Security :: Security With Webservice?
May 8, 2010
I'm developing a site that will display confidential readonly information,with data fetched from a WCF service.My question:What is the best approach to user management across different information pages.The service returns a collection with customer info after a secure login.idea is to have a Customer object class that is stored in session.Is it possible to use things like HttpContext.Current.User.Identity.IsAuthenticated
followed by HttpContext.Current.Session["UserId"] without using a database with role-based security?Would I be better off with a combination of local database, Linq to SQL or datasets rather than using
just class objects for data fetched from service?
View 1 Replies
Similar Messages:
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Nov 29, 2010
Since I start hating postbacks, I use WS or PageMethod for every client to server process. I did same for Logout but Im not sure in this.
I wrote code like this
//In WS
[Code]....
//on aspx
[Code]....
everything working fine, but I have some kind of feeling that I'm missing something(like calling any other method) ? I just wanna make sure as its for security purpose.
View 2 Replies
Jun 9, 2010
Does anyone have an example of authenticating through a webservice ?I have a website that allows users to login in using the <asp:Login> control.After they are authenticated I want them to use a webservice to add records, modify records. (The web service will be used later by external sites).I have a webservice up and running which the aspx page "authenticates" to using Profile.UserName.Is there a way to get the aspx page to send the username and password used at log on without having the user enter it each time ?And then how do I authenticate them ? (maybe using Membership.ValidateUser ?)
View 1 Replies
Jan 21, 2010
I am really new to webservices and ASP, so excuse my noobiness in advance ;I am making a webservice which displays stock availability from a table in a db when given the ProductID number.The problem is that I am required to do a SOAP authentication as well.
[Code]....
From the above, you can see that I am using Auth.username and Auth.password which is a authentication class I created with two string arrays that contain login details. If one username matches it's correponding password then logon is allowed else declined.Now that I reached here, I need the web service to validate if logon details are correct through a table called tblStaff which contain attributes "username" and "password". Doing it with an array containing predefined details through code is easy, however by checking each "username" and "password" from tblStaff... /confused
View 1 Replies
Nov 10, 2010
How can we implement security in case of asp.net webservice ? as per my knowledge, we can implement security by the following ways -
1. IIS authentication
2. Form/Passprt/Windows Authentication in web.config file of the webservice solution. is there any other way to implement the security in webservices ?can we implement security at web-method level ?
View 1 Replies
May 27, 2010
I wrote a web service sometime back, and uploaded to one of our network Server's IIS. The webservice needs to access a network folder, which was working perfectly fine till a month ago. Now, when we use the webservice in our .Net application, it fails with the exception message "Access to the path '\<networkMachine ><Folder >' was denied" (may be some group policies changed). But when I run the webservice from my local machine's Visual Studio debugger, it can access that folder. What could be different on the server's IIS w.r.t. my service? Why was it able to access the network folder before but not now? Please note that I can manually access that shared network folder from my machine, and also when I remote desktop to that <networkMachine> from windows explorer.
I saw in the task manager on the server that the IIS process w3wp.exe is running under 'NETWORK SERVICE' account. Though the network folder is not shared specifically with this account, but that has given read & execute access to 'Everyone'. Then what is the problem that it cannot access the folder. By accessing I mean creating a 'DirectoryInfo' object of the path '\<networkMachine ><Folder >' and reading all the subfolders -
just read.
View 3 Replies
May 19, 2010
I am using Asp.Net application for calling an existing Java webservice. Recently the web service is configured with Security certificates. Now I need to call the webservice using "https:URL .." and by passing the credentials i.e. UserId and Password.
When I call the webservice using [URL] I get the below error. Is the change in my code is causing this error?
Error:Client found response content type of 'text/html; charset=iso-8859-1', but expected 'text/xml'. The request failed with the error message: --
500 Internal Server Error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. contact the server administrator, you@your.address and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
IBM_HTTP_Server Server at ............ Port 443
View 1 Replies
Feb 10, 2011
I'm having trouble with accessing my webservice.
I've got a webapplication and inside this webapplication I have a webservice. An external program is going to use this webservice in the future, but for now that is not the problem. this webservice is also called from inside the webapplication. this is where the problem starts.
I keep getting this error:
The remote server returned an error: (401) Unauthorized.
I tried with imporsonate= true, but it didn't work
[Code]....
the webservice is called like this:
[Code]....
I hope some one can point me into the right direction.
I'm using iis 7.5asp.net 3.5
View 1 Replies
Jul 19, 2010
I am using the Login Control and the Login.aspx page for Login authentication. How can I call login from another page or a webservice method with a Userid and password parameters.
[Code]....
View 3 Replies
Feb 10, 2011
I hace created a webservice, that is on one server and then I created a web application on another server to consume that webservice. My web application uses threading. In my web application, I call the webservice and it returns me the response. Then my thread sleeps for 20 minutes and then it again calls webservice, but when i call the webservice second time , it fails. Here is the error and stack trace:-
Stack Trace:- at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at TransactionExport.LocalWebService.TransactionExportStaging.GetDays(String projCode) in C:inetpubwwwrootTransactionExportWeb ReferencesLocalWebServiceReference.vb:line 102
at TransactionExport.TransactionExport.LoadDays() in C:inetpubwwwrootTransactionExportExport.vb:line 267
View 4 Replies
Jul 12, 2010
In IIS I have a virtual directory with only windows authentication enabled. From Javascript I call into a ASMX webservice. From the ASMX webservice I make a call to the SharePoint Search.asmx Webservice. whatever I try I keep getting the followin gerror message:
"The request failed with HTTP status 401: Unauthorized"
I use the following code to call the SharePoint webservice
[Code]....
My web.config settings are:
[Code]....
The Sharepoint farm is configured to use NTLM authentication.
Strangely everything works when I am testing in Visual Studio using the builtin webservice, but when I deply to my local IIS or Test Server it breaks.
View 1 Replies
Jan 7, 2010
I wrote a web services with Windows authentication, when i consume this WS from my app inside my network all work great, but when I consume this WS outside my network the WS return "The request failed with HTTP status 401: Unauthorized"I'd try the URL in an explorer page and all works great.In my app I use this:
webservice.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
What alternatively can I use to get credential inside and outside of my net?
View 4 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Jun 3, 2010
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
View 2 Replies
Apr 2, 2013
Error:Â
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
Jul 22, 2010
I have created user web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Local server , it is throwing security exception
Error 1 Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibrary�inDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Library
Anybody knows why this error occuring...?
View 2 Replies
