I have an MVC4 website that runs just fine in vs2015 with IIS express, but now I've tried to deploy it to a local instance of IIS 7.5 and I'm having an issue. I get the following error:
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
I've looked around online and tried a few different things, but am not having any success...
I was working on my homework, making a website obiously, but I have a small problem with the griedview. I wanted to add a button on the end of the row, but I receive some error notifications and warnings too...
SeverityCodeDescriptionProjectFileLineSuppression State ErrorBC30518Overload resolution failed because no accessible 'Add' can be called with these arguments: 'Public Overloads Sub Add(column As DataColumn)': Value of type 'ButtonField' cannot be converted to 'DataColumn'. 'Public Overloads Function Add(columnName As String) As DataColumn': Value of type 'ButtonField' cannot be converted to 'String'.GIPH:GIPSearch.aspx.vb31Active
I have the following string stored in a char column of sql server (there are several this one is just an example):
Code: ROix5LkY0Zps4MPcWnSmiw==
I also have the key used to generate the string:
Code: 6B9245B1A88A82FC328C8A1B8870E34D
And I found the following solution to decryp and encrypt:
Code: Dim des As New TripleDESCryptoServiceProvider Dim md5 As New MD5CryptoServiceProvider 'hash function Function md5hash(value As String) As Byte() Return md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(value)) End Function
[Code] ...
It works like a charm when i encrypt and decrypt values set by me in the page;
But when i use the value stored in the DB it throws the following error;
"An exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll but was not handled in user code
Additional information: Bad Data."
I am i using the wrong crypto class ? it's a length issue? the string is not base64?
create a site with good security that validates, as website normally do, that the user has loged in. Im using sql server 2008 and VS2015. I've created a simple login form that validates users against a DB but i dont know how to preserve de session and validate that thought pages.
I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password.
When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing).
My question/problems are:Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue?
Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2.If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load?
I plan on using LDAP for authenication on my website and was wondering if this older article was still a good direction to go? [URL] .... I am using Visual Studio 2012 and just didnt know if there was a more "up to date" means.
im trying to set up a website with forms authentication. so i created a new asp.net project in vs2010 and ran the asp.net configuration after that i tried creating a new asp.net database and used the following code to disable the user instance database and use the new database i created.
I need to apply Windows Authentication for my website. But We dont want the user to be enter the User Name and Password in the Popup coming default.We need to provide the user with the input controls in the aspx page,then using the credentials will need to implement the Windows Authentication.Is it Possible to pass the windows authentication username and password from the aspx page , to enable the Windows Authentication
Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at [URL]
(basically, setting up identical <forms> sections in the Web.config, and keys in the <machineKey> section)
Now, I am trying to do something similar to get BlogEngine.NET (which is a Web Site, not a Web Application) to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".
I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.
I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. I need to do to get the URL with server name working.[URL]
I have posed this question recently in a different form, but the answers I got led me nowhere. This is what I want to do:
Have a web site that requires users to login.
Have the authentication process be done by ASP.NET (rather than Windows).
I have had many links to voluminous articles in MSN that simply did not work. Is there not a simple (wizard-like) way to start a web site from scratch and establish the objective of having users login to the site? I have tried creating a blank ASP.NET Web Site and using the Website>ASP.Net Configuration tool. But as soon as I go to the Security tab, rather than getting the wizard, I get the error:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: The database filename can not contain the following 3 characters: [ (open square brace), ] (close square brace) and ' (single quote)
Does anyone know some SIMPLE steps to setup a new web site with ASP.NET authentication (forms authentication)?
I have an ASP.NET MVC application for which I store uploaded content files in a virtual directory. This virtual directory is directly underneath my MVC website in IIS. My problem is that the virtual directory allows anonymous access. Anyone, logged in or not, can type in a public URL to my virtual directory and read the files in it. Is it possible to configure IIS (or something else) in a way that forces any requests to this virtual directory to run an authentication/authorization routine before allowing access?
Is this something I can configure in my website's web.config, or does the request never hit any server side code in this case? If it never hits server side code (and feeds the request directly to IIS), how can I change my implementation to require my site to authenticate/authorize and then serve my file.
I am using login control in my website for authentication. after login successfully i am storing value in session variable in session["LoginId"] and after login the template of login control gets converted into loggedInTemplate by calling authentication.redirectFromLoginPage(). But sometimes what happens the login template is gets converted into anonymous template while there is a session value in session variable i.e. session["LoginId"] variable has the value still login control shows anonymous template.
Until now, I've always used straightforward Forms Authentication on my community websites, and that one method of authentication, with that one cookie/ticket has been used throughout the website (with varying roles per user also stored in the ticket). I haven't used the built in LogIn controls and instead have always just created my own login/registration form, and written the code to insert into (and authenticate against in the log-in scenario) my bespoke 'Users' table. So I've essentially just been utilizing the .IsAuthenticated() method (to determine if a user is logged in), referenced the UserData property in the ticket (to determine which roles the user belongs to), and set up the 'location' restrictions in the Web.config, so the log-in page is automatically shown for pages that require 'member access' etc.
With my new project, I will need user registration/login for the Forums/Community part of the website only. I then need an additional user registration/login for the Recruitment part of the website (not related in any way to the users that sign up/log in to the Forums/Community part of the site).I was wondering if this possible, and if so, how to go about it?e user registration/sign-in pages might look the same, but my underlying code would would create accounts/authenticate against different DB tables.
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
I've been having an occasional issue with my website "converting" to site that requires windows authentication. This happens every few months and the only way to fix it to recycle the application pool.This issue is actually happening with a hosting company and my site is on a shared server. I believe I have my own application pool and I'm able to recycle it myself using their web administration tools. Fortunately, I know how to fix and have the ability to do it myself but it is embarrassing when my site now longer works and I have a client email there is a problem. I'm running .NET 3.5 with latest SP.
I have a website, and if there is an anonymous user (not logged in) then I want my navigation (a section of the master page) to show an element of the menu called "Login". But if there is an authenticated user then I want the navigation to NOT show this "Login" option, but to display a menu item/link to a resource that is only available to logged on users.I know how to set restrictions on files and webpages, but how do I implement this with the navigation menu?
When i try to view a PARTICULAR page in my web site, it prompts for user name and password. Irrespective of providing proper user name/password and clicking OK or directly clicking Cancel button, the page is getting loaded properly. I am not sure why the authentication screen appears!!! It happens only for that particular page. Initially I thought it could be with file permission but copy pasted another page (which works fine) and renaming it doesn't solve the problem.
EDIT
I copied the source from the browser for that particular page and saved it as HTML. When i try to open the HTML file, it prompts for authentication.
Solution
I disabled the Integrated Windows Authentication in IIS and it works fine.