C# - PrincipalPermission Versus Web.config For Page Access Controls
Jul 13, 2010
I currently have my access permissions in web.config:
[code]....
This is a very weird one... I just added ASP.NET4 routing, which changes the URLs. So, all of a sudden my web.config permissions are no longer valid! Similar to point #2 above.
I was thinking it would be better to just use PrincipalPermission as security attributes for the classes/c# files involved in each aspx. My question:
More importantly... My PrincipalPermission attribute generates an exception (good) but does not redirect users back to the logon page (bad).
View 2 Replies
Similar Messages:
Jul 7, 2010
Is it possible to make some values in my Web.Config file dependent on whether I am building a release or debug based ASP.NET application?
View 3 Replies
Sep 16, 2010
What is the difference between; Deploying an application Releasing an application Implementing an application
View 1 Replies
Feb 28, 2011
I have a simple method that is secured
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void lnkClearCache_Click(object sender, EventArgs e)
{
}
If this is clicked without the role, it generates a System.Security.SecurityException: Request for principal permission failed. as expected.
I use ELMAH to handle logging for my errors, and I have a custom ELMAH event in my global.asax to transfer to the error pages in ways that preserve status codes which works correctly.
[Code]....
This works all well and fine and redirects to my error page which works properly, however instead of displaying the content as expected. I immediately get a second request for the error page but this time using the value of customErrorsSection.DefaultRedirect that does not come from my code in any way that I can see.
As far as I can tell it's almost as if when .NET raises an exception for PrincipalPermission and then lets the entire request complete, then after the request is complete it throws away the application response and instead responds with the default custom error.
When I'm debugging I do break on 2 separate exceptions for PrincipalPermission, whether this is a just a rethrow by .NET I'm not sure but my .NET code never sees the 2nd throw, nor does ELMAH. I always end up with a single response, single error logged, but that the url that finally renders to the browser is the default url and not 403 url that I specifically server.transferred to. If I browse to a /location that is secure I properly get the 403 error page.
View 1 Replies
Dec 21, 2010
I currently have two roles like this:
[PrincipalPermission(SecurityAction.Demand,
Role="DomainAdmin")]
[PrincipalPermission(SecurityAction.Demand,
Role="DomainAnotherRole")]
The problem is that this inherited code is specific to the domain, and I want to eventually get the roles from the web.config file, so I can work on a VM not in the domain. have seen an example like this:
PrincipalPermission permCheck = new PrincipalPermission(
null,
@"DomainAdmin");
permCheck.Demand();
Since this throws an exception if user is not in role, how do I change this example to allow either of the two roles? I could use multiple IPrincipal.IsInRole() and then throw my own exception, but seems like there is probably a way to use the .Demand method with multiple roles. Update 12/21: Sample Code based on Union link from Ladislav's answer below:
PrincipalPermission ppAdmin = new PrincipalPermission(null, @"DomainAdmin");
PrincipalPermission ppAnother = new PrincipalPermission(null, @"DomainAnotherRole");
(ppAdmin.Union(ppAnother)).Demand();
View 1 Replies
Nov 30, 2010
In the root directory my web.config is doing the job of loggin in people to a website.
I don't need this behaviour in a directortory of the root directory. How do I solve this problem?
This are the authentication thins in my web.config:
[code]....
View 1 Replies
Jul 23, 2010
I've gone rounds with this ever since I started programming classic ASP 12 (or so) years ago and I've never found a great solution because the architecture of ASP and ASP.NET has always been a swamp of bad practices, magic shared singletons, etc. My biggest issue is with the HttpApplication object with its non-event events (Application_Start, Application_End, etc.).
If you want to do stuff once for the entire lifespan of an HTTP application, Application_Start is the obvious place to do it. Right? Not exactly. Firstly, this is not an event per se, it's a magic naming convention that, when followed, causes the method to be called once per AppDomain created by IIS.
Besides magic naming conventions being a horrible practice, I've started to think it might be a reason there exist no such thing as a Start event on the HttpApplication object. So I've experimented with events that do exist, such as Init. Well, this isn't really an event either, it's an overridable method, which is the next best thing.
It seems that the Init() method is called for every instantiation of an HttpApplication object, which happens a lot more than once per AppDomain. This means that I might as just put my startup logic inside the HttpApplication object's constructor.
Now my question is, why shouldn't I put my startup logic in the constructor? Why does even Init() exist and do I need to care about Application_Start? If I do, can anyone explain why there is no proper event or overridable method for this pseudo-event in the HttpApplication object?
And can anyone explain to me why in a typical ASP.NET application, 8 instances of my HttpApplication are created (which causes the constructor and Init to run just as many times, of course; this can be mitigated with locking and a shared static boolean called initialized) when my application only has a single AppDomain?
View 2 Replies
Aug 24, 2010
Which is better from a performance perspective?
Accessing a Global Application Variable (Application["foo"])
versus
Accessing an AppSetting variable from the web.config
Does .NET Cache the AppSetting variables so that it is not accessing the web.config file with every use?
