i had NT authority user account on the web server (or simillar priviallge account with sid like s-1-5-21-1311... ).
recently, due to security issue, had to remove this account and the application hosted on the webserver stopped working.
the issue seems to be with the database connectivity. not able to analyse the issue as, this occuring only on production and not on development server.
Long ago, I created an ASPNET user for development use.However, every time I boot up my dev system, I'm presented with a user login for ASPNET, among others.I don't want to remove ASPNET; I need it for dev work.But how do I keep it from appearing among the list of User Logins available at boot-up?
View 4 Repliesi have a web application that is using a https webservice and for accessing this webservice i have installed the PFK file into the mmc console in the personal storage folder and also installed in IIS. After installing the PFK file the properties of the installed PFK file shows a warning that "Windows does not have enough information to verify this certificate" but the installation is done with success. After this i go to add the wsdl to my project as service reference, but it shows the error "Could not establish trust relationship for the SSL/TLS secure channel with authority". What is the solution for this?
View 17 RepliesI have a web service in which i am making connection to the database to get data..now i want that the app pool account should be used to make the connection and not the current user's credentials..can somebody tell me step by step what changes do i need to make like setting impersonation=true etc.
View 1 RepliesI have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
I have a website where users can login and they have different roles/privileges. I want to have it where the user's view of the webpage is determined by their role. Right now I am storing the role in the UserData property of the FormsAuthenticationTicket class (which is retrieved from a database during login). When the main page is loading, I want it to check the user's role and then only show the controls/portions of the page that are for that role. For example, if the user is not an administrator, they shouldn't be able to click on a button to delete a record. At the moment I am using labels to hide or show areas depending on the user's role. Something like this:
[Code]....
[Code]....
And here is a portion of the markup code with the Labels:
[Code]....
This works, but doesn't seem to be a very good way to handle this type of thing. Is there a cleaner, more elegant way of doing this? Something similar to the LoginView control, but which I can use for roles?
Membership.DeleteUser not removing user from database
//Roles.RemoveUserFromRole("markwheeler1963@hotmail.com", "customer");
My application separates users by company identifiers in the URL: company1.app.com, company2.app.com...I am testing on my local PC with a request such as: company1.localhost.com. However, my request.Url.Authority still shows "localhost.com" instead of "company1.localhost.com". In fact, the prefix of 'company1' does not show anywhere. Is this a bug or a feature?
It's worth noting that I added to the host file an entry for "comapany.Blah -> 127.0.0.1". When looking at Request.Url.Authority it STIL shows localhost...
I have a "UserDetail" table in my "JobPost.mdf". When I click the "delete" linkbutton, it can delete the all User info from my "UserDetail" table, it also delete the corresponding "aspnet_Users" & "aspnet_Membership",but the "UserInRole" still contain that UserName. Even though I specified the Code:Membership.DeleteUser(UserName, true);
I thought true is for bool deleteallrelated data, but it doesn't really delete the userInRole. So next time the user registers with the same name, it automatically get the "admin" role right. This "deleteUser" page I keep it inside a protected "admin"folder. How to solve it? Why Membership.DeleteUser(UserName, true) doesn't delete UserInRole?
protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "Delete")
{
string UserName = e.CommandArgument.ToString();
Membership.DeleteUser(UserName, true);
JobPostDataContext db = new JobPostDataContext();
var query = from u in db.UserDetails
where u.UserName == UserName
select u;
foreach (var item in query)
{
db.UserDetails.DeleteOnSubmit(item);
}
db.SubmitChanges();
FormsAuthentication.SignOut();
}
}
My web.config inside the protected Admin folder:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Is it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
View 4 RepliesI have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 5 RepliesI'm using membership provider (SQL) in my application. How do I set to de-activate user account automatically after a period not being used by the users?
View 4 RepliesI have set up a web Application using IIS 7 .Following details:-
Database server is sql server 2008 r2 and located on another machine
I am using forms authentication and while trying to logon using my start page where i am validating the user from database. This error is coming while login
i am working on .net framework 4.0
What can be the reason for the same .
i use from a session for holding user's authority in web application.
how to i set Session.Timeout that never expire or can i use other way to holding user authority
in web application.
i need access to this authority in all page of web application
Hopefully someone knows a way to fix this issue, but here is my problem. I need to be able to recreate a md5 hash that will be the equivalent of the hash that php would generate.
The encoding I have tried is listed below. None of these will produce the same values.
