C# - Code Access Security Policy - Deploying A Third Party Dll To Bin?

Oct 15, 2010

I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.

WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80in and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.

<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated
[code]....

But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.

Here is my custom policy file -

<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />[code]....

After i deployed the wsp i verified

* the dlls going to bin

* the trust level changed to custom trust level

* custom policy file being added to config folder

But when i run the page i get the following error -

screen shot -

Error -Execution Permission Denied

I've checked my entire application for any assembly references of the dll. But i was not able to find one.

View 1 Replies


Similar Messages:

Security :: Secure Code - Import A Third Party DLL

Apr 26, 2010

Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?

View 3 Replies

Web Forms :: Security Exception - Application Attempted To Perform Operation Not Allowed By Security Policy

Apr 2, 2013

Error: 

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.

View 1 Replies

ASPX Pages Fail Due To FIPS 140 Security Policy?

Mar 18, 2011

I am working on a government site and am having some problems with my local security policy interferring with my web application. There is a setting called "System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms" which is enabled on my server.

Since that has been enabled, most of my aspx pages are returning the error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." These pages aren't accessing any cryptographic methods. They do communicate with another database server, but that's it.

My problem is similar to the one described here. However, I don't have the option of disabling this FIPS security setting.

I am using .NET 4.0, IIS 7.0, and Windows Server 2008 R2, if that matters. Has anyone encountered this problem before?

Update

Unfortunately, correcting the machine key element to use a FIPS compliant algorithm did not completely solve my problem. I am still getting the error on alot of my pages.

I found two hotfixes which may be related. I will try to install these and see what happens.

SQL Server Reporting Services R2 hotfix ScriptManager Control hotfix

View 1 Replies

System.Security.Policy.PolicyException: Required Permissions Cannot Be Acquired

Apr 6, 2010

when i run my application i got this error like...

Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.

View 1 Replies

.net - ScriptManager Be Made To Work With The Windows FIPS Security Policy?

Feb 19, 2010

If you enable the "Use FIPS compliant algorithms for encryption, hashing, and signing" security policy option in Windows, attempting to use many of the cryptographic classes in the .NET Framework will result in an InvalidOperationException. By default, ASP.NET uses AES to encrypt the ViewState blob, so it fails. You can work around this by adding a key like this to web.config:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

And that covers you for basic ASP.NET use. My problem is this: I have a large, complex ASP.NET web applications that makes heavy use of ScriptManagers (the foundation of ASP.NET AJAX) and needs to be deployed by a government customer who must enable this FIPS policy setting. Any ASP.NET page with a ScriptManager on it throws this exception:

[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.SHA1Managed..ctor() +3607454
System.Security.Policy.Hash.get_SHA1() +45
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfoInternal(Assembly assembly) +85
System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfo(Assembly assembly) +99
System.Web.Handlers.RuntimeScriptResourceHandler.GetScriptResourceUrlImpl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +525
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +910
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +193
System.Web.UI.ScriptReference.GetUrlFromName(ScriptManager scriptManager, IControl scriptManagerControl, Boolean zip) +306
System.Web.UI.ScriptManager.RegisterUniqueScripts(List`1 uniqueScripts) +169
System.Web.UI.ScriptManager.RegisterScripts() +407
System.Web.UI.ScriptManager.OnPagePreRenderComplete(Object sender, EventArgs e) +200
System.Web.UI.Page.OnPreRenderComplete(EventArgs e) +11041982
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3672

Even adding the <enforceFIPSPolicy enabled="false"/> element to web.config does not resolve the exception.

Is there any way to configure ASP.NET such that ScriptManager can be used with the Windows FIPS security policy?

View 3 Replies

Getting Exception / The Application Attempted To Perform An Operation Not Allowed By The Security Policy

Nov 10, 2010

i have an dll file which is data access layer of my application.

i am getting this exception while accessing databse

Description:

The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission contact your system administrator or change the application's trust level in the configuration file.

Exception Details:

System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

View 3 Replies

To Implement Code Access Security, And URL Based Security Using The Roles & Types?

Apr 24, 2010

[ASP.NET 3.5, FormsAuthentication, SQL Server]

In the Roles table there is Role, and RoleType.

I have 3different roles, 2 of which have sub-roles.

Example

Role----------------------Type

Adminstrator
Subscriber---Basic
Subscriber---Business

I need to implement Code Access Security, and URL based security using the roles & types...

For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).

I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.

I am currently using the web.config to deny/allow access to the directories/pages.

e.g.

/Areas/Admin/web.config

[Code]....

Is it possible to force the user to be apart of 2 roles with this technique?

