Security :: Write To Isolated Storage On Client Disk In A Hosted Environment?
Jul 6, 2010
We have had complaints of users losing data that they entered in textboxes in our ASP.NET 2.0 web application. Users are authenticated using Web Single Sign On method. My boss would like to save the client data in a file on their local disk in case they lose connectivity. I know this is not allowed with the default security of ASP.NET.
Would it be possible to programmatically change the ACL permissions for the NETWORK SERVICE account to access the isolated storage folder on the logged in user's local disk? Is there a better way to achieve this goal of persisting user data to a file?
I have a windows application that stores a file on the current user's isolated storage, lets call this user Adam. On the same machine I have a Web service (The Web Service's application pool is running with Adam's credentials) that uses the same dll to access the file on the isolated storage but it is trying to access a file on the Default User's profile instead of the real user's profile (in this case Adams Profile)
Why is it trying to look for the file on the Default User's profile Instead of Adam's Profile? How can i make it look for the file in the right profile?. I'm running it on Win 2003, C# and .Net framework 3.5
if using session variables to store and retrieve information is a bad practice? Let me give you some background:
I am developing a site for a friend of mine, and his site is hosted by Go-Daddy. My feeling is that Go-Daddy is not the best place to host a .NET site, but it is what it is.
After the first version of the site was published and people started using it, users immediately started having session time-out problems and null exceptions when referencing session variables. I researched everything I could and tried everything I could think to do, but I just could not correct the issue.
Then, while doing some testing, I discovered that users weren't individually timing-out and losing their session information, but, rather, all users where timing out at exactly the same time, regardless of how long they had been logged in or what they were doing. So, for whatever reason, the server was just dumping all sessions at random intervals.
At this point I needed to move on with the project so I added a number of cookies to replace the session variables, and everything began working properly.
in a hosted environment, should I avoid using session variables? Is it as problamatic as my research and experience would indicate, or is this simply due to the fact that I am working with a poor hosting company in Go-Daddy?
I have a form where a user asks for a quote and we need to send an attached application form. all this worked in the dev environment but when I post the changes onto our hosted server (third party ISP) I get an error when the attachment is added. I have tired to use URL's but that does not work, at the moment I am using a relative path, but have also tried to place the file in the forms page folder.
I've a view which display all data. I'm using ViewData, for loop etc.. on the view, to show the data. It may sound weird, but is it possible to write view to disk as a file instead of showing in the browser. The reason is that, business wants functionality to send the same view file as email attachment to the user.
I have an httpmodule and it has a handler for OnEndRequest. I am trying to write the HttpContext.Response.OutputStream to a file. I am trying to use the Read method of it. But when it is called the exception message i get is "Specified method is not supported". So i am not able to do what i want that is, write the response to a file on the disk. I am able to write the HttpContext.Request.InputStream to a file using its Read method which i do in a handler for OnBeginRequest.
I tried the below code for getting clinent ip address. Request.UserHostAddress; or
Request.ServerVariables["REMOTE_ADDR"]; or
Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
If the request coming from IE it will work file, but in the case of Mozilla Firefox it shows the proxy ip address. I am getting the sam ip addres from different machine if the request from mozilla firefox.
I realize that this question can start a discussion but that's really not my intention. We've created a Flex Application to take tests from candidates. The advantage of the Flex Application is that all state can be stored in the application running in the browser of the client. Things like time limits, navigation, scoring, ... can all be handled within the application without us having to worry about a back button for instance. Even running the app offline with Adobe Air isn't that hard.My question now is if such an application could easily be made with HTML, Javascript, Ajax, ... ? The reason I'm asking is because an application in HTML would be much easier to distribute on Mobile devices for instance. Also, our domain model for instance is mostly implemented in AS3 (Flex) so using it along the server side means porting it to C#.NET. (with two codebases as a result).
It used to work when my ASP.NET site was only hosted on a single server. However once we got the load balancer installed and migrated our apps to a web farm, the code above returns the IP of the Load Balancer device and not of the client anymore.
I am working with the networking folks to determine what can be configured differently with the load balancer, but in the meantime I was wondering if there was another way I could get the client's IP other than using that IIS Server Variable?
I have searched and could not find any article related to "How to implement Certificate Security in production environment".
I could able to Create sample certificates for client and Server on my local machine and was able to authenticate my client app with the certificates . These certificates are test certificates.
How do I do this in Production. We have a domain certificate from GoDaddy which resides on the server. How do I create a Client Certificate off of that.
I am tasked with migrating a copy of our live website to the local drive so that changes can be made. Most of my focus has been getting the web.config file to work on the local drive. I used the aspnet_regiis tool to unencrypt the connection string, because this was causing a runtime error. I was getting the following:
I have an ASP.Net site using Forms authentication. One of the aspx pages loads a WinForms user control hosted in IE. That control must connect with a WCF service located in the same ASP.Net web site.How can I make the WCF service secure? Currently I have set the WCF service to use AspNetCompatibilityRequirements mode but the user control hosted in IE can't connect to the WCF service as it isn't logged in.
In .NET is it possible to get the HttpContext of the current page from within an external class?
So, for example in my page test1.aspx codebehind I've got:
Dim blah As New FeedWriter() blah.Run()
But inside FeedWriter.vb, can I get the HttpContext of test1.aspx? Or would I have to pass it in to Run()? (I'm unwilling to do the latter because FeedWriter implements an interface which will need to be re-written if it's to take arguments)
Can I use the membership provider api on a hosted service? I can create mssql databases but have no control over iis. Will I be able to use the membership admin webpage on the hosted service?
Am I correct in stating that the api uses ASPNETDB.MDF in the app_data folder as it's database?
We just moved our site (still in development) to a new hosting company, on a medium trust shared environment. We setup the databases, aspnet_users tables etc, but now our page that handles new people signing up doesn't work. It contains a simple standard <asp:CreateUserWizard> control. However, this page is not working since the move (the rest of our pages are working). We get this compiler error:
Request for ConfigurationPermission failed while attempting to access configuration section 'system.web/machineKey'. To allow all callers to access the data for this section, set section attribute 'requirePermission' equal 'false' in the configuration file where this section is declared.
Apparently the hosting company is using the default medium trust .NET settings. We have no idea how to get around this since we've always developed on full trust dedicated server environments. Is it simply a fact that the <asp:CreateUserWizard> control does not work in medium trust, or is there a way?
i wrote all my code on my computer so i had a high trust level, after ftping my site and database to godaddy.com i realized they have a medium level trust enviroment.... i called the tech support and they said they were sorry but they couldnt change it for me... heres my code. any idea how to get it to work in medium level trust? I am trying to create a new directory where all of a users upload goes. The folder is created dynamically when the upload page loads.
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
We are looking to integrate Memcached into our infrastructure, but have a security concern before we do. We run several platforms including ASP.NET and ColdFusion and have many app developers working many little applications across the different platforms. The concern is this: App A places item "dog" into cache.
App B reads item "dog" (or worse: App B updates item "dog")
After this happens, App A either retrieves bad information, or has already had its information viewed, aka "stolen". What we would like to do is make it so that each app can only interact with its own sandbox, and may not interfere with or read other application's data.