View 2 Replies
Mar 2, 2011
I created a Handler if I add Handler in <system.web> it works fine for IIS 6.0 but doesn't work on IIS 7.0, and Vice Versa if I add in <system.webServer> . Is there any thing common I can do so that it should work for both
View 1 Replies
Apr 5, 2010
I use declarative roles in my MVC.NET controllers and I have a custom membership & roles provider.This works fine:
[Authorize(Roles = "ADMIN")]
Also, I have a base MVC.NET CustomController class that all controllers derive from, and it has a "currentUser" property that is auto-fetched from the session on demand, so all controller code just refers to "currentUser" and doesn't worry about sessions, httpcontext, etc. I've implemented the membership provider properly, as it works with other parts of the framework that just deals with providers, but until now I had not tried to access the "User" principal from a view.What is the simplest syntax for check roles in a view page? I know I can use a helper to generate a partial view but I don't want that here, I want to explicitly wrap some sections of a page in some role checks.Something like this:
<% if(currentUser.IsInRole("ADMIN") { %>
...
<% } %>
View 1 Replies
Jan 28, 2011
Lets say I have a Web Application with a menu of products. When a user clicks a menu item, then create and display a dynamic set of controls in an Update Panel. I am currently doing this however the PostBack and recreation of controls is tedious and resource intensive.
Not sure about this but is it possible to build a webpage with controls on it, then display it in update panel or IFrame? Then on post back you wouldn't have to recreate everything all over again?
View 5 Replies
Jul 31, 2010
my application uses a master page from which every other page inherits and also an external style sheet.
the problem i have is that once a messagebox pops up while running the application(maybe due to an error that was caught) the "content" part of the page loses the styles that were applied to them from the external style sheet. Only the Master page part of the page still retains the external styles.
assistance, will be very welcome.
Incase this might be useful too: i use the Response.Write method to call the javascript "alert" function to display pop ups.
View 2 Replies
Feb 2, 2010
What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).
View 1 Replies
Feb 17, 2010
I am generating a dropdown list in codebehind and cannot get the selectedindexchanged event to fire automatically. It works fine when put directly into the ASPX page, but I need it to be in the codebehind.
This doesn't work -
[code]....
View 4 Replies
Mar 30, 2010
I have a normal Wizard WebControl. On the first page of the Wizard, in the StartNavigationTemplate, I've added a button. When clicked, the button will generate a PDF (using iTextSharp) and post it back through Response.OutputStream. All this works just fine.
Now I want to wrap my Wizard in an AJAX UpdatePanel, to make it switch through the steps smoothly. However, this means that the Response from my PDF button is intercepted and does not do a post back. My solution to this was to add a PostBackTrigger for the PDF button, but since the button is in a template I ended up adding it dynamically. Here is how my final code looks like:
[Code]....
[Code]....
- if I load the page and the first thing I do is to click on the PDF button, then the PDF file is returned as a normal post back
- if I load the page, navigate to step 2, return to step 1 and then click on the PDF file, then the Response is intercepted by the UpdatePanel and not displayed.
View 4 Replies
Jul 26, 2010
I have one doubt Can we access one web.config file to another web.config file in asp.net
View 6 Replies
Jul 26, 2010
I am trying to control access to my website with windows integrated.
[code]....
Except that, this code isn't working. I can access it if im a member of that group or not. What is wrong?
I looked through some code, and thought maybe I needed to switch the ? for a *, but then that seems to just deny everything.
View 1 Replies
Jul 31, 2010
I have a key in the web.config file like:
<add key="MailFrom" value="my@email.com"/>
I need to access it in the code behind.How to do this in c#?
View 1 Replies
Mar 3, 2011
I have a problem with ASP.NET web configuration file. I want to deny some users or roles to accessing a specific PDF file. I am using ASP.NET membership and role management system. So I added this lines of codes to a Web.config file:
<location path="myfile.pdf">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
and put it to the directory witch the file is included in it. Now when I run the project in local system I can not access the PDF file wile I login with "admin" role. But when I publish the project on the web server I can not brows the folder but I can view the PDF file when I browse complete path to the PDF file. So:
I can not access : [URL]
but I can view : [URL]
View 2 Replies
Aug 23, 2010
'm currently planning to deploy a site with a third party hosting provider. I will only have access to the server via ftp and a tool similar to cpanel called WebsitePanelNo access to IIS set up or configs.Is there anyway to redirect http://www.example.com to http://example.com?
View 3 Replies
Jan 25, 2011
accessed only using IE 6.0 or above. If anyone tries to access the website using any other browser I want to display a big warning message. Is it possible to configure this in web.config insted of checking via javascript. I am assuming something like in authentication we have customErrors attribute were we can set the custome error page in case of failure to authenticate the user.
View 2 Replies
Jul 22, 2010
Is it possible to configure web.config to authorize a page to be only read locally (similar in concept to the RemoteOnly feature for error messages).
View 1 Replies
May 18, 2010
I want to be able to determine if the web.config element <compilation defaultLanguage="vb" debug="false" /> if the property is debug is set to true or false. Public Shared Function isDebug() as Boolean
View 1 Replies
Mar 30, 2011
I need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 Replies
Jan 10, 2011
I have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
View 2 Replies