View 1 Replies

Security :: Web.sitemap Security Trimming And 3rd Party Authentication?

Feb 2, 2010

I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.

But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.

I need to show/hide ASP.NET pages based on the incoming user's roles.

Is it possible somehow to use web.sitemap with these roles?

Or should I come up with my own way to map a web page to role/s?

View 1 Replies

Asp - C# Code For Converting Into PDF Without Using Third Party Library

Mar 1, 2011

In my present project i have to convert some file formats into PDF.The source file formats may be MSOffice(.doc,.docx,.xls,.xlsx,.ppt,.pptx) and Images(.jpg,.png,.jpeg,.tiff).We wish not to use any third party library.The code should be in c#.

View 3 Replies

How To Upgrade Code To New Version Of Third Party Control

Oct 21, 2010

I have a web application in asp.net 3.5 where i have been using some third party controls i.e. Devexpresv9.2 and on the pages where i am using these controls i normally has to call the register tag on the page markup like for ex:

<%@ Register Assembly="DevExpress.Web.v9.2, Version=9.2.9.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"
Namespace="DevExpress.Web.ASPxCallback" TagPrefix="dxcb" %>
<%@ Register Assembly="DevExpress.Web.ASPxGridView.v9.2.Export, Version=9.2.9.0, Culture=neutral, PublicKeyToken=b88d1754d700e49a"
Namespace="DevExpress.Web.ASPxGridView.Export" TagPrefix="dxwgv" %>

Now i have updated the version of devexpress controls installed on my machine and it has stopped working because the version installed on my machine is v10.0 but my code is looking for v9.2 how can i modify my code in such a way that in future if i install another version then i don't have to modify all the pages and references again.

View 2 Replies

Security :: Get The Third Party Digital Certificate?

Aug 9, 2010

I want to create a digital signature, for my product, for creating the digital sigmature i want digital certificate. I came to know there are lot of third party available for creating digital signature. If any one know can tell some of third party for this.

View 1 Replies

Security :: Third Party Cookies And Proxies Valid For P3p

Aug 28, 2010

I have an intranet site that is used to pull several other intranet applications/tools and database info to one place.One of the most popular features uses iFrames and jQuery tabs to give a broad overview of activities, signal etc in a network node. Chrome and Firefox eat it up with no problems, IE will work if you override the cookie policies that restrict 3rd party cookies
without a valid p3p (what a worthless standard). IE also works if you already authenticated yourself on the individual sites and the session cookies are still valid.

View 1 Replies

Security :: Automatic Login Into A Third Party Website?

Mar 31, 2010

Is it possible to log the user automatically into a third-party website if we have their details on record? For example, if I had a users facebook/hotmail username/password stored in my database, is it possible to use these details to log them into facebook/hotmail, then open up facebook/hotmail.com with them already logged in?

Basically my Client uses Basecamp for their customers and wants a way of automatically logging his customers into basecamp from their website without them having to go through the trouble of logging in again (after they've already logged in through my clients website).

View 5 Replies

Security :: Use A Third Party (CAS) Authentication System While Still Using Membership?

Apr 21, 2010

I need to convert a web site using traditional ASP.Net login,membership/role with SQL to a custom system. I need to use a third party (CAS) authentication system while still using membership and roles to control access to content and User.Identity functions.What would be the best way to accomplish this? I use the <deny> and <allow> user throughout the site to control page access.

View 3 Replies

Security :: Use Third Party Tool In Share Hosting?

Jul 5, 2010

I am using third party tool in my web site.Its running fine on my dev. PC.but when I upload it to serverm it says "System.Security.SecurityException: That assembly does not allow partially trusted callers."when I read about this error, many suggest to get it set trust level to high by admin bacause developer can not.

View 5 Replies

Security :: Access Loginname From LoggedInTemplate At Code Behind?

Jul 15, 2010

i want to access loginname of login view control for some other reason also i tried something like this but not working

My design time code is

[Code]....

and at code behind i tried this normally by string nm= LoginName1.Text ; LoginView1.Findcontrols("LoginName1"), using the LoginView1.Controls[0]. controls collection... (this get only controls from the anonymoustemplate)LoginView1_ViewChanged also doesent work because since the change in 2005 (or sth) logging in doesn't trigger this event (didn't try it, just read that it doesn't :)) but not able to access the value of loginname1.

View 2 Replies

Security :: Use Membership Roles And Access In Code?

Jan 20, 2010

in my app i want to create two types of users. (1) 'staff' (2) 'admin'

i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.

however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.

so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)

how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?

