Security :: Web.sitemap Security Trimming And 3rd Party Authentication?
Feb 2, 2010
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?
View 1 Replies
Similar Messages:
Mar 3, 2011
I have a site map with a node and two inner nodes. The inner nodes have the same url but a different querystring parameter. I want the users with role "User" to see only the second of these links in their menu.
This is my siteMap:
[Code]....
This is the configuration of the web.config:
[Code]....
As a result, the users with role "User" can see only the second link (Search) which is fine, but they get an Access Denied when they navigate to it which is logic since they don't have access to that page, but it's not really fine for me.
View 2 Replies
Apr 21, 2010
I need to convert a web site using traditional ASP.Net login,membership/role with SQL to a custom system. I need to use a third party (CAS) authentication system while still using membership and roles to control access to content and User.Identity functions.What would be the best way to accomplish this? I use the <deny> and <allow> user throughout the site to control page access.
View 3 Replies
Feb 28, 2011
We're writing an app that has a requirement for allowing/disallowing access based on user role.In a traditional .net app of course you set the security trimming attribute in the web.config and set the nodes in the web.sitemap file and you were set.
View 2 Replies
May 31, 2010
In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder).
If I put a sitemapNode in Web.sitemap...
<siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" >
... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended.
Now I have defined a URL route in Global.asax to map the physical file to a new URL:
System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute",
"Administration/Home", "~/Admin/Default.aspx");
But when I use this route-URL in the SiteMap file...
<siteMapNode url="Administration/Home" title="Administration" description="" >
... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.)
Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around?
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Aug 9, 2010
I want to create a digital signature, for my product, for creating the digital sigmature i want digital certificate. I came to know there are lot of third party available for creating digital signature. If any one know can tell some of third party for this.
View 1 Replies
Sep 21, 2010
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
View 4 Replies
Apr 26, 2010
Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
View 3 Replies
Aug 28, 2010
I have an intranet site that is used to pull several other intranet applications/tools and database info to one place.One of the most popular features uses iFrames and jQuery tabs to give a broad overview of activities, signal etc in a network node. Chrome and Firefox eat it up with no problems, IE will work if you override the cookie policies that restrict 3rd party cookies
without a valid p3p (what a worthless standard). IE also works if you already authenticated yourself on the individual sites and the session cookies are still valid.
View 1 Replies
Mar 31, 2010
Is it possible to log the user automatically into a third-party website if we have their details on record? For example, if I had a users facebook/hotmail username/password stored in my database, is it possible to use these details to log them into facebook/hotmail, then open up facebook/hotmail.com with them already logged in?
Basically my Client uses Basecamp for their customers and wants a way of automatically logging his customers into basecamp from their website without them having to go through the trouble of logging in again (after they've already logged in through my clients website).
View 5 Replies
Jul 5, 2010
I am using third party tool in my web site.Its running fine on my dev. PC.but when I upload it to serverm it says "System.Security.SecurityException: That assembly does not allow partially trusted callers."when I read about this error, many suggest to get it set trust level to high by admin bacause developer can not.
View 5 Replies
Oct 15, 2010
I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.
WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80in and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.
<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated
[code]....
But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.
Here is my custom policy file -
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />[code]....
After i deployed the wsp i verified
* the dlls going to bin
* the trust level changed to custom trust level
* custom policy file being added to config folder
But when i run the page i get the following error -
screen shot -
Error -Execution Permission Denied
I've checked my entire application for any assembly references of the dll. But i was not able to find one.
View 1 Replies
Nov 16, 2010
I understand how web.sitemap works in conjunction with the site's menu in order to make menu/submenu choices visible/invisible depending on the authenticated user's roles.
For example, part of my web.sitemap has the following which defines 3 reports. Then, once users log in, those with "Managers" role can see all 3 reports while those with "Users" role can only see the 1st and the 3rd report:
<siteMapNode url="~/Reports/Reports.aspx" title="Reports" description="Reports" roles="Managers,Users">
<siteMapNode url="~/Reports/LettersReport.aspx" title="Letters Report" description="Letters Report" roles="Managers,Users" />
<siteMapNode url="~/Reports/UserSummaryReport.aspx" title="User Summary Report" description="User Summary Report" roles="Managers" />
<siteMapNode url="~/Reports/LetterSummaryReport.aspx" title="Letter Summary Report" description="Letter Summary Report" roles="Managers,Users" />
</siteMapNode>
How can I retrieve these results outside of the menu process? For example, in one of my web pages, I may need to create a dropdown list which should be populated with the results of the menu process.
How can I make the dropdown list show all 3 items when a manager has logged in but only 1st and 3rd items when a user has logged in?
View 1 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Aug 9, 2010
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 Replies
Feb 8, 2010
Am going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 Replies
Sep 2, 2010
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
View 2 Replies
Sep 24, 2010
I have role assignments on both the first and second level of my menus within my sitemap file. The first level works fine, and I only see items assigned to my role. But roles assignments seem to have no effect on the second level. It seems like if you have access to the first level, you have access to everything on the second level. Is this correct?
From my sitemap (either a SalesRep or an Administrator can see everything underneath):
<siteMapNode title="Administration" roles="SalesRep,Administrator" description="Admin" >
<siteMapNode title="CompanyMaintenance" roles="SalesRep" url="~/Admin/CompanyManagement.aspx" />
<siteMapNode title="Initialize Roles" roles="Administrator" url="~/Admin/Roles.aspx"/>
</siteMapNode>
View 3 Replies