Ultimate goal is to provide protection against programming mistakes. I want to make sure that every page in a portion of my web application has a role specified like below. Ideally I would like to programatically check all requests coming in ( think IHttpModule ) and make sure that the page being requested has a role specified.
I can't seem to find how to get programatic access to the allowed roles.
[code]....
i get the above error when i try to run this sql statement
INSERT INTO PSPS_Posts (Post, Date_Posted, user_ID, Thread_ID) VALUES (@Post, @Date_Posted, @user_ID, (SELECT Thread_ID FROM PSPS_Thread WHERE Thread_ID = (SELECT MAX(Thread_ID) FROM PSPS_Thread
I am not using URL Rewriting, my app works fine until I try to hit a .PDF file or even a .TXT file via a link that I have dynamically generated into the PostBackUrl of a LinkButton. The path is correct. I have thoroughly researched this issue on here and most of the issues are with people using a POST action or not or the URL Rewriting, which I am not. In IIS Error looks like:
Server Error in Application "DEFAULT WEB SITE/EVENTS"Internet Information Services 7.5
Error Summary
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used. Detailed Error Information
Module StaticFileModule
Notification ExecuteRequestHandler
Handler StaticFile
Error Code 0x80070001
Requested [URL]
Physical Path C:projectsEventsEventDocs48ea946f-e948-e011-ad73-00155d0e670b2011.pdf
Code to dynamically generate the url to click to is here:
public void DocumentsRepeater_ItemDataBound(object sender, RepeaterItemEventArgs e)
{
LinkButton LinkToDoc = (LinkButton)e.Item.FindControl("LinkToDoc");
Label FileNameLabel = (Label)e.Item.FindControl("FileNameLabel");
LinkToDoc.PostBackUrl = "~/EventDocs/" + SessionValue.EventId.ToString() + "/" + FileNameLabel.Text;
LinkToDoc.Text = FileNameLabel.Text;
}
[code]...
I get the Subqueries are not allowed in this context. Only scalar expressions are allowed - i am going to run into this quite alot so I figuredI'd better see what the right way is!
Below is my code:
[code]....
The HTTP verb POST used to access path '/test.html' is not allowed
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. Â To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Requested registry access is not allowed.
What changes & where do i make in webconfig??
I created a Function called GetWordsLike("word") it look in database to get some words that they are like "word". i also have a TextBox in my page to get "word" from User.
i use ObjectDataSource to databind a gridView and this ObjectDataSource use the GetWordsLike("word") Function to get the data frome database.
now i need to give this "word" to ObjectDataSource programatic.
I have a interesting problem and being relatively new to .NET I thought to try the forum for some guidance. I need to present information from a database, typical, but I need to create stand alone views of the data based on the "category" for the reported information. I don't know how many or how few categories I might need to generate but each needs to be displayed in its own datagrid or gridview. I did a prototype report where I could dynamically generate a variable number of columns in a generic datagrid already placed on the page based on the database but the user "changed their minds", also typical, and want a different view (actually views). Does anyone have any thoughts on creating anywhere from 1 to a dozen (or more) datagrids in the code behind and then pushing them out to the aspx page for the user? Can you dynamically generate datagrids and gridviews on the fly? Or would you need to?
View 3 RepliesI have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
well i have a simple application using an authentication (user and password) before accessing and there are several roles bound to each user.
in my web.config i have configured the acces for each page according to each role, this is an example below:
[Code]....
and i have 2 users:
1: admin (default role: administrator)
2: guest (default role: role1)
my problem is as follows:
if i give acces to the user "guest" to open the "admin.aspx" page with changin him his role from "role1" to "administrator", this one do not function except if i recharge the web.config file to the server it's just after this manipulation that this user "guest" arrives to open the page "admin.aspx".
i don't know why this problem occurs, normally changing the user role will applies instantaneously.
I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.
Level 1 - Support
Level 2 - Manager
Level 3 - Senior Manager
Level 4 - Department Head
etc.
If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.
Questions
When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality? Is there a better way of doing this?
How can i ristrict access to controls depending on users roles, on a page.?
View 1 Repliesin my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 RepliesI am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
I'm using vs 2005 and asp.net 2.0 to create my website. Recently, I thought about applying membership instead of my customized security system in order to achieve higher security level and performance. At first thing went well, since it was easy to create/manage users and Role names from behind code, but when I came upon the "Access Rules" I faced what you can call it an 'obstacle' at least from my opinion.
The thing is, I don't want to use Asp.net Web Site Administration Tool to create and manage my access rules which I'm going to assign to each of my dynamically created Roles. What I want to be able to do is make a page where the Admin can create/manage his desired Role(s) and also, create/manage the Access Rules, then add such Access Rules to the previously created Role(s).
Now, what I need to know first is... is it even possible to do such thing in the first place? Because the way i understand it is, since the access rules are stored in the web.config of each folder/directory that you apply them on then it shouldn't be allowed to modify it from the running/published website.
i'm parsing a few .net resource files (.resx).In that, i have this piece of data:informaciónThis works in my .net app, but when i try to load this file in my xml document
XDocument xmlDoc = XDocument.Parse(s);
i get this error:Reference to undeclared entity 'oacute'.
Let's say I have a rolegroup as follows:
<asp:LoginView ID="lvDoSomeStuff" runat="server">
<RoleGroups>
<asp:RoleGroup Roles="RoleOne,RoleTwo">
<ContentTemplate>
...
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
Is there a way I can make it so that a user must meet RoleOne and RoleTwo to satisfy the RoleGroup? By default, if a user is in either of the two roles, they will be granted access. I know I can do this via the code-behind, but I'd prefer to be able to wrap some content template with this markup instead of having to wrap it in a panel and hide the panel programmatically.
i want to implement asp.net role provider to assign users over my LAN to roles and have my asp.net intranet app implement security based on roles.
i dont want to use VS to manage this with the built in tools but rather hand this off to users to manage themselves. i want an admin folder with a page(s) for admin roles to be able to create/edit roles and manage users in roles... this way an admin can add a domain user (MyDomainUsername) to a role such as ProojectManager or Tester or Developer... and users wont need to contact me for these tasks...
can anyone provide me a link (or some sample code) to some sample i can use to admin roles and users over a LAN in asp.net with c#?
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I'm planning to make a page that has about 10 different pages for varying use, for example, stats, data entry, reports, logistics, audit, sales, promo, etc etc. I'm anticipating there will be many combinations as to what pages a user may have access to, for each page, a user ought to be authorized to either enter new data, edit data, print and/or just view.
My questions are :
1. can membership & roles be used, once user is logged in, to display links to all the areas of the web app he is allowed access to?
[code]....
2. besides having access to a particular page, a user should, as mentioned before, be authorized to either enter new, edit, print and/or just view data.
3. Is there a preferred/better method to handle this besides using membership & roles?
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies