C# - How To Handle PrincipalPermission Security Exceptions
Feb 28, 2011
I have a simple method that is secured
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void lnkClearCache_Click(object sender, EventArgs e)
{
}
If this is clicked without the role, it generates a System.Security.SecurityException: Request for principal permission failed. as expected.
I use ELMAH to handle logging for my errors, and I have a custom ELMAH event in my global.asax to transfer to the error pages in ways that preserve status codes which works correctly.
[Code]....
This works all well and fine and redirects to my error page which works properly, however instead of displaying the content as expected. I immediately get a second request for the error page but this time using the value of customErrorsSection.DefaultRedirect that does not come from my code in any way that I can see.
As far as I can tell it's almost as if when .NET raises an exception for PrincipalPermission and then lets the entire request complete, then after the request is complete it throws away the application response and instead responds with the default custom error.
When I'm debugging I do break on 2 separate exceptions for PrincipalPermission, whether this is a just a rethrow by .NET I'm not sure but my .NET code never sees the 2nd throw, nor does ELMAH. I always end up with a single response, single error logged, but that the url that finally renders to the browser is the default url and not 403 url that I specifically server.transferred to. If I browse to a /location that is secure I properly get the 403 error page.
View 1 Replies
Similar Messages:
Jan 26, 2010
I'm building the standard 3-tier ASP.NET web application but I'm struggling as to where to do certain things - specifically handling exceptions.
I've tried to have a look around on the web for some examples but can't find any which go as far as a whole project showing how everything links together.
In my data-tier I'm connecting to SQL Server and doing some stuff. I know I need to catch exceptions that could be raised as a result but I'm not sure where to do it.
From what I've read I should be doing it in the UI tier but in that case I'm not sure how to ensure that the connection to the database is closed. Is anyone able to clarify how to do this? Also if anyone knows as to where I could find an example 3-tier web application that follows best practices that would be great too.
View 4 Replies
Mar 2, 2011
How can we prevent page crash in asp.net? Is there any generic function or place like global.asax where we specify a file to redirect to when an unhanded exception occurs? (like we redirect to a specified page when 404 page not found exception occurs?
View 3 Replies
Jul 18, 2010
"I DONOT WANT TO use the default error page tachnique, because i donot want the webpage to redirect!"
yes there is the try and catch
yes there are way to add exception handling mathods overwrite for controls
but what i need is,
it may just be a simple sql command,it may be a control such as formview, it may be a control such as datagrid, whatever it may be, when an illegal entry is done into the table of the database,
"THE BIG ERROR PAGE SHOULD NOT COME!!"
instead
a label at the top of the same page (where the illegal operation is performed) should display the error like
"error caused by "this control" and the error message is "null is not allowed in this field blah blah"
View 2 Replies
May 7, 2010
I am making MSSQL stored procedure CLR calls from ASP pages. When an exception occurs, it is logged and then rethrown. In this scenario I need to be able to handle the exception (if possible) in the ASP page. Note that I cannot move away from classic ASP in this instance; I am stuck within a legacy system for this project. let me know if you know of a way to handle the exceptions in classic ASP.
View 1 Replies
Feb 1, 2010
Is there a way to globally handle exceptions in regular ASP.NET Web Service (asmx) using ELMAH like we do it in ASP.NET web site ?
View 2 Replies
Mar 27, 2010
I really want to switch over to ajax, but i can't seem to get my error handlling perfect. If i can't handle errors correctly, I just can't use it. What I really want to happen is to do a full refresh of the Top Frame. How I normally do this is by a similar call to Response.Write(<script>top.location.href = ""</script>). I was currently doing this in Global.asax. This becomes a problem when I error out in an AJAX postback. I've also noticed that There is an AsycPostbackErrorHandler you can attach to the ScriptManager. This is all find an dandy, but it will still hit my Global.asax Application_Error Event.
I am honestly just not sure how to handle this.
As I said, the result I want is....To Reload the Top Frame with some Error Message...whether I have to do some weird redirection or whatever. My problem lies specifically with the Global.asax file.
View 2 Replies
Jan 27, 2011
Looking for best practice focused answers here with explanations.
Should the presentation layer of an ASP.Net app catch and handle exceptions thrown from the business layer, or should these be allowed to bubble out, where they can all be logged and handled uniformly in the Global.ascx's Application_Error handler?
[code]....
View 2 Replies
Feb 17, 2010
In sqlserver2005 how to handle exceptions in stored procedures and
1)redirect to other page
2)write in to log file
View 1 Replies
Oct 30, 2010
I'm trying to improve my password change function in my app that allows members to change their passwords. I do have some password rules e.g. min 7 characters, etc.
There's a nice MembershipCreateStatus enumeration in the framework for creating new members. Is there a similar tool for catching password exceptions where the user's newly selected password doesn't match the rules?
View 3 Replies
Jun 8, 2010
i am not sure to which head does this problem belongs ....but this seems to be a security issue to me..I am writing this post after googling aroung for 2-3 days..Frown but still can't find any resolution to my problems. Let me describe my problem:-
I have created a website which does the following tasks:
1) Creates a user
2)Enables/Disables users
3)Delete users
4)Unlocks users
5)Reset password of a user
in Active Directory.
I have used impersonation in my application which uses the admin credentials to perform above tasks.When i run this application in debug mode through Visual Studio 2005 ,all the tasks are performed successfully .Now comes the deadly exceptions i am facing after publishing the website and hosting it on IIS. Task 2 & 3 are still working fine and i can enable/disable and delete user from AD even after hosting website but the problem comes in
Resettind password
Exception Details:-Exception has been thrown by the target of an invocation. || Trace: at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
at ADHelper.ResetPassword(String currentDomain, String userToResetPwd, String newPassword) in e:New ProjectAD [code]...