View 8 Replies

Security :: Prevent To Access Aspx Code For End-users Or Customers?

May 3, 2010

suppose we've created a web app for our customers.

how to prevent to access web page code (aspx code or behind code) for our customers ?

how to implement security and licensing information for web apps ?

View 6 Replies

Security :: Create / Manage Access Rules For Membership Roles Through Code?

Jan 19, 2010

I'm using vs 2005 and asp.net 2.0 to create my website. Recently, I thought about applying membership instead of my customized security system in order to achieve higher security level and performance. At first thing went well, since it was easy to create/manage users and Role names from behind code, but when I came upon the "Access Rules" I faced what you can call it an 'obstacle' at least from my opinion.

The thing is, I don't want to use Asp.net Web Site Administration Tool to create and manage my access rules which I'm going to assign to each of my dynamically created Roles. What I want to be able to do is make a page where the Admin can create/manage his desired Role(s) and also, create/manage the Access Rules, then add such Access Rules to the previously created Role(s).

Now, what I need to know first is... is it even possible to do such thing in the first place? Because the way i understand it is, since the access rules are stored in the web.config of each folder/directory that you apply them on then it shouldn't be allowed to modify it from the running/published website.

View 4 Replies

Configuration :: Deploying Website To IIS Web Server Access Using IP

Aug 31, 2010

I have my Website Application [URL]. How is it deploy my site to web server [ IIS ] so that it can be accessed via intranet.

View 1 Replies

SQL Reporting :: AllowPartiallyTrustedCallersAttribute Or RSClientController Undefined - Error "Type Microsoft.Reporting.RdlBuildProvider Cannot Be Instantiated Under A Partially Trusted Security Policy"

Feb 26, 2010

first of all: this probelm was already an issue in [URL] but it does not resolve my problem: I have VS2008 and SQL Server 2008 Express with Adv. Option istalled. When compiling a page with the reportviewer control I get the error Type 'Microsoft.Reporting.RdlBuildProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly). C:websitesadAgencyweb.config

From the obove mentioned post I learned to use <trust level="Full" /> in the web.config file (which I never used on other Implementations that work). Now the compilation works, but when I start the web application and call that page I get a lot of JScrip Errors like: Runtime error in Microsoft JScript: 'RSClientController' is undefined, which comes from a line in the dynamic page.aspx file: document.getElementById('ctl00_maincontent_ReportViewer1').ClientController = new RSClientController "ctl00_maincontent_ReportViewer1_ctl03", "ReportFramectl00_maincontent_ReportViewer1", ...

I should mention, that I had SQL Server 2005 Express uninstalled before the 2008 version.

View 1 Replies

Security :: Creating Virtual Directory Through Code Showing An Error As Access Denied?

May 11, 2010

I am creating virtual directory from my C# code when i execute this code working every finely.

But problem is when i publish this code and access through iis it is showing an error as access denied .

i tried to give permissions to the folder in c:\inetpub\wwwrootfoldername Network service and users provided permissions of full control But still showing an error of Access Denied(mine is iis 5.0 in xp)

View 2 Replies

Class Access Session Object But Not When Deploying It To Server?

Mar 16, 2011

I have a custom MembershipProvider that I'm using in an ASP.NET 2.0 application. Inside of the class that extends membership provider, I have a function called AttemptLogin() that sets session variables if the user is valid. Inside that function, are a number of session variable assignments similar to the following:

HttpContext.Current.Session["id"] = "12345";

AttemptLogin() is being called by the Application_BeginRequest function in global.asax. This code works fine when I open it in visual studio, and then run it in the built-in development server by clicking "Start Debugging". However, when I deploy it to our testing server (Windows 2003 Server 64-bit running IIS in 32-bit mode), execution breaks when it reaches the code above, giving me the following message:

[NullReferenceException: Object reference not set to an instance of an object.]
CustomMembershipProvider.AttemptLogin() in c:InetpubwwwrootJoshApp_CodeCustomMembershipProvider.cs:1097
ASP.global_asax.Application_BeginRequest(Object sender, EventArgs e) in c:InetpubwwwrootJoshGlobal.asax:14
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

How can I access the session state successfully in this situation? Why does it work locally and not on the server?

View 2 Replies

Configuration :: Deploying .net Code In 3.5 Framework?

Apr 26, 2010

we previously used to host our asp website using 2.0 framework.we developed our new code on our local machines using .net 3.5 and when we tried to deploy the code after installing 3.5 framework on the server we are getting the below error message

Could not load the assembly App_web_4tlvao-n

what wrong did we do or do we have to configure the IIS separately once again for the new code

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved