Web Forms :: How To Authorize Users Accessing Web Service
Jul 23, 2012How to Protect Web services from Un authenticated users.. right now Im Using Protected Access specifiers.. Is it Correct method To Protect Web services?
View 1 RepliesHow to Protect Web services from Un authenticated users.. right now Im Using Protected Access specifiers.. Is it Correct method To Protect Web services?
View 1 RepliesI have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file)....
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class DispatchService [code]...
The idea is that the user logs into the website and is then authorised for all services. I do not want to have a login aspect to my Silverlight application to authenticate users.Therefore I dont want anyone to be able to call my service who is not authenticated.
Could I...Somehow determine this for each Operation Contract. I had a look inside the OperationContext object but couldnt find anthing that stood out as a way to determine who the user was.Somehow attribute the ServiceContract so that the method can only be used by authorised users?Put something in my web.config to stop unathorised users from being able to access the folder containing the services?
i am still relatively new to web development and have been encountering some issues when multiple users click a button at the same time.
i was wondering what could be causing this as i have already removed all static variables realiseing that was a mistake and replaced them with viewstates were needed then sessions when moving across pages
I'm trying to add a directory for anon access in IIS 7.5. It works under Web Dev but not IIS 7.5
I'm currently using this web.config in the directory. This is a directory with style sheets:
<?xml version="1.0"?>
Note: As an alternative to hand editing this file you can use theweb admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in WindowsMicrosoft.NetFrameworkv2.xConfig
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
Update:
I've went to the folder and under Authentication, I've changed anonymous authentication from IIS_USR to pool. This seems to have correct it.
I will reward anyone who provides a very good explanation and resources for understanding this setting. Also, how to apply it globally would be good to know -- for all folders.
I've an application that runs in a localhost.
So I can get the user logon to some recording data or some thing else.
I was thinking if that was possible to put some value in web config that gets the user logon and if that logon is authorizated for that page it let him open else it close the page...
Some one have some idea to accomplish it ?
How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.
View 4 RepliesNeed to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?
View 1 Repliesi have create web application for school management system...bt when i run my webside...(my welcome page is defaul.aspx bt if i want to acces studentdetail.aspx then i only enter url and i get studentdetail.aspx)
View 1 Repliesi have to access a Accdb and update it through a Web service!
View 2 RepliesI am getting error while accessing entity model from web serviceSystem.NotSupportedException: SQL Server Compact is not intended for ASP.NET development. at System.Data.SqlServerCe.SqlCeRestriction.CheckExplicitWebHosting() at System.Data.SqlServerCe.SqlCeConnection..ctor() at System.Data.SqlServerCe.SqlCeProviderFactory.CreateConnection() at System.Data.EntityClient.EntityConnection.GetStoreConnection(DbProviderFactory factory) at System.Data.EntityClient.EntityConnection.ChangeConnectionString(String newConnectionString) at System.Data.EntityClient.EntityConnection..ctor(String connectionString) at System.Data.Objects.ObjectContext.CreateEntityConnection(String connectionString) at System.Data.Objects.ObjectContext..ctor(String connectionString, String defaultContainerName) at DataModel.LabTestDBEntities..ctor() in d:projects4.0 vs2010labtestlabtestsolutiondatamodeldbmodel.designer.cs:line 26 at DataService.Service1..ctor() in D:Projects4.0 VS2010LabTestLabTestSolutionDataServiceService1.asmx.cs:line 23
View 4 RepliesWe have a few scenarios which mean users can see other users data if they're on the same machine.
Scenario 1
Login User A Browse to forms with perosnal data Logout User A Login User B Either hit back button until you reach User A's personal data or.. Use browser history to jump directly to user A's personal data.
Scenario 2
Login User A Browse to forms with personal data Close browser New Browser, Use history to go directly to User A's data.
The 2nd one was caused by the browser displaying the page from its cache, so for that one, I added the following to the web.config..
[Code]....
[Code]....
which seems to do the trick, but I need to know how to fix the first part and whether the web.config changes are all that's needed to clear any cache.
I have a web site with an administrative section. All administrative pages are stored in a directory called "db/administration". There is only one user that I want to have access to the pages in this directory. That user's username is "system". Currently, I am using the following approach in my web.config file:
[Code]....
When I logged in as another user, I was still able to access pages under db/administration when I navigated to them through the browser's address bar. What am I doing wrong?
i have one web service how can i give access to that web service to many user(with secure method). Now i am checking url and only doing for one site. So what should i do.
View 1 RepliesI've got a website and we just had a huge jump in traffic. Now all of the sudden we're getting sql parameter errors left and right. We switched to a new sql server a few weeks ago and everything has been fine but the added traffic seems to be breaking us.
I have a data access class that is called when each user trys to logon. It runs through several tasks before finally updating the users last login date and forwarding them to the administration section.
What I'm seeing from the trace logs suggests that when I'm logging in the first several tasks are using my data (lets say user=birk pass=word). But at some point the accessor class starts sending over the data from someone else who's trying to login (lets say user=abcxyz)
Every connection we make to the server is closed when we're finished with it. I'm nulling out all of the accessor objects when I'm finished with them. But somehow different user data from different sessions are making their way into other peoples instances of the object.
I'm not using session/application/cache/viewstate to store the objects so I'm not really seeing how they could edit eachother... Its just really weird and I'm not sure how to even go about researching the problem.
This is roughly the accessor class... I trimmed out some of the parts that weren't reliant to the issue
[Code]....
I have designed a navigation structure that is customisable from within my application and linked to the users role.
So I can restrict what menu items a user gets based on their role.
I have managed to do this quite well using SQL Tables and an ASP.Net Menu.
I can get it to only show the menuitems that are marked active and I have created an Stored procedure to get the menu items for a particular role.
