| Impersonation - again (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all, First of all, apologies in advance for what seems to be the beating of a dead horse. I've poured over the docs and the discussions, but I can't find an example that quite meets my scenario. SCENARIO: ASP.NET webserver on Intranet using Windows authentication. Webserver needs to create directories on a Linux server running Samba based on user input. Samba configuration grants certain users ... |
|
| Impersonation - uggrr (7 replies) |
| ASPFriends.com 'aspngsec' list |
| !DOCTYPE HTML PUBLIC " //W3C//DTD HTML 3.2//EN" HTML HEAD META HTTP EQUIV 3D"Content Type" CONTENT 3D"text/html; charset 3Dus ascii" META NAME 3D"Generator" CONTENT 3D"MS Exchange Server version 5.5.2652.35" TITLE Impersonation uggrr /TITLE /HEAD BODY P FONT SIZE 3D2 Hi , /FONT /P P FONT SIZE 3D2 Ambrose gave me some impersonation control I have allowed my MACHINENAME\ASPNET to run as part of OS b... |
|
| Enumerate the GenericPrincipal's roles ?array (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I've written some code that for each request, looks up user roles in a database, creates a GenericPrincipal object and populates the roles assigned to that user (see Application AuthenticateRequest below) I can then do things like: Label3.Text Context.User.Identity.Name.ToString() " br "; Label3.Text " is a member of role Manager: " User.IsInRole("Manager") " br "; However, I would like to be able... |
|
| Move IIS off the c: drive? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| So to move my inetpub directory off the c: drive (this is still recommended right I did not see it in any MS checklists though), I just physically move the inetpub to d and use MetaEdit? BTW that MS (and a lot of others) link is dead. Original Message From: Rob Caron [mailto:robcaron@microsoft.com] 20 Sent: Tuesday, June 04, 2002 4:39 PM To: aspngsec Subject: [aspngsec] RE: [aspsecurity] Re: Secur... |
|
| Forms Admin with two Secure Areas and two logins? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have a site that uses forms authentication for controlling access to a directory structure. I now want to secure another directory structure on the site with a different login page. The settings in the web.config file are as follows: authentication mode "Forms" forms name ".CharitySkillsAUTH" timeout "30" protection "All" loginUrl "/login.aspx" path "/" / /authentication authorization allow user... |
|
| 2 levels of authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| In my web.config in the root folder, it has forms authentication setup. I want to have a /Admin section with its own web.config. I have created a /admin folder with another web.config which allows only a certain user. The problem is that if I access the admin/index.aspx page it directs me back to the login.aspx page setup in the root's web.config. I want to have a separate login page for the admin... |
|
| form auth and pdf files (5 replies, VIP) |
| ASPFriends.com 'aspngsec' list |
| Has anybody run into this problem? I have setup form security on my web site. On the site, I am securing a few dir with exe,zip and pdf files using a Web.config that deny access to unauth users. I've setup my machine.config to go to my login page and setup the login page. I have also mapped exe,zip and pdf files in IIS 5.0 to be handled by the ASP.net dll (aspnet isapi.dll) only on GET and HEAD ve... |
|
| Thread.CurrentPrincipal question (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Ok, I went through the process of extending IPrincipal to suit my applications needs, and it works GREAT....for the first page hit only. I assign my custom IPrincipal object to Thread.CurrentPrincipal in the global.asax Application AuthenticateRequest evtn. It was my understanding that by assigning it to Thread.CurrentPrincipal in that event in the global.asax, would make my custom IPrincipal avai... |
|
| What Sets IsAuthenticated=True (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Cain Marco juggernaut@aspelite.com I have a forms based application that is giving me fits. I noticed that, in a location where the IsAuthenticated property had been True, it was now false and the was not working as expected. I am wondering if I have a setting that is invalid?? Can anyone tell me what sets the IsAuthenticated property to True what cons... |
|
| Default page in form authentication (9 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngstart] to [aspngsec] by Cain Marco juggernaut@aspelite.com How do you change the default page from default.aspx when using forms authentication? |
|
