| Need to run WebService under Admin acct. (W2K) (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have a web service that requires admin privileges to do its work. Does anyone have an example of how to do this? I digged thru my archive & found a ScottGu notes saying identity userName ... / only works for XP. Seems to be the case since none of what I tried w/ identity / worked. I have W2K, BTW. Any info greatly appreciated. |
|
| Impersonation Question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have a page that uploads files and creates directories on my web server. Right now, this page throws up an NT Authentication dialog whenever it loads and requires me to login with my credentials so that it has the authority to do these write operations. I would like to encapsulate this authentication within the code of the page, using ASP.NET's user impersonation functionality. I haven't tried t... |
|
| Generic principals (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngvs] to [aspngsec] by Devin devinr@drone interactive.com Hi, I have the following code assigning roles to a user: GenericIdentity objIdentity new GenericIdentity(AdminID); ArrayList arrRoles new ArrayList(); arrRoles.Add("Admin"); string[] strRole ((string[])arrRoles.ToArray(Type.GetType("System.String"))); GenericPrincipal objPrincipal new GenericPrincipal(objIdentity, strRole); T... |
|
| Question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, i found the articule you wrote article at 4guysfromrolla called "Implementing Role Based Security with ASP.NET," and i was interested specially in the second part, i was looking your code and i was wondering if is allright to go to the DB every time you perform an Application AuthenticateRequest, what i did is to declare a global variable (the string array) in the global.asax file public stati... |
|
| A question in the case of similiar named passwords and length of the password (2 replies) |
| ASPFriends.com 'aspngsec' list |
| A question in the case of similar named password and length of the password First I do not have in this case any setting or code set to limit the size of the password at least I cannot not find any code that set the password length. this password is used only within my application to control access to internal paths. It has nothing to do with logging on. If a password name is similar in mycase one... |
|
| Problem impersonating ASP.NET application (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, I have an IIS server running ASP.NET application which should connect to another machine in domain and read some data. So, as far as I understand, in order to make it work I have to replace account ASP.NET running under (instead local ASPNET account set some domain account). I created section in the web.config file: identity impersonate "true" userName "[some domain account]" password "..."... |
|
| ASPNET Permissions on db folder (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I'm upgrading our beta2 intranet to V1 and hitting a permissions issue. On my development machine (XP Pro) I have the database residing in the root of my C drive while the website resides in the wwwroot directory under its own virtual directory. I have turned simple file sharing off and I gave the ASPNET user full control over the directory where the db lives. No joy. However if I make ASPNET ... |
|
| Can't create Active X control. Permission denied (4 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Moved from [ngfx mail] to [aspngsec] by Marcie Jones marciejones@yahoo.com Hi all, I'm having an access denied problem when creating an instance of excel from my asp.net V1 program. It worked with Beta 2, but now aspnet user comes to play. This is my call: xlApp CreateObject("Excel.Application") and the error: Cannot create ActiveX component. Event Log: Access denied attempting to launch a DCOM Se... |
|
| IsAuthorized() missing (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Why is there a Request.IsAuthenticated and not Request.IsAuthorized()? Am I overlooking something or is there a way to achieve this behavior? Normally you would use User.IsInRole, but that way it's not practical if you have multiple roles who have access to your application (using forms authentication btw). Thanks, Yannick Smits |
|
| Cookies - Null reference exception. (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Charles M. Carroll charlesmarkcarroll@yahoo.com Hi all, i Got a login.aspx which authenticates user a against a database and if succesfull sets a cookie in the following fashion Response.Cookies("Account").Values UserID, where User ID is an auto increment value of the User. Once this value is set the user redirected to accounts.aspx page. In the accoun... |
|
| authentication problem (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, My web site security is based on a custom authentication filter, which works correctly, but my problem is that I'm not able to retrieve the original name entered by the user in the authentication window. In ASP, I was using the server variable REMOTE USER (definition is : Unmapped user name string sent in by the user. This is the name that is really sent by the user, as opposed to the names... |
|
| Impersonation error (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi Guys, I'm trying to impersonate the ASP.NET pagers with the identity tag. In both machine.config and web.config I'm getting the same error. "Could not create Windows user tocken from the credentials specified in the config file. Error from the operating system 'A required privilege is not held by the client.'" I've given access to the folders for the the impersonating user. Still I get this err... |
|
