i have a client who wants to increase security on ERP and CMS application developed in DOT NET
We can do some testing and optimize the code. However what else can be done for more security ?
i am working on my master site, and i want to add an image that increases its lenght as the website's length increases...
but im not sure how to do that, i know it's possible because i've seen it done on banners, but im not completely sure how to do it.
Is there a way that I can share membership (login, etc.) between two different web applications? I would like to create a smaller debug application to test some stuff in my database.
View 2 RepliesI recall some way to use a single instance of the the asp.net membership for multiple applications. For example...if I have a main single sign on portal, perhaps I'd like them to have access to Application A, B and F, but not C, D & E. Instead of maintaining different security for each application, can we have a single membership table maintaining all of the enterprise applications? So user 'John Doe' would have a single membership record, but have access to different applications.
View 3 RepliesI'm looking into building a web application platform which users will log into and be able to access other applications based on permissions. I've set up the membership provider and it is being shared between apps. Here is my problem: If I log into application A, and click on a link that takes me to application B, I have to log in again. Is there any way to share that session between applications so the user can log in once, and not have to do it every time they access a different application?
View 6 Replieswe have about 4 web applications in our company with seprated login pages, is it available to have a unique login page and after login let user choose what application he/she needs ?
View 4 RepliesI already have 2 web applications running. both of them are using membership and accessing the same database but their application names are different. so basically in my aspnet_Users table, i have users with different applicationIDs and in my aspnet_Applications table I have 2 records in there. so i have 2 separate login locations
..app1login.aspx
..app2login.aspx
What my the business wants is to only have a single point of entry. so they want something like this
..applogin.aspx
and by verifying the username and password pair, my code should be able to route to the appropriate app and bypass its login form. (don't be concerned about the duplicate username between applications, it's been taken cared of)
so I'd like to solicit suggestions from you how should I implement this without modifying my existing setup? and where should I place this login web form in my website? this is the current site structure:
www.site.com/app1
www.site.com/app2
I have a bunch of applications that currently share the authentication cookie in v3.5.
We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.
In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>
I have a case where i have two asp.net applications, one is hosted on example.com/App1 and the other on /App2.
both applications are password protected using Windows authentication.
App1/default.aspx has a <img src="/App2/somefile.aspx">
Now what happens when i open App1 is that i get the credentials prompt, but because App2 is also protected, the HTTP GET for the img requires me to authenticate, in other words i get two prompts.
Is it possible to do something so that the authentication is for example.com so that both App1 and App2 consider the user authenticated?
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .
Is there any way to passing user information across secure connection??
Just an FYI for those trying to use the SqlTableProfileProvider in a Web application project. Here's my article:
Using the SQL Table Profile Provider in ASP.NET 4 Web Applications (C# & VB)
[URL]
The complete projects are here:
[URL]
I've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.
To this way, by token, I create a new session and save the relative auth cookie.
But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.
Both the two application are behind an reverse proxy.
I am working on a scenario where I need to combine three applications into one (Project Requirement). I link the three applications on a web page and which ever link is clicked, I redirect it to that page.
My application sturcture looks as below
MainPage
- Folder1 with App1 (uses Active Directory group for authentication)
- SubPages
- Folder2 with App2 (Uses Membership roles and users)
- SubPages
- Folder3 with App3 (Uses Other logins for oracle database)
- SubPages
Is it possible to provide authorization only for my App2 based on the role created in membership.
For eg: There is user1 with role1 and user2 with role2 but i need to allow only user1 with role1.
When I was checking this scenario in the ASP.NET configuration settings to modify, it has the allow all permisions which is disabled to modify and it is given that Rules that appear dimmed are inherited from the parent and cannot be changed at this level.
I am using ASP.NET Membership with the default provider. I have a project where there are 3 different applications(seperated by the applicationName). Now I need every user to be able to log in to all the applications, but have a seperate role in each.Is this possible(I dont want to duplicate user details or logins for the same person)?
View 4 Repliesi am managing three applications .. i hve separate pages in each of these applications for creating users and roles..
can i create a single page where in i can choose for which applications i want to create users..
i am storing the users of each of thse 3 applications in a same database and i hve separate application name for each application in membership provider
I have created custom a MembershipProvider, SessionIDManager, and SessionStateStore since I need to use custom legacy sessions and logins.. When the Application is ran, it runs the GetSessionID in the SessionIDManager(which is correct) The problem then is if there is no session meaning the GetSessionID method returns null, it tries to create a new session using CreateSessionID.. I want it to redirect to the login application(another application). We only create and store session information for logged in users and the "session id numbers" come from a file that is pre-populated with "session id numbers"(I didnt design this and its out of my control).. So its not feasable to give everyone who visits the site one of the "session id" numbers. I also need for users with an "invalid" session(when checked through Validate()) to be redirected to the login page.
View 4 RepliesI currently have a website up and running and working correctly with godaddy.com using the out-of-the box authentication with an aspnetdb sqlserver database. I have users on this site and am very hesitant to change anything with this database or the web.config file from the working site for fear of wrecking it
So, my challenge is that I need to authenticate a separate application using the same aspnetdb.mdf file without any crossover to my 1st application. I've noticed that the ApplicationName that is currently in my aspnetdb database for the working application is just "/". I know that I'll need to have 2 separate entries in the aspnet_Applications table to define these two applications and then somehow register those names within their respective web.config files - but wanted to have step by step instructions on how to this so as to not "break" the 1st working application that is already live.
Can anyone point me to a document on what changes I will need to make?
Also, with the default create user wizards I'm using, how will it know to create the new user information with the correct application ID so that the user information from one application is not visible to managers of the second application and vice/versa?
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
I have more of the same applications.All tables are identical.Each application has a new user.These different applications are located in different domains such as.: domena1.com, domena2.com, domena3.com.Each domain has different users.
For each domain in the web.config change the "ApplicationName", eg.:
ApplicationName = domain1, ApplicationName = DOMAIN2, ApplicationName = domain3 ...
I am currently working on an ASP.NET 3.5 and C# web application which deals with users private information like SSN numbers. What are some of the security measures which I need to take from an application development stand point to feel safe?
View 4 RepliesI have a design issue with a new project, the web application I'm developing is suppose to serve three different segments of business, each segment has a sligthly different requirement, but in all they share most of the same business needs, so I'm creating only one web application.
I've created three "Application" in the asp.net web administration tool.
I want to be able to create users related in each segment with their associated "Application" in membership store.
and when a users login(there is only one login pag) to the application to be redirected to his specified application.
The thing is the web.config configuration alows you to define one "Application" name, and hence the membership APIs pick up only that application.
We are upgrading the asp.net 2.0 web application to asp.net 4.0.
The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain.
the URL like,
mydomain.com/login.aspx
mydomain.com/franchise/login.aspx
mydomain.com/admin/login.aspx
In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time.
After the up gradation process (ASP.NET 2.0 to 4.0),
We didn't run all three applications in same times and also form authentication crossed.
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
View 1 RepliesI've been worked with web services so far, and I'm interested in expanding my services to console applications as well so I started digging up with WCF but I'm conserned that I won't be able to use the HttpContext collection that I've been used to do with web services one important thing which is to generate a random value from HttpContext.Current.Request.ServerVariables["ALL_HTTP"] that I need to reckon if it's the same or at least near what machine that is calling my service. How can I overcome this problem?
I need to know what machine is calling to count the number of attempts to login into my system for example. So must do it inside of the svc code otherwise if I let the client inform what ip address or what computer he is using, anyone could forge this argument and surpass by another machine. May be I'm approaching this matter wrongly. And I should count the number of attempts per state session, but how is it done?