Authorization Using Azman And Store - Xml, Adam , Sql ..etc?
Jan 21, 2011
I am setting up Azman for authorization in my asp.net web application. I can have the Azman store as XML or ADAM or Sql server. My question is, which store (XML,ADAM,Sql,..etc) is better in what scenarios.
we are developing an ASP.Net website for a client and were intending to use ADAM and AzMan for AnA,having successfully used them in the past.Reading the existing documentation it seems to suggest that this is 'old' technology and that neweralternative solutions are available that ought to be used in preference.
Bearing in mind that using SQL server as a user store is not an option for us what should we be considering as an alternative to ADAM & AzMan?
I want to maintain different user authorization lists for different environments. I know that connectionstrings can be broken out in an external file with configSource, but how would I do this for the following?
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
We have been using AzMan in development and all was going well until we tried using it our QA website (Windows 2008 Enterprise SP2) and I get: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) --- End of inner exception stack trace --- at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters) at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams) at System.Web.Security.AuthorizationStoreRoleProvider.CallMethod(Object objectToCallOn, String methodName, Object[] args) at System.Web.Security.AuthorizationStoreRoleProvider.GetClientContext(String userName) at System.Web.Security.AuthorizationStoreRoleProvider.GetRolesForUserCore(String username) at System.Web.Security.AuthorizationStoreRoleProvider.GetRolesForUser(String username) at OurApp.login.ValidateAgainstSpecificADProvider(ActiveDirectoryMembershipProvider provider) at OurApp.login.AutoValidateForAllADProviders() at OurApp.login.Btn_Login_Click(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
This is when the call to GetRolesForUser(username) is made to the AuthorizationStoreRoleProvider. The website is running under it's own machine service account and when I look at the Security tab in AzMan.msc I can see the service account has Administrator access to the store. I've tried adding to the Reader rights but this doesn't do anything.
This error has not shown up in development on Windows 7 Workstation and interestingly the local store was created in the same way from the website code, so the website service account has full access. I've checked file permissions and played around with the security settings in AzMan.msc and I cannot get it going. At one stage the error changed to "Invalid Handle". There is nothing in the event log so it's very tough to troubleshoot an obscure COM error like this. I guess it could be anything! :)
I also tried impersonating a domain account for the call based on some other posts I read on the net but this didn't work for me. The other interesting thing to note is that the website creates the store (first time) and it actually mnages to create the store without any problems at all. It's just this call to GetRolesForUser that blows out.
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
hey folks I got a general question that maybe some of you can just weigh in. I developed an online store for a client and people place orders online for a food ordering place however I am trying to find the best way to have the orders show up for them at the store. Currently I am sending an email and an autoprint software prints it out which works most of the time but not good enough sometimes it doesn't print. Anyone had similar issues or have other alternative solutions you may have heard off? Like I said the site sends an email to the customer and the store's email account.
Its related to datatable in gridview store in session and then session retrive and store to database. basically i am using gridview here creating new row for button click and these row adding untill user's last entry then submit all these entry to database. so i want to use session variable to store this data temporarily and after final entry user click on submit button and all data shold be save in db.
Is it better to store images directly in a database or to just store the name of the file in the db and display that file? I would think that just storing the filename of the image would keep the db size low...
Web service error response (code/message etc) would you store it in a database? or would you keep the error response in a method.By the time I'm done with this, there will be hundreds of error response, maybe in the future, thousands? (I dont know yet, depends how large this web service grows).EDIT: error response is the response returned back to the application via the web service, (not to be confused with error logging).
I've an Admin area and I want only Admins to enter the area. I considered adding the Authorized attribute to every controller in the Admin area. Isn't there an elegant solution or is this feature not there in the framework itself?
EDIT:
I should to have mentioned this before. I'm using a custom AuthorizedAttribute derived from AuthorizeAttribute.
was wondering how do I make it so when a user goes to a page its only displayed if he is logged in and secure, but if he is not logged in he is redirected to the login page?
Iam using forms authentication in asp.net Application,i want to make pages accessible depending upon roles defined in database. for eg there are three rolesdefined in database salary admin, manager, Clerk. i want a page salary.aspx can be accessed only by salary admin and not any other roles.
I have a problem using windows authentication and the authorization-tag in web.config for my asp.net application. When I host the application in IIS (both in IIS 6 and IIS 7) the authorization-tag is ignored. When I run the application in asp.net development server that comes with visual studio 2010, it works perfect.
I have the usual requirement of implementing Authentication and Authorization. I used to implement it using custom code where I have Users, Roles, Role_Pages, User_Pages, and User_Roles. So this way we can give a certain user roles (that group multiple pages) and/or directly define access to certain pages. All that with the ability to specify fine grained permissions like the ability to Add/Edit/Delete records in those pages.
My question: How easy is it to implement this using Forms Authentication and what advantage does that give over implementing a custom solution. I am also concerned with knowing if there would be any advantage when it comes to securing from session hijacking and against spoofing where an attacker could replay requests and impersonate legit users. Would Forms Authentication have any advantage there, or is it only SSL that can secure against that (which makes both approaches equal in that regard).
What is the authentication mode available in ASP.NET? How do you set authentication mode in the ASP.NET application? How do you provide secured communication in ASP.NET? List out the difference between windows authentication and form authentication. ?
'm using Visual studio 2005 with C# on .NET framework 2.0.. I am implementing forms authentication in this project but the problem is when I'm on registration form ( outside login) and try to open any window on that form using java script (window. open) it redirects me to login page. How should i tackle this problem?
We know that authorization's stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views. But I still not find an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding.
Example Form: Product Creation Fields: Name Price Discount Roles: Role Administrator
Is allowed to see and modify the Name field Is allowed to see and modify the Price field Is allowed to see and modify the Discount
Role Administrator assistant
Is allowed to see and modify the Name Is allowed to see and modify the Price
Fields shown in each role are different, also model binding needs to ignore the discount field for 'Administrator assistant' role.
I am using forms authentication in my ASP.NET MVC application. I want to the signup page from the authorization process. I know I can add a location tag in my main web.config file or create a new web.config inside the specific folder. But I just to exclude one specific action in the User controller. How do I do it?
I am using forms authentication with ASP.NET MVC. Within web.config at application level I can set the paths that I require authentication to as follows;
subdir1 is folder name within the Views folder. This works for the web page routing as [URL] However, if my subdir1 is under another dynamically created route, this setting does not work. For instance; [URL] does not request authentication. dynamic is created at runtime and web.config does not know about it at application start but it should not care about it, I just want it to ask for authentication whenever there is an access to subdir1 route. Is there any way that I can set the location's path attribute for this case? or do you have any other way to solve this issue?