance of an object."
What am I missing? Do I need to add code for all override methods for Role provider? I have just written code for the Initialize and GetRolesForUser functions.
View 1 Replies
Jan 22, 2011
I can't get past the "Test" link on the "Provider" tab in my Web Site Admin Tool (WSAT).
I'm running SQL Express (10.0.2531.0) and have created my "ASPNETDB" database using the version of aspnet_regsql that came with .Net 2.0. (When that work, I re-ran the version that came with 4.0.)
I have the following in my web.config:
[Code]....
And this:
[Code]....
When I go into the WSAT, to the Provider tab, I select "AspNetSqlProvider" and click test.
The error message I get is this:
Could not establish a connection to the database.
If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
View 2 Replies
Aug 3, 2010
I have an application called barcode available on a server on the web. The application is used to generate barcodes. The user is able to save her progress directly on her desktop, however though whenever the user try to load the saved progress. It is doesnt remotely connect to the server, instead, it defaults only the saved copy on her desktop. so for example
we have the following aspx created
barcoded.aspx. The barcoded.aspx is available on the server. the page has the following information
Name: PRT321-1 Code: 456789-1000
Label: 678900-001-001
Now, this information is saved as webpage.html. however though, when the user goes to the saved location and clicks on the saved copy, it automatically load the copy as a webpage and allow the user continue with the modification online but that is not the case. Does anyone know how to fix this problem.
View 1 Replies
Mar 26, 2011
I am a senior developer in an ISP company.
We developed a software which we want to require it for all ours users to have installed on there PCs before getting internet from us.
We built our own proxy server, and we are forcing all our users to view a aspx webpage before surfing the internet.
Now, we want this aspx webpage to check the PC if it have our software installed or not, and the mechanism will deny them to surf internet before install the software on there PCs.
How can we get special info from there regystry or something like that to know this?
Example: like flash player or silverlight player, where the requested page check if the PC have the right plugin installed or not. if not, it redirect to the installation page, if yes, the flash or silverlight movie run.
View 1 Replies
Jun 22, 2010
In a web page,I can use the following code:
[Code]....
But that doens't work in a web user control. Am I missing a reference, or something?
View 3 Replies
Apr 26, 2010
Using visual studio 2010.
Dragged and dropped a login control onto a blank content page. Set up my web.config (i'll include the code for that at the end). It seems to want to use a sql database to store the info. I just want to use the web.config since it's just a single user and a simple site. I thought I could just drag and drop the login control to a page and that would be the end of it (besides setting up the web.config).
Here's what i have in the config file
[Code]....
View 2 Replies
Sep 23, 2010
I'm using the CreateUserWizard and it's working great. I do have a "step2" that asks the newly created user their first name and last name. Seems simple enough, but I'm getting an error on the Profile.Save(): "This property cannot be set for anonymous users". I'm assuming this is due to the fact that I have DisableCreatedUser="true" for the CreateUserWizard, which is what I NEED to do. Does this mean that until we enable this user, they can't add these few columns? Since the site I am updating requires matching a newly registered user to an already existing "Artist" table, it's important that the administrators are given the first and last name of the user. The aspnet_User table doesn't have that, so I thought I'd give the profile a try.
View 3 Replies
Oct 21, 2010
I'm trying to use a custom Principal (with custom Identity) for security. This all works fine for logging in, out etc. I am now trying to limit access to unauthorised users within my code as follows:
[Code]....
Again, all is fine there. Except I need some more complicated rules, something along the lines of "Allow Admins. Allow Buyers, provided they have the correct department ID and are allowed to see this customer's credentials". All of that information exists within a database.
View 2 Replies
Jul 22, 2010
I'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
View 1 Replies
Feb 5, 2010
I am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName
View 12 Replies
Jun 7, 2010
Is there an easy way to select a specific user that is already logged in and bind all the users info to a detailsview for edit and saving back to the tables?The tabels were generated in AWAT of VS 2010
View 1 Replies
Oct 2, 2010
If I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?
View 5 Replies
May 1, 2010
I have more then 75 web application live on multiple surver and now I want to have single login(form authentication) for all. Anonymous user can access all the network but once login, they can manipulate info across network without login again and again.
View 1 Replies
Feb 1, 2010
I have read the post at http://forums.asp.net/t/1403132.aspx regarding login control. Is there a place to store the User logged-in ID (info) for later checking and use? I don't need to use the session object. I don't need the page to expire. I don't need the user to use a page saved in the favoites.
