I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
am new to webservice accessing from javascript.I call a webmethod from javascript which returns a string array. whith this array i bind a dropdown list at client.At dropdownList selectedIndexchanged event I found there is no item in DropDownList. Is there any way how to bind the DropDownList using webMethod so that on postback i can get the dropdowns item.
I have and web application and there are two dropdowns. I want to use Javascipt to populate the the second dropdown on basis of the selection of the first dropdown.
I'm investigating creating a WCF REST service for an existing asp.net application to be consumed by various clients including Windows Phone 7, Android, iPhone apps etc.Creating a simple WCF REST service and consuming it from the above platforms is not a problem and works really well. What I am struggling to get my head around is authorization.The asp.net application uses the Membership provider to provide authentication and authorization and I'm comfortable in using that API from the REST service.
How do I secure my REST service so that the first call has to be to authenticate (passing the username and password) and following calls know who is 'logged in'. I'm guessing the authenticate method will have to pass back some sort of token to be used in subsequent calls identifying the caller. Is this secure enough as the whole site / service is over SSL?
To test I have been using "Administrators" which is a valid role so should allow me access and "TEST" which isnt. This works fine when using the above attribute however when I comment that out and use this in my Web.Config file:
I upload the file. I m creating web service to read that uploaded file. how can I access that uploaded file path in web service.? How can I read the uploaded file using web service?
I am getting "Access Denied" error when I am trying to write a file on my hard drive (C:/.... xmls/test.xml) from a webservice which is also on my local machine.
The folder structure is like this
AdminApp (Web Folder on C drive) - WebServices Folder - TestService.asmx -Xmls Folder - Test.xml
I tried following settings in IIS in my efforts to resolve the issue:
- Set anonynmous access checked with my account name and password under "Account Used for anonymous access" alongwith integrated windows authentication checked. I am a admin on my machine.
- Disabled anonymous access with only integrated windows authentication checked. I have identity impersonate = true set in my web.config.
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
I am using javascript file for validtion. Now I have to localize that javascript file. I want to HttpContext.GetGlobalResourceObject() in .js file. Can I use HttpContext.GetGlobalResourceObject() in my .js file? Is there any other option to locaize javascript file.
i am developing in asp.net and i use different JavaScript and CSS files.
i have a master page "masterpage1" a folder admin in this folder i have a masterpage, called masterpageadmin which inherits from the masterpage1 and all aspx files in the folder admin inherits from the masterpageadmin only the "admin" role can acess to the masterpageadmin and aspx files in the folder admin
My question:
how should i reference in my masterpage1 my JavaScript and CSS, so that the aspx files in the admin folder can use them.
i want to access a javascript function which resides in a script file from another page with iframe. my sample code :
Page from which javascript need to be accessed.
<iframe id="FRAMESET" src="default.htm" width="0%" height="0%"> <p> Your browser does not support iframes. </p> </iframe> default.htm <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="Scripts/main.js" type="text/javascript" /> </head> <body> </body> </html> main.js function helloWorld() { alert("hello World"); }
i want to access this function on main page. i tried document.getElementById('FRAMESET').contentWindow.helloWorld(); but gave me error "that document.getElementById('FRAMESET').contentWindow.helloWorld();" is not a function.
i am developing the web application in Asp.net i hav many .aspx pages in the project some of belongs to Admin and some some of to Customer so how can i divide that and how to access admin pages to admin login and customer pages to customer login.
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
I have written code to access a text file in another server from my application in javascript. This code works fine in IE but fails in mozilla firefox. Below is the code i have written.
var httpRequest; httpRequest = new XMLHttpRequest(); httpRequest.open('GET', url, true); httpRequest.setRequestHeader('X-PINGOTHER','pingpong'); httpRequest.setRequestHeader('Content-Type','application/plain'); httpRequest.onreadystatechange = function() {alertContents(httpRequest); httpRequest.send(''); function alertContents(httpRequest){ if (httpRequest.readystate == 4){ if (httpRequest.status == 200) { alert(httpRequest.responseText); } } }
I want to maintain different user authorization lists for different environments. I know that connectionstrings can be broken out in an external file with configSource, but how would I do this for the following?
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
We have created a new cname for our subdomain website. The new website is working properly with cname. We do have .net application inside the webiste which is not working with cname. For eg,1. http://servername/_folder1/app/mypage.aspx (Accessing .net application (App) website without cname)2. http://NewDomian.xxxx/app/mypage.aspx (Accessing .net application (App) website with cname)The first case is working perfectly, but when I access the second url, I got the following error.Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.Source Error:
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
I simply want to create one file and then delete it, means I want to access one file subsequently. I am getting the very familiar error as shown in title. (Process can't access the file,) I have tried using file stream and all other stuff that I found from Googling but no success so far. Does any body have small and neat solution? in short, I would like to run the following statements without any error.File.Create("C:\hsp1.txt");