| NOT ANSWERED: session and windows authentication (logout and login) probl (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Original Message From: Eivind Bjoraa Sent: Wednesday, April 10, 2002 12:21 PM To: 'aspngfreeforall@aspfriends.com' Subject: session and windows authentication (logout and login) probl Hi I'm using session and windows basic authentication under one folder, giving limited access to part of my web app. I have a problem with logout, how can I get the login window fired up after logout link clicked and... |
|
| bypass login page during development (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Is there some way to bypass the security config while I'm developing, but enforce it when I move it to prod., without having to edit web.config each time? Brent Giesler Dallas, Tx 972.754.4100 www.aspguy.com brent@aspguy.com |
|
| Security Issue (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngstart] to [aspngsec] by Ken SChaefer ken@adopenstatic.com Hi , I am developing a web based application using asp.net . In this application we are showing excel files to the user after authentication. I am using formbased authentication. Once user is loggedin then he can view excel file and he can easily find out path of excel file . Next time without login also he can view the fil... |
|
| NOT ANSWERED BEFORE: EncryptedTicket error (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Using forms authentication on a web site. Some machines are getting the error below. I got the authentication code from iBuySpy. Believe this line is causing the error Dim ticket As FormsAuthenticationTicket FormsAuthentication.Decrypt(Context.Request.Cookies("sysroles").Value) I know the cookie "sysroles" is being created. Anyone have any ideas on a fix? Server Error in '/ODTWEB' Application. Inv... |
|
| Access Denied with Active Directory (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Has anyone been able to add Active Directory entries with ASP.NET? I've been trying to get the code below to work, but keep getting the following error: System.Runtime.InteropServices.COMException (0x80070005): Access is denied at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get IsCont... |
|
| User.Identity.name not displayed (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, I am doing s imple a login function here. I check for the suers credentials and if validated Set a Cookie & redirect him to a test page. Now on the test page I want the User.Identity.Name ( which I am assuming is the value of the cookie set using Forms Authentication, correct me if am wrong) to be displayed on a label. But the test page is just blank and the label does not display anything... |
|
| Impersonation with in ASP.NET (8 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, Has any one try to do impersonation with in an ASP.NET page using the Win32 API call? I'm trying the following code and it is not quit wroking the way it should be. script language "C#" runat "server" //Decalre a class public class Win32API { //Import the Win32API into the class and make it as a static method [DllImport("advapi32.dll")] public static extern bool LogonUser(String lpszUsernam... |
|
| Protecting Database Password in connection string (15 replies) |
| ASPFriends.com 'aspngsec' list |
| We have a website that is being hosted by a third party.. In my global.asax file I have set the applications connection string to the database, the connection string looks like... "PROVIDER MSDASQL;DRIVER {SQL Server};SERVER myServer;DATABASE myDatabase;UID myUserID;PWD 123456;" Now obviously I don't want our host to be able to look at our data, so we can't afford to let them view the .asax file a... |
|
| Protecting source code - IL is not enough! (7 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, and thank you all for your help in protecting my database connection string. It still seems the most fullproof way is to encrypt the connection string using some form of cryptography, with a public and private key, and then search for that private key at connection string build time. Well on another similar topic, I would like to know, I have been developing business management software for th... |
|
| IsInRoll delay (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I'm using Windows Security and I need to check group membership for access to restricted areas on the web site. I'm using User.IsInRoll("Domain\Group") After making a new group and add a test user in to it (Then Sync ing the Active Directory) the user is not in the group. 20 I tried Stopping and starting the IIS Service I keep on resyncing the domain Still it did not reflect in the Web Page Fi... |
|
| Authorization with Web.config with non-.NET pages (7 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi! On my web server I have a subfolder of the app directory. All files from that directory should NOT be served directly by the webserver but rather streamed by an aspx page. I know I could either move that folder outside of the app dir or set it up accordingly with IIS. However, I was hoping I could save a Web.config file in that folder and deny * in the authorization section. Unfortunately, it ... |
|
| How to Check if Cookie is EMPTY? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, In my application , I have FormsAuthentication. I set a cookie through FormsAuthentication once a user is successfully logged in. The value of the Cookie is the value of the User.Identity.Name. In a particular page I want to check on my Page OnLoad function if this value is empty and redirect them to the default.aspx or if it is valid to continue with the page. On Second thoughts, would it... |
|
| Identity fallback in ASP.NET (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Folks, I have an ASP.NET web application that is using "Integrated Windows Authentication". For one of the feature in the application, I start a thread that will perform the operation in the background and keep updating the database about the status. The ASPX page refreshes every 5 seconds and once the operation is completed it displays the results. One thing to keep in mind is "The operation need... |
|