UnicodeEncoding
UTF7Encoding
UTF8Encoding
UTF32Encoding
I am trying to build a login page as follows.On the machine on which i want to host the application i have a windows administrators group in which some windows domain users are.Now on building the login page i only want those people to access the application on login. What is the best way to acomplish this.
View 1 RepliesWe're running ASP.Net applicationon the server running Win2k AdvancedServer. Everytime server is rebooted the ASPNET account gets locked, even after unlocking the account, after few mins the account gets into locked mode.
View 7 RepliesI have a web application. This application needs to perform a search on folders located on 2 different machines. I can use impersonation for this. But -
a. I don't want to use network service account
b. I want to impersonate just the search part of the code.
c. Specifying encrypted user name / password in web.config is one option. But this would be the last option.
Can I use a custom service account for the application pool for this? If yes, then how to impersonate a specific part of code using this?
We have a website that calls a utility from the command line to create thumbnails places them in a directory and then the page will display the contents of this folder to the user.The utility seems to only work when we run the application pool under an administrative account, we have tried the network service, local system, and local service all to no avail.Just wondered if anyone had an opinion on how secure/unsecure it would be if we ran the website under the administrative machine account? Does this open up a massive secuurity hole etc is it that likely that we are comprimising the network.
View 3 RepliesI face this problem when my client setting the LAN like this: the database server is in server A, the web application is in server B, and the windows login server control (is it what we call "windows domain"?) is in server C.
When I use windows authentication in the web application I built, it checked only the windows account in server B. How to authenticate with server C's windows account?
I am trying to send e-mail after an account with roles has been created, but I keep getting this error:
CS0123: No overload for 'RegisterUserWithRoles_CreatedUser' matches delegate 'System.EventHandler'.
This is the wizard I am using:
<asp:CreateUserWizard ID="RegisterUserWithRoles" runat="server"
ContinueDestinationPageUrl="~/Default.aspx"
onactivestepchanged="RegisterUserWithRoles_ActiveStepChanged"
LoginCreatedUser="False" oncreateduser="RegisterUserWithRoles_CreatedUser">
<MailDefinition BodyFileName="~/AccountCreated.htm"
From="myemail@gmail.com" IsBodyHtml="True"
Subject="Your account has been created!">
</MailDefinition>
<WizardSteps>
<asp:CreateUserWizardStep ID="CreateUserWizardStep1" runat="server">
</asp:CreateUserWizardStep>
<asp:WizardStep ID="SpecifyRolesStep" runat="server" StepType="Step"
Title="Specify Roles" AllowReturn="False">
<asp:CheckBoxList ID="RoleList" runat="server">
</asp:CheckBoxList>
</asp:WizardStep>
<asp:CompleteWizardStep ID="CompleteWizardStep1" runat="server">
</asp:CompleteWizardStep>
</WizardSteps>
</asp:CreateUserWizard>
This is the c# file:
protected void RegisterUserWithRoles_CreatedUser(object sender, System.Web.UI.WebControls.MailMessageEventArgs e)
On admin side how to create first secure admin account when there is no users/admin exists without manuall entry ?On any website how we can create Super admin account who will handle all the things? Except the entry in db manually. I c# or vb.net
View 1 RepliesI am looking for a code which does authentication using service account username and password. I mean username and password which has permission to access the active directory and then authenticate the actual username and password provided by end-user. Googled everywhere but could not find any suitable code.
View 1 RepliesI've got an ASP.NET website, and its connecting to a database I've created on SQL Server 2k8 and I'm using windows integrated security on my connection string between asp.net and SQL Server. What account should I give permissions to my database inside SQL Server? Should I give NT AUTHORITYNETWORK SERVICE permission to my database? Right now, I right clicked the network service account, and went to properties, and then I checked my database under "users mapped to this login:" and then in the "database role membership for" diaglogue I then selected public and db_owner. Is that right?
View 1 RepliesHave I done something wrong ?I am running a web-site with simple .aspx files on a standalone workgroup Windows Server 2008 called 'Max'.I had assumed that the .aspx files were accessed by the 'Network Service' account.The application pool for the website is running with 'Network Service' as the process account.I was puzzled, since 'Network Service' had no permission on these .aspx files, and I coudln't understand how these files were being accessed at the file level.So I added event level auditing to the files, and I was suprised to learn that the .aspx files were being accessed by an account called Max$ (ie the computer account).Is this correct ?Why is the Network Service account not being used ??
View 11 Replies