Security :: Production Server - How To Maintain Administrator Status For Certain Users
Jan 4, 2011
On the local development machine a number of users are administrators (using the asp.net administer website tool accessible via the login controls on the page).
When the site is copied to the production server, these users can still log in, but they are not administrators anymore.
I can use the same way as on the local machine to rectify this. And this works when the site is run of the development tool (visual web developer express 2010, i.e. local host).
However, the functionality (admin users can access certain websites (via if(User.IsInRole("Administrator") == true) is not working when the same code is run in the production environment real production server, not localhost). Somehow asp.net is not recognizing that users have been set to that role.
How to give the Permissions to the users & Administrator in the asp.net...For example : I just want to give the permissions to the users that screens only appear for User remaining will be hide in the menu. What are the proper steps for the permissions in asp.net ....
I've been reading about asp web administration tool. I read about creating roles and stuff and forcing a controller to use authentication in order to be viewed. My question is, say create on the administration tool a user called Peter and I assign him the Administrator role. Then I want to create another role called LimitedAdministrator. But I want Peter to create new users on his View (I'm using MVC). Can anyone point me in the direction of how to do this.
I want peter to see on his page, like "Create user" and this user will be created as a LimitedAdministrator.
In my asp.net application, users are created by the administrators & those users need to log-in into the system using their own email/password or openid. So what is the best option to implement in this scenario?
I mean, as users can't register them self,do administrator required to associate each openid with the users & what kind of table structure do I need?
And do I also need the log-in interface like that of [URL] showing multiple types of authentication(default & openid from various providers)?
I have an ASP.NET web application that has the following settings in the web.config file:
[Code]....
(The actual names are different, obviously.) I am not a member of the real "Valid Site Users" group which is why I am given explicit access.I am able to access the site without a problem while developing and debugging locally; however, I get a 401 (Unauthorized Access) error when I deploy the site to a server. The only way to gain access is to remove the <deny> element from the configuration, which is not an acceptable option.I'm certain the solution is something simple and I am just overlooking
Is there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
We have a website that calls a utility from the command line to create thumbnails places them in a directory and then the page will display the contents of this folder to the user.The utility seems to only work when we run the application pool under an administrative account, we have tried the network service, local system, and local service all to no avail.Just wondered if anyone had an opinion on how secure/unsecure it would be if we ran the website under the administrative machine account? Does this open up a massive secuurity hole etc is it that likely that we are comprimising the network.
I have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform
[code]...
When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?
I'm making my first professional website. I don't know what goes on when developing websites, so my question here could be incorrect. Anyway, I want a way to have an administrator login to my website and have the ability to modify, edit, delete, or add whatever he wants on the fly. How would I do that?! I really don't think that whenever the people I'm making the website for would need changes or adding new pages would call me to do that for them! So, I must provide them with their own means of administrating their own site after I'm done with it.
I have thought about using webparts but they're not thorough for everything in the site. Also, a side question, where should I put text content of the page in? Should I store it in a database, text file, or hard code it in the page?
I'm trying to find the best server architecture solution to deploy monthly updates to an Asp.net external public facing website. What I'm looking for are ways to release a new version of a website with minimal impact to users. Besides deploying the standard way (ie. stop IIS, copy new website over existing website, start IIS), what are some "better" solutions for deployment out there? It would be nice if they kept their session and didn't have to see a "Website under maintenance" message during the update. My server configuration
We have 2 IIS web servers (2003) and are trying to figure out the best way to utilize them for deployments. My first thought was to update the non-active web server with the latest release. Then to gracefully point the web traffic to that server with minimal impact to users (best case, the user doesn't lose his session). How would you go about "repointing" the web traffic from server 1 to server 2? Changing firewall NAT? Changing DNS records? Some other way?? We need to be able to test the live site immediately after we release the new changes (duh). BTW, we are using nant and cruise control to automate the builds, and a custom web service to deploy the build to production. So it's all automated with the click of a button. Could a better solution be achieved using a 3rd server? If so how?
I have to maintain session of two users on a sigle page.And the path is. UserPath:
1.User logins with his credentials((We retrive their credentials from login table) . 2.He invites some of his friends for a birthday party. 3.And send an url link to share some of the gifts with them in which gifts are provided in Share.aspx page. 4.Userlogouts.
Invites path:
1.Invite logs in with his credentials(We retrive their credentials from invites table). 2.He is directed to go to Share.aspx and list the items he require. 3.And he logs out.
Now i have problem in maintaining session for both the user and invite. How can i maintain the session so,that the user can identify a particular invite from the list of invites an his chosen items.
I created a database with aspnet_regsql, the database was created in sql sever 2008 and not in data folder in my project (do I need to move it to the folder manually?). Next, in Web Site Administration Tool I went to provider section and clicked don Test button.
I got an error:
Could not establish a connection to the database. If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
Maybe I need to set something in a web.config, like membership settings or connection strings (or ASP.NET Website Administrator Tool should create those settings for me)?
Update: Maybe it happens because I am using SQL server 2008 full and not express?
Update 2:
After setting membership section and connection string to my aspnetdb database in Web Site Administration Tool I've opened security->Security Setup Wizard->Define Roles (stage 4) I got this error:
An error was encountered. Please return to the previous page and try again.
The following message may help in diagnosing the problem: Unable to connect to SQL Server database. at
System.Web.Administration.WebAdminPage.CallWebAdminHelperMethod(Boolean is Membership, String methodName, Object[] parameters, Type[] paramTypes) at ASP.security_wizard_wizardpermission_ascx.OnInit(EventArgs e) at System.Web.UI.Control.InitRecursive(Control namingContainer)
I want to make a secure website using ASP.NET, but when I publish it, the domain administrator can see all the data stored in my database (SQL Server). I want to hide my data and code from the domain administrator too. Are there any procedures to do that? give me the address of a good domain I can use, which will give me all administrative power of my website (Domain owner also cannot access my databases and files.)
I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....
I have searched and could not find any article related to "How to implement Certificate Security in production environment".
I could able to Create sample certificates for client and Server on my local machine and was able to authenticate my client app with the certificates . These certificates are test certificates.
How do I do this in Production. We have a domain certificate from GoDaddy which resides on the server. How do I create a Client Certificate off of that.
HTTP 502 Proxy Error - The size of the response header is too large. Contact your ISA server administrator. (12216) Internet Security and Acceleration Server
I am guessing it has to do with the size of hidden "__ViewState" tag in my ASP.NET pages.
I also realize that this is restriction imposed to by IT on the users end and I have no contol over it.
I disabled ViewState on all the controls in my ASP.NET pages. However, __ViewState is still generated very large (as always) to persist control-state (e.g. checkbox, radiobutton, etc.)
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
we cannot login to one of our asp.net production website. Once login ID and password are entered on the login page, the site just stays on the login page without giving any errors whatsoever and without opening the default page.
Members cannot login when I move a site from development to production. I can see them in a page I made that reads the sql table.I checked the machine config file and the application name is "/" in both development and production. When I open the db in management studio I can only see new ones created during production. What gives, and how can I delete these 'ghost' users and re-create them in production so they can log on?
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
I have created the asp.net application and Hosted on Different Server(i.e Test,Development). its is an Intranet Application But When I tried to Host on Production the WebApplication dont work when I check the "Integerated Authentication" and when I check the "anonymous Access" i get null value for the HttpContext.Current.User.Identity.Name.ToString() returns null. and User.Identity.IsAuthenticated also return false. what changes do I have to make in IIS and Webconfig of my application so that it can run on ProductionSERVER