View 3 Replies
Dec 9, 2010
We have a asp.net application and want to implement logging. The first idea was to use the Application_Error method in the global.asax file.
The problem is that ASP.NET very often seem to throw exceptions internally that are not caused by the application and which seem not to interfer with the users normal workflow. For example we often get HTTPExceptions, UnauthorizedAccessExceptions and others caught in this method, although there is no real error in the application.
View 2 Replies
Dec 21, 2010
I currently have two roles like this:
[PrincipalPermission(SecurityAction.Demand,
Role="DomainAdmin")]
[PrincipalPermission(SecurityAction.Demand,
Role="DomainAnotherRole")]
The problem is that this inherited code is specific to the domain, and I want to eventually get the roles from the web.config file, so I can work on a VM not in the domain. have seen an example like this:
PrincipalPermission permCheck = new PrincipalPermission(
null,
@"DomainAdmin");
permCheck.Demand();
Since this throws an exception if user is not in role, how do I change this example to allow either of the two roles? I could use multiple IPrincipal.IsInRole() and then throw my own exception, but seems like there is probably a way to use the .Demand method with multiple roles. Update 12/21: Sample Code based on Union link from Ladislav's answer below:
PrincipalPermission ppAdmin = new PrincipalPermission(null, @"DomainAdmin");
PrincipalPermission ppAnother = new PrincipalPermission(null, @"DomainAnotherRole");
(ppAdmin.Union(ppAnother)).Demand();
View 1 Replies
Jul 13, 2010
I currently have my access permissions in web.config:
[code]....
This is a very weird one... I just added ASP.NET4 routing, which changes the URLs. So, all of a sudden my web.config permissions are no longer valid! Similar to point #2 above.
I was thinking it would be better to just use PrincipalPermission as security attributes for the classes/c# files involved in each aspx. My question:
More importantly... My PrincipalPermission attribute generates an exception (good) but does not redirect users back to the logon page (bad).
View 2 Replies
Apr 5, 2010
I use declarative roles in my MVC.NET controllers and I have a custom membership & roles provider.This works fine:
[Authorize(Roles = "ADMIN")]
Also, I have a base MVC.NET CustomController class that all controllers derive from, and it has a "currentUser" property that is auto-fetched from the session on demand, so all controller code just refers to "currentUser" and doesn't worry about sessions, httpcontext, etc. I've implemented the membership provider properly, as it works with other parts of the framework that just deals with providers, but until now I had not tried to access the "User" principal from a view.What is the simplest syntax for check roles in a view page? I know I can use a helper to generate a partial view but I don't want that here, I want to explicitly wrap some sections of a page in some role checks.Something like this:
<% if(currentUser.IsInRole("ADMIN") { %>
...
<% } %>
View 1 Replies
May 5, 2010
how is loggin and logout handled. Are we to create any session @ the login.aspx page. Any simple code just to understand
View 2 Replies
Sep 23, 2010
I am using form authentication in my application and Loginstatus is using to logout .
My problem is I want to store login and logout information to database.
Which event handler should i use to insert logout time to database.
View 2 Replies
Apr 17, 2010
I have some problems by writing the result from my code-behind to the label in the view. I get the following error message:
Compiler Error Message: CS0131: The left-hand side of an assignment must be a variable, property or indexer
[Code]....
Here are some code of the view...
[Code]....
View 2 Replies
Aug 17, 2010
I am wondering how does this website - stackoverflow handle the user authentication? It accept yahoo, google, facebook, myspace, openID etc to login. And most importantly with asp.net.I want to build something like this too.
View 1 Replies
Jan 27, 2011
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
View 2 Replies
Jan 21, 2010
How should I log exceptions? I never tried logging in .NET before. Nor try to dump exceptions to a txt (or binary) file. I dont require a text file, just a way to view the logs with the file and line #.
-edit- using asp.net
View 13 Replies
Aug 5, 2010
I have the following code
[code]....
and while that presents a friendlier error message to a user, I've forgotten how to show me the "real" error.
View 2 Replies
Apr 1, 2011
I have a set of WCF services which I have been using with an ASP.NET MVC application so far. These service operations return a FaultException when the server has identified problem with what the client has submitted. For example:
[code]...
However with Silverlight this all fails. The server returns a 500 status code with the faultexception (as expected) but to Silverlight this just looks like a duff response.
The following MS article indicates a (ugly) work around for this: [URL] This workaround makes the service transmit 200 status codes, even if there is a FaultException, so that the Silverlight client can get them. But this will mess up 'normal' clients of my service (my ASP.NET application, other users in the wild).
However, the point of services is to have seperation from your clients. I still want my services to return 500 status codes so that my ASP.NET application can detect the FaultExceptions and handle them. But I also want Silverlight to be able to handle them too.
View 1 Replies
Mar 11, 2010
string lNewHTML = Regex.Replace(lOldHTML, "(word1|word2|word3)", "<a href="page.aspx#$1">$1</a>", RegexOptions.IgnoreCase);
The code works, but I need to include some exceptions to the replace - e.g. I will not replace anything i an img-, li- and a-tag (including link-text and attributes like href and title) but still allow replacements in p-, td- and div-tags.
View 2 Replies
Feb 11, 2011
I need to handle 404 exceptions differently than all other types of them. What is the best way to identify those 404 exceptions (distinguish them from other exceptions)?
The problem is that there is no a special exception class for 404 errors, I get regular System.Web.HttpException with Message = "File does not exist."
Should I just use exception's message for it or is there a better way?
View 4 Replies