| Extend context.user.identity (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi All, Is it possible to easily extend context.user.identity? I'm doing a forms authentication against a sql database, I return some extra data like clientID,FirstName,CompanyName,... I would like to make these available through my application using ex: context.user.identity.ClientID context.user.identity.FirstName context.user.identity.CompanyName ... Is this possible or is there another (and be... |
|
| .NET Security error after changing SQL stored procedure (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Copied from [ngfx sqlclient] to [aspngsec] by Bob Levittan blevittan@hotmail.com Moved from [aspngibuyspy] to [ngfx sqlclient] by Bob Levittan blevittan@hotmail.com After I change or add a SQL stored procedure and recompile my VisualBasic.NET application and then try to run ate application I get the following error: Security Exception Description: The application attempted to perform an operation ... |
|
| MSDE dD: DOT.NET connection works but not ASP connection string! (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I'm running MSDE, Server is "(local)" machine name assume "machinename" and I'm connecting to IBuyStore Portal Database. This connection works in .NET work SqlConnection("server localhost;Trusted Connection true;database Portal" ) This same string doesn't work in ASP3.0 'cn.Open "server localhost;Trusted Connection true;database Portal" But I have to do this (ie. Specify the driver): cn.Open "Prov... |
|
| Impersonating (9 replies) |
| ASPFriends.com 'aspngsec' list |
| I remember a recent impersonation discussion utilizing calls to LogonUser() in ADVAPI32. Has anyone found this to work on their workstation but not on the web server? We're running into this now and can't figure it out. My workstation is 2000Pro (Native) and our web servers are 2000 adv server, active directory. Thanks. Regards, Tim Ellison Senior Web Applications Developer, Long and Foster Real E... |
|
| System.IO.Directory.GetFiles (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Does anyone know why I'd get "Could not find a part of the path" and "Incorrect login" errors when I attempt to call the System.IO.Directory.GetFiles routine? I've taken off anonymous access (meaning that I'd HAVE to be authenticated with my domain credentials since that's how I'm logged in) and it still bombs out ... |
|
| Roles from DB when using forms authentication (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Is there a way to get a list of custom/dynamic roles into the FormsAuthenticationTicket once, when the user is authorized, instead of the samples I have seen where a new ticket gets set up in the Application AuthenticateRequest event by managing a separate cookie that contains a ticket with the list of custom roles read in from the database? |
|
| Forms authentication and code security (4 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti peter@aspdll.com I'm writing a ASP.NET Web application using using forms based security and I'd like to be able to write to the event log with my ASP.NET application. When I attempt to do this I receive an exception: Exception Details: System.Security.SecurityException: Requested registry access is not allowed. Source Error: 20 Line 21: ... |
|
| Roles and Form Based Authentication (7 replies) |
| ASPFriends.com 'aspngsec' list |
| Ok, I'm ready to pull the last of my hair out. I have a website with forms authentication: authentication mode "Forms" forms name "FormAuthentication" path "/" loginUrl "Login.aspx"/ /authentication a login page that assigns a role to the user: if(my user is authenticated) { HttpContext currentContext HttpContext.Current; string formsCookieStr string.Empty; FormsAuthenticationTicket ticket new For... |
|
| FormsAuthenticationTicket Info (5 replies) |
| ASPFriends.com 'aspngsec' list |
| Can someone point me to any info on applications of FormsAuthenticationTicket class? The MS docs are a bit thin in this area. Would it be when you want more direct control of the user's session? I'm trying to get a handle on when I would need to/want to use this ... as it seems this "general" functionality might be implemented behind the scences when using something like below for user authenticat... |
|
| Forms Authentication and Roles (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi all I'm using ASP.NET's built in forms authentication. I have all the user information, including the roles stored in a database. I limit access to areas of the site by defining which roles can access which virtual paths in the Web.config file. It all works very well. My question is, when ASP.NET denies access to a certain area, it bounces that person to the login screen. Now the user in questi... |
|