| Form Authentication and Roles (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi, I have users with three different levels of authorization, each level will give them access to a specific sub folder of the web. Ideally, higher levels of authorization will include authorization to all lower level folders. I can not use Windows Authentication. What are my options to simulate roles with form authentication? different cookies for different roles role stored in session etc. I'm ... |
|
| Is there a way to Enumerate the GenericPricipal object's roles array? (5 replies) |
| ASPFriends.com 'aspngsec' list |
| I've written some code that for each request, looks up user roles in a database, creates a GenericPrincipal object and populates the roles assigned to that user (see Application AuthenticateRequest below) I can then do things like: Label3.Text Context.User.Identity.Name.ToString() " br "; Label3.Text " is a member of role Manager: " User.IsInRole("Manager") " br "; However, I would like to be able... |
|
| Email (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by devin devinr@drone interactive.com Hello everyone. I'm learning asp.net and just tried to use the system.web.mail namespace and received an error about security. I'm working through Wrox's Beginning ASP.net using vb.net. In the book errata, they did address the security issue and had instructions for setting "write" permissions for the folder containin... |
|
| Information on user (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Yannick Smits dotnet@stepcompany.com !DOCTYPE HTML PUBLIC " //W3C//DTD HTML 3.2//EN" HTML HEAD META HTTP EQUIV 3D"Content Type" CONTENT 3D"text/html; charset 3Diso 8859 1" META NAME 3D"Generator" CONTENT 3D"MS Exchange Server version 5.5.2652.35" TITLE Information on user /TITLE /HEAD BODY BR P FONT SIZE 3D2 Hi all, /FONT /P P FONT SIZE 3D2 How do I ge... |
|
| Using Widows domain accounts inconjunction with database/Enterprise Services defined roles (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Anyone have some concise sample code that integrates Windows domain accounts security along with roles/groups contained/defined within a database or possibly Enterprise Services? (formerly known as COM Services) What I'm looking to do is utilize existing Intranet accounts while applying a custom user group structure (as developers don't often have the ability to have the IS department define domai... |
|
| web.config 101 (2 replies) |
| ASPFriends.com 'aspngsec' list |
| I have some simple asmx files running on my web server. When I have NO web.config file the following code runs BUT if I stick in my web.config it gives me an unauthorized message. %@ WebService Language "C#" Class "ADOWebSvc" % using System; using System.Data; using System.Data.SqlClient; using System.Web; using System.Web.Services; [WebService(Namespace "http://www.oreilly.com/webservices")] publ... |
|
| ASPNET User Security Issue (12 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspappsecurity] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Moved from [aspngvs] to [aspappsecurity] by Tim Musschoot Tim.Musschoot@rug.ac.be Hello, It seems that when you are running an asp.net app, the security context runs under the ASPNET user account, not the IUSR Machinename that is defined in the IIS MMC. In a shared hosting environment, this might be dangerous if you... |
|
| Trying to change Temporary ASP.NET Files directory (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, I am trying to change to location fo the Temporary files that .net sticks the assemblies once compiled. I am using: compilation tempDirectory "C:\websites\S\site1.com\temp\" debug "false" explicit "true" defaultLanguage "vb" / But when I try to run an aspx page, I always get an error: Failed to create temporary files directory 'C:\websites\S\site1.com\temp\root\d5eda910\1b06d7a2'. Access de... |
|
| web.config connection string? (3 replies) |
| ASPFriends.com 'aspngsec' list |
| In the web.config file to store the database connection string it exposes cleartext password to sensitive database. Like this appSettings add key "DBI.ConnectionString" value "Provider OraOLEDB.Oracle.1;Password mypass;Persist Security Info True;User ID me;Data Source SGUCode;"/ /appSettings ****************************** Is there any another solution that does not expose the password in cleartext... |
|
| Problem w/ Deleting Records... (8 replies) |
| ASPFriends.com 'aspngsec' list |
| I am having a very strange thing happen... I set the folders where my database resides in Windows XP to Full Access (Read Write).. When I run and launch my ASP.NET application, I am receiving errors trying to delete records in a table. (Can't delete from specified tables) I close my application and launch Windows Explorer and for some reason the folder where the database file resides is set back t... |
|
