The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
View 2 RepliesI recently reinstalled Windows (on an SSD!) and I'm in the process of setting up IIS and all my web projects. One of my MVC project keeps asking for authentication on everything, including on resources like .css files and images. I'm using the default MVC template login with a custom provider that I'm using for dev purposes. I've tried rolling back my web.config to before I moved the project file and re-set IIS, but that didn't make much of a difference -- aside from changing authentication mode from Windows to Forms. Can you see anything wrong with my config?
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership defaultProvider="SuperSimpleMembershipProvider">
<providers>
<clear />
<add name="SuperSimpleMembershipProvider" type="Website.Helpers.SuperSimpleMembershipProvider" />
</providers>
</membership>
I don't have any <authorization> element or anything else related to login, since I'm doing everything via MVC. Update: Tried <authorization><allow users="*"/></authorization>, still not working.
What is the recommended "cleanest" way to manage a partial that appears on many views and also requires a viewmodel (assume it needs to get some data from a DB).
View 2 RepliesIs it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory:
<authorization>
<allow roles="Global, Region" />
<deny users="*" />
</authorization>
I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this:
<authorization>
<allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
<deny users="*" />
</authorization>
I realize I probably should have a new role for this scenario, but I'd like to avoid that.
How to run scheduled jobs from ASP.NET without requiring a Windows Service to be installed on the server?
View 1 RepliesI'm not sure how much of a novice-level question this is. But it seems a fairly basic and common task. So here goes...
I am building a web application that will require some pages, but not all, to use a SSL (https:). How do I designate a particular page to be one or the other? Or do I need to create two separate projects and just have them pass the user back and forth as needed?
I am using Visual Studio 2008, with the Web Site Administration Tool handling users and roles. However I will also be handling very secure data such as social security numbers and the like.
I'm bangin' my head against the wall here. I'm not even sure what I want to do is possible.
I have developed an ASP.NET app that will only be run on my local network (which incorporates a Windows Domain). It's running on IIS 7.5.I want to do this:
[Code]....
My problem is this: If I don't turn off Anonymous Authentication and ASP.NET Impersonation, I don't get the results I'm looking for. (if Anonymous is allowed, I get an empty string returned for username, and if ASP.NET impersonation is allowed, then "username" is always whatever account is associated with impersonation, like "Network Service"). If I turn those off and then turn Windows Authentication on, it works, but only after a dialog box presents itself asking for the Windows Credentials.
What I'm trying to do is NOT require the users to log in. Since they've already logged into the domain when they signed on their computer, I'd like to just allow them access to the ASP.NET application I've written, and identify who they are (based on their previous Windows login) using the line of code above. I don't need them to re-authenticate, because they're already authenticated from their domain login.I can't figure out what I'm doing wrong, or how to accomplish this. It seems the closest I've gotten to what I want so far, is to turn off all authentication EXCEPT for Windows Authentication. It works then, but only if the user first types in his/her username and password again in a dialog box. Is there any way to avoid having them type in their username and password again, but still be able to identify their domain username?
I can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
I have found that eventually the login control I place on my page will not authenticate. The solution appears to be to delete it and replace it with a new instance. Obviously this is not tenable. Can someone enlighten me as to why it might stop working for no apparent reason such that simply deleting it and putting a new instance in place will restore functionality? Update: I find it very sensitive. I just did the above described action, got it working again, found that the Authenticate event was no longer properly wired and tried to fix it by removing the '1' from the Authenticate1 in this line. That was sufficient to kill the control which required me to once again delete it and replace. I cannot believe the login control is that sensitive or no one would touch it. What gives?
onauthenticate="Login1_Authenticate1"
I am new to this. I have ReportingViewer in my toolbox, and the report is set up and running correctly. However, the 3 parameters should be provided by the web page and not entered by the user in the report itself.
View 8 RepliesI have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
I want to make my web.config password protected so that external users do not open it. But my application should be able to access. Is there any way to do this?
View 2 RepliesI have been using a asp.net2005 application for one year. Every thing was working fine . Last night i just changed a picture in image folder. Now my application is working fine on server but when i am runing this application on client side , it is asking server's user name and password as soon as newly added image is going to upload on client.
View 4 RepliesI have to use windows login (name,password) for my application.(Intranet)
string strHostName = System.Net.Dns.GetHostName();
It works fine on my system but use the ulr on any other system, it returns the same result(i.e., MY System's name).
I need to view users password history in ASP.net application.is there any way to achieve it?
View 3 RepliesI need to send a password from a windows application to the web (asp.net) in order to automatically login the user on the web (e.g.: opening hotmail from windows live messenger).
I thought about hash code, but the problem is: the value will be stored on user browser history (querystring).
how to pass a one-time valid key (a key that is valid for only one use) using querystring?
I have to enter the username and password and login in to a site say gmail, from my web application.
is der any way wherein i can give the user id and password in my application and try to signon to the other application using c# code.
Can this be done using c# .net ?
Anyone know why the minimum password length is 6 chars?
I can't find any reference to this anywhere.
i want to login with window username and password using active directrory in my asp.net application.
View 3 RepliesI am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
View 2 RepliesWhen a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
View 4 Replies Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
Can We check te checkbox to remember the password in window based application using c#.
If Yes, how to check the checkbox to remember password in login Form.?
according to this thread i make login page URL....i have 1 label 1radiobutton and 1 send button now i want when users enter their password,if they enter their password wrong morethan 3 time it show error that they can't login during 24 hours ,and they cann't enter password in password textbox . and when they click on radio button and click on send button it send a massage to my email and after i send them new password
View 1 RepliesDoes anyone has a solution (sample code) for the following features:
Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password
My provider is currently parametrized this way:
[code]....
The security issues with this type of procedure have been discussed here before.