| Protecting non aspx and ascx resources (11 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspappsecurity] to [aspngsec] by Tim Musschoot Tim.Musschoot@rug.ac.be Moved from [aspngsec] to [aspappsecurity] by Tim Musschoot Tim.Musschoot@rug.ac.be Hi, Where can I tell the asp worker process to watch over non aspx and non ascx files. Currently, any other file with .rpt, .sql extension can bedownloaded without authentication. Thanks, Wolfgang |
|
| Temp ASP.NET directory (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, I was wondering if anyone has had any luck changing the Temporary ASP.NET files directory using the following tag: compilation tempDirectory "E:\web\T\test2.com\Temporary ASP.NET Files" /compilation I have been able to get it to work if I run the aspnet process under the System account, but if I try impersonating my IIS User, it fails with an access denied error, even though the IIS User ha... |
|
| FileCopy copyto permissions for copying across network? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Marcie Jones marciejones@yahoo.com What do I have to do to make this work...I know the worker is running under user ASPNET but I can't figure out how to give that user permissions to my network share that I need to copy files from and to. I've tried changing the ProcessModel setting to LOGIN as a valid user...but am coming up empty handed... |
|
| New Asp.net Web site ACL security permissions (3 replies) |
| ASPFriends.com 'aspngsec' list |
| I have an IIS server on w2k. I am setting up a new web site, which will have the web files located on a different drive than wwwroot. I installed the new ip, created the web site, re ran aspnet regiis.exe i (I think you have to do this whenever you install a new website to get the aspnet client directory installed). The question is what are the ACLs needed on the website's directories? Is there an... |
|
| Must impersonate in web.config (3 replies) |
| ASPFriends.com 'aspngsec' list |
| Hello, Anyone know of a way (or even possible) to force a user to use impersonation in their web.config file as well as specify the username and password? Thanks, Ely |
|
| Video Seminar of ASP.NET Security of PDC 2001 by Eric Olson (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Folks, Any idea where I can Download/View the Video Seminar of ASP.NET Security of PDC 2001 (http://www.microsoft.com/Seminar/Includes/VideoSeminar.asp?url /Seminar/en/ developers/2002218ASPNetSecur/portal.xml) The presentation was by Eric Olson. Thanks Raman |
|
| HttpWebRequest and X509Certificates...anyone? (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Has anyone had luck accessing a secured SSL site using HttpWebRequest and the X509Certificate class. I keep getting the error "Could not establish trust relationship with remote server.I have successfully exported a .pfx file to a DES 509 certificate .cer file. I then read in the certificate file with the code below and TRY to post data to HTTPS server. Here is my code. Thanks much Paul //////////... |
|
| Forms Authentication ReturnURL (15 replies) |
| ASPFriends.com 'aspngsec' list |
| In forms authtentication Information about the originating page where access was requested is placed in the query string using RETURNURL as the key. In beta1 this contained the entire URL. In the release this contains the path but not the web site. If you are using forms authentication across multiple websites. How do you know what the originating page is? |
|
| Role authorization in Beta 2 (19 replies) |
| ASPFriends.com 'aspngsec' list |
| Hey all, I know this has been a frequently discussed issue, and I've spent most of the night poring through the archives found in this group, and have seen many helpful answers. The only problem is (and of course, theres always a problem, elsewise I would not be writing this) I have not been able to get them to work. I previously (more like 4 months ago) wrote in with this problem, and Erik Olson ... |
|
| Re-direction does not work before loging into the app. (2 replies) |
| ASPFriends.com 'aspngsec' list |
| Moved from [aspngfreeforall] to [aspngsec] by Michiel van Otegem mvo@mail.aspnl.com I have an ASP.NET project that uses Forms authentication. I have added a "Contact Us" link in the login page. The problem is that the redirection to the Contact Us page does not work since the user was not authenticated. How can I solve this problem? Thanks, Marcelo. |
|
| IsAuthenticated woes (6 replies) |
| ASPFriends.com 'aspngsec' list |
| Hi! I have a site that employs form authentication (strongly modified version of ibuyspy portal). Intermittently, for logged in users the IsAuthenticated property will return false even though the client sends a valid authentication ticket. If such page is refreshed, IsAuthenticated goes back to true! Have you ever encountered such behaviour? Any hints/thoughts/concolences? :) Thanks Remas http://... |
|