Where I am struggling is getting the Logged On Users Roleid to pass it to the Stored Procedure.
I can get it using a regular aspx page but my menu is on my masterpage and I do not want to have to code it in each and every page.
I even tried to do it with a user-control but same happens. It seems that the User class is just not available when in a masterpage.
how I can pass the roleid from a Class or something or from the page to the masterpage?
I need to do an insert into a database table (SQL Server). I want to compute value of 1 column based on the existing data and then do an insert. How do I prevent another user from getting access to the database in the middle of this process?
View 2 RepliesI had created a Membership ASP.NET 3.5 website and selected the Forms authentication. Therefore, I created several users with related information into the ASPNETDB database. Yesterday, I changed the website security to Windows authentication.
This morning, when reviewing the ASPNETDB data for another website, I still can see those Membership Forms users and their ApplicationIDs in the aspnet_Users and aspnet_membership tables. How can I delete those Forms users?
Another question: In aspnet_Applications table, I can see the ApplicationName (e.g. /WebPartsDemo) for the Web Parts websites. I have 2 ApplicationIDs in the aspnet_Membership table. I can not see only one ApplicationID in the aspnet_Applications table, but with an empty ApplicationName, i.e. / only.
Do I miss something when creating the Membership website? What is the ApplicationName for the Membership website?
I have an ASP.Net 4.0 web application which very frequently loads data from the database and does heavy calculations on it. I want to cache this loaded and prepared data in a central cache that can be accessed by every user and computer who uses the application.
Simple use-case:
User 1 accesses webpage, cache is empty, data is loaded/calculated, data is cached
User 2 accesses webpage, cache contains data, data loaded from cache
User 3 accesses webpage, cache contains data, data loaded from cache
User 1 reloads webpage, cache contains data, data loaded from cache
Cache expires
User 3 refreshes webpage, cache is empty, data is loaded/calculated, data is cached
I know that ASP.Net has a built-in cache mechanism. What I don't know is whether it can be shared between different users accessing the site on different computer at the same time. I would also like to know how the system behaves in a web farm environment.
I have added a service from a Win2003 server to my Visual Studio project on WinXP machine. Create an oject for this service went OK. But when I tried to run a method in the service I get "401 web exception while accessing a service.".
How to proceed?
I m retrieving a pdf file from another application using Web service. After retrieving that file, make some validations and after that I want to delete that file. I want to delete that file in another application database. how can I delete that file ? I m unable to code that one. Can anyone give some startup.
View 6 RepliesWe have a big portal with a lot of code written in classic asp + asp.net 2.0 + JavaScript. We are planning to slowly migrate to .net 3.5 framework with WCF Services. Currently the ASP.Net code is using some business layer to access the database. But most of the Classic ASP is using the old ADO code and directly accessing the data in the page itself. Now, we decided to add a WCF layer between the UI and Business which will be easier to implement with ASP.Net + 3.5, compared to Classic ASP. And we can't invest a lot of Man Hours in converting the Classic ASP pages to asp.net just yet. So we decided to Add a COM layer between Classic ASP and WCF services. So it will be like
Classic ASP -> COM -> CCW (COM Callable Wrapper - Interop) -> WCF -> Business for now.
Later on when we slowly convert the Classic asp pages to asp.net, the COM layer will be removed by default. But for now we are atleast pulling the Business code from Classic Asp pages. We are following this approach because we are not sure how to go about accessing the WCF Service directly from the Classic ASP code.
My web service needs to open some files located on a remote computer.
From Windows I can do the authentication so I can see those files using the File Explorer.
If I try to open the files from my Web Service while it's running using Visual Studio (ASP.NET Development Server) it also works.
However, if I do everything from IIS it doesn't.In order to find out where is the problem what I did was to run a network sniffer and I found out that when using IIS, the system will try to use the account 'ASPNET' to login into those remote computers which will obviously fail.
However this doesn't happen if I run from the IDE (Using the ASP.NET Development Server)I found out that if I use Impersonation for accessing this it will work, the problem is I need to have the same account names on the computer running IIS so I would rather not to do that.
Why is it working from the ASP.NET Development Server and not from IIS? Is there a way to give full access to the ASPNET account?
I have a web service which is in a folder within my application. This folder is only accesible to certain roles. I use this service in a page on root of the application but I block creation of the javascript or the service definition in the aspx page if the user is not in the role.
The problem is that when anonymous users try to access the page in the root of the application they are prompted for a user name and password. I hope I am clear. The code below is what I have set up in the ASPX page:
[Code]....
When I'm accessing web service from jquery, I'm getting the 403 forbidden error.. I published and created in the virtual directory too. Wat's the cause of this error and how to rectify it? I've added the webservice in the same solution.. This is my following code..
$(document).ready(function() {
$("#sayHelloButton").click(function(event){
$.ajax({ [code]....
I suppose using that url path for webservice is wrong.. I used the path 'DummyWebservice.asmx'. There I'm getting the 500 internal server error.
I have installed a web service in a client machine, its accessing a mapped network drive from a remote machine. But when its trying to read files from that file I'm getting this error
Code:
Message:
Authentication failed
Description:
QBWC1012: Authentication failed due to following error message.
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.IO.IOException: Logon failure: unknown user name or bad password.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path, String searchPattern)
at WCWebService.WCWebService.authenticate(String strUserName, String strPassword) in C:inetpubwwwrootinvoicecreatews codeinvoicecreatewsWCWebService.asmx.cs:line 463
--- End of inner exception stack trace --- See QWCLog for more details. Remember to turn logging on.
I have supplied user crendentials also, the same web service working in another machine with the same mapped drive with the same user credentials. Manually I can map the drive using the credentials which I'm passing thru the application.