My web.config contains passwords to my database and smtp and i want to tighten up the security, i want to protect the passwords fully so if a hacker or webhost employee accessed all the webserver files the passwords cannot be easily accessed
I run on a shared host so using encryption could be an issue as i havnt got full IIS access - i havnt gone down that road yet to look fully into it
I was thinking it might be easier and secure enough if i moved the connection strings & passwords from the web.config into a referenced .dll which was protected by a professional obfuscation tool
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
I've developed a dot net website that runs fine on my localhost. When I upload it to my ISP on a shared hosted site, I receive the following: "Required permissions cannot be acquired." I've been informed that I need to change my website to medium trust. Can someone get me started in the right direction on how this is done? When I add <trust level="Medium" originUrl="" /> to the web.config it won't BUILD on my local host and when I add it to the web.config on the shared site, it gives me"This configuration section cannot be used at this path. This happens when the site administrator has locked access to this section using <location allowOverride="false"> from an inherited configuration file."
On my PC everything is all rigth but on the webserver I get an error: 'OrderBy' is not a member of 'System.Array', maybe due to the trust level. Is there I way to bypass this or I have to resign myself to it?
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
I have written a couple methods that encrypt and decrypt the appSettings section of my web.config file using the WebConfigurationManager. I just hooked up the methods to the page_load event to test that it works, which it does. Now I need to deploy to a web farm and need advice. What is the best way to make it so I can encrypt, but more importantly decrypt the web.config when I need to? I thought about putting a hidden page with "encrypt" and "decrypt" buttons, but that seems risky. What is the "accepted" method for rolling out something like this?
I am trying to access a shared folder which is located on a different server rather than on the asp.net server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
I have few websites based on the WebForms and one based on MVC. All websites have the same settings for forms authentication in web config.The problem is that once logged in to WebForms website, I have to re-login for MVC websites, but when I log out from MVC website, I am automatically logged out from WebForms websites.How can I pass information to the MVC website that user was successfully logged in when using WebForms.
After moving my web site from my local development environment to a shared host I get:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission your system administrator or change the application's trust level in the configuration file.
The problem occurs in my web application everywhere the following is called:
Since my web application is only trying to open it's own web.config file, I don't know why this is flagged as a security exception. Maybe someone can explain... But more importantly I need a solution, the couple solutions I found via Google are painful.
Server A exists on domain A and server B exists on domain B. From server A I need to output file names that exist on shared folder on server B. I tried the following with no success (Access denied error):
DirectoryInfo dir = new DirectoryInfo(@"\serversharedFolder");
After some Googling I found that I need to use personlization to impersonate an existing user on Server B that has access to that shared folder. I used a C# personlization class as explained on codeproject (http://www.codeproject.com/KB/cs/cpimpersonation1.aspx). I supply the domain, the user, and the password and hope to get access to the shared folder BUT the error I see now is"Login failure: unknown user or bad password".
I am 100% sure that the domain, user, and password I supplied are correct. When trying to access the share via windows explorer from server A I am prompted for a username and password. After entering domainusername and the password I have access to the folder. So I know that the credentials I supplied are correct.
Am I going about this the right way? I have full access to server A and B so maybe there is an easier way to accomplish my goal.
i have a situation where i need to develop a web system where sys. admin can create a shared folder in server and set who can access the shared folder programmatically.
i've manage to find example to create a shared folder from here:[URL]
and i also manage to find example to add user and set folder Security setting from here:[URL]
My problem is how can i add user in the Sharing permission setting since it is a shared folder. Default sharing setting is set to 'everyone'. This mean anyone in my company can browse to the shared file unless i set everyone security setting. I want to remove "everyone" and add users based on the user that i've already add at Security setting.
I have develop an ASP.NET website and I want store some uploaded files in a shared location in some different server. On that server one user has the access.
how it is possible to get the access of the shared location on the server with my Web site?
I received some code, a small c# asp.net application which manually posts a shared username/pwd to a 3rd party website for auto-logins from our intranet site. During transit the password is encrypted, but not within the application. Within this application a namevaluecollection is used and the username and password are hard coded. Originally the thought was, who cares if its hard coded because its shared between everyone anyway. Now we want to encrypt the username and password from within the application. I'm not sure the best way to accomplish the goal of making sure the password is encrypted "at rest". Normally I've seen passwords stored and encrypted within a database. I know we'll obviously have to move the password out of the application and store it somewhere else, I'm just not sure where. Do we move the username and pwd to the web.config file? I really am not sure the best way to approach this.
when I am trying to run the asp.net application from the shared location(not from the local machine), I have encountered a security exception as 'request for the permission of type 'system.web.aspnet hosting permission'. I have given the full trust rights to share folder.. but still I have got the same error..
When I created table on the shared SQL server on hosting server using management studio, I right click mouse on the table, it pops up create table. However, the table schema is my user name but not dbo. I wnat to create table with dbo schema.
I am unable to connect to my local instance of SQL Server 2008 Express using SQL Server Management Studio.I believe the problem is related to a change I made to the connection protocols. Before the error occurred, I had Shared Memory enabled and Named Pipes and TCP/IP disabled. I then enabled both Named Pipes and TCP/IP, and this is when I started experiencing the problem.
I have now set Named Pipes and TCP/IP back to disabled. When I try to connect to the server with SSMS (with either my SQL server sysadmin login or with windows authentication), I get the following error message:
"A connection was successfully established with the server, but then an error occurred during the login process. (provider: Named Pipes Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)"
My first question here is: why is it returning a Named Pipes error? Why isn't it using Shared Memory? It seems like it is not listening on Shared Memory for some reason?When I set Named Pipes to enabled and try to connect, I get the same error message.My windows account is does not have administrator priviliges on my computer.
I have a shared module in an asp.net web app which gets various information about a group or user. Since the Iuser account on the web does not have enough rights to query the AD, I need to supply an appropriate userid and passcode for the directoryentry in the shared code. Since my credentials so the have the appropriate rights to query the AD I like to impersonate myself(user.identity). This works fine for a webpage, but I can't pass the user.identity object to shared code. I get an error. Is there a way to pass the user.identity object to a shared function in another module?
i am currently developing an asp.net mvc 2 web application and i would like to create new foldersprogrammatically with access rights, in order to enable loged on users upload their image files.My question has to do with how to assign write access using Directory.CreateDirectory function and assigning DirectorySecurity rules (meaning for which user should i enable user rights, etc...). Note that the hosting envirnoment uses IIS 7.
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
i ve deployed many applications with file uploading feature on dedicated server and never got any issue. but it is not working on shared sever :( .. i think Server.MapPath("~") is not working on shared server. as in shared sever i am unable to find those directories which must for uploading.
I am trying to publish my site on a shared server. They don't have crystal reports run time install on the server and they are not willing to do so. Is there any workaround so that i can deploy my site with crystal report support on shared server.