View 3 Replies
Feb 8, 2011
Is anyone able to see Web Site --> ASP.NET Configuration if you are creating a web application using File --> New Project --> Visual C# --> Web. If so, how and where?
Base on what I've tried, the menu Web Site --> ASP.Net Configuration appears only if you create a website by File --> New Website.
What I am actually trying to find is the Web Site Administration Tool (WSAT).
View 5 Replies
Jan 13, 2010
this is the ecenario, we're developing a web application in vb.net using vwd 05, and everthing has been great so far, we've recevied a lot ideas from the guys on this great forum. now we're facing a problem relating with usernames and userids.Our web application has 5 different roles, and theres a funtionality needed on a dropdownlist related to the user roles.
we're trying to store users full name and other data, i've seen the tutorials about storing addtional information and everthing is very clear there, the problem now is this code we have already to fill a dropdownlist.
Dim techUsers As String() = Roles.GetUsersInRole("tech")
For Each usr As String In techUsers
DropDownList1.Items.Add(usr)
Next
So basically were looking at storing the user id of the user just created with the create new user wizard to our table where full name is gonna be stored.
table is like this:
userid
full name
and other data required here. etc
so basically, we're filling the dropdownlist with the usernames of the users in the tech rol with the coded i posted above, but we need to instead of showing the username(which is our case is just number) ,show the full name of that users belonging to the tech role, obviouly its just a query, but how to get the full names of users beloning to a specified role? thats the main question and problem we have right now.
View 5 Replies
May 31, 2010
I created a website with a file manager where the client can upload, delete, preview etc. This works fint but the problem is that the folders where the files are going to be saved will be on another server. I am testing this locally for now but will deploy it once finished
I setup my website in the IIS. Created a 'Virtual Directory' and linked the directory to a folder in my 'C://'. The virtual Dir path is "~/upload" but when i user Server.Mappath() it gives me "C:/inetpub/wwwroot/website/upload" insted of the actual dir path "C:Documents and SettingsUserMy DocumentsVisual Studio 2008WebSitesWebsiteuploads"
View 6 Replies
Nov 1, 2010
I have a website that acts as a common user details site for a few other websites. I pass a sersname to it and it gets the profile using
[Code]....
that part works fine. Now to commit the changes I use the above code to get the profilecommon for the user and then use oProfile.Save() to finish. This saves all the user data to my profile..doesn't matter which profile I use, it always gets saved to mine.
View 4 Replies
Jul 28, 2010
i want to protect webpage from saving from browser file->save as. i found some sites did it(facebook,orkut). when i try to save pages on that sites only home page saved. how to do this in c#
View 2 Replies
Apr 4, 2010
Hi creating a simple blog site where u can login and save blog entries. I want to use the loginname control to automaticly save the username of the one entering the blog.
View 2 Replies
Jan 30, 2011
I have a web project and I saved my images in Physical folders in hdd Like d:SecretImagesImagename. But I can't open the files when I have to? I thought if it can saves for examle d:SecretImagesTemp.jpg, I can open when I have to but, I can't.
View 3 Replies
Apr 30, 2010
My web application is on a Webserver that is in a DMZ .
the web application must save on the server in LAN some files, but the webserver cannot access the file server because has no right to access. i wouldn't create an account for the web server, but i would that any time the application has to upload a file onto the file server make a connection that encapsulate credentials, then the upload starts ,finally the connection closes.
Is possible with some Objects to do this type of work?
View 1 Replies
Feb 17, 2011
Short: Why do I get a security violation saving files from within an XMLRPC.NET method and not under MVC?
Long:
I have a blog engine running on MVC 3 on a Godaddy shared hosting account (IIS7/.NET 4). I've implemented a MetaWeblog interface to it so that I can use Windows Live Writer 2011 to post. Everything is generally working. My problem seems to be with Medium Trust and the XMLRPC gateway that MetaWeblog uses. I get a FileIOPermission error when attempting to write media objects to disk. The key error is:
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I'm sure it's the Medium Trust level that's causing this error because when I set my local IIS7 to medium trust level I get the same issue. Upgrading to high or greater trust level solves the problem. However, I can not change the trust level on a Godaddy shared hosting account (I don't want to pay for a dedicated server for a personal project so upgrading is not financially feasible).
Here's the "funny" thing. In the same application I have a file upload page that works perfectly on dev and production. I'm going to the same sub-directory in both places (well under the application directory root and with write permissions granted). Therefore, it seems the only difference here is the fact that one part of the code executes under MVC and another as part of XMLRPC (not sure what framework that is part of as I'm kind of new to ASP.NET development).
View 1 Replies
