Asp.net Mvc - Handle Application Security Using ActionFilterAttribute And/or SiteMap Authorization?
Jan 12, 2010
i created the following ActionFilterAttribute to check if a user is granted access to a page. I also created two custom Exceptions to handle different scenarios: NotLoggedInException and InsufficientPrivilegeException.
[Code]...
Where do I catch the exceptions to for instance redirect users if not authorized?Should I perhaps use the SiteMap authorization somewhere else instead of using the ActionFilterAttribute and throwing Exceptions..?
note: as you can see I'm using a custom class for BLL.Page. This is a ORM page which has Role based security stored in the database. SiteMap is also populated based on this data
View 1 Replies
ADVERTISEMENT
Apr 5, 2012
I'm trying to set Order attribute of ActionFilterAttribute in my ASP.NET MVC2 application.
<LoginFilterAttribute(Order = 1)> _
<AdminFilterAttribute(Order = 2)> _
Visual Studio intellicence tell me that Order property could be typed, but when I do that the compiler throw an error "Order is not declare. It may be inaccessible due to its procetion level."
View 1 Replies
Sep 26, 2011
I am automating an application login using vbscript.[code]after this, there is a security pop up which asks for user name and password.I dont want to disable the pop-up. Rather i want to be able to put user id and password in to it.which MSDN has provided for handling extra windows(This for development rather than for automation I guess) but does not work out.`objIE.Document.GetElementByID..also does not work out becuse the pop-up does not come under 'Document' object. it comes directly under objIE, but could not find anything to handle it.
View 1 Replies
Dec 17, 2010
I want to use PKI public and private encryption for authentication to allow for a more streamlined and secure application access control system. Any help in the generation of certificate and authentication will be useful. One more question, can i use System.Security.Cryptography.X509Certificates class for the same?
View 1 Replies
Jan 29, 2011
I am developing and application in vb.net winxp+ (windows xp upwards). The application has to receive backup data from clients software located at different pc over the Internet. but am concerned about security of this application on the Internet. what would be the best way to implement security in vb.net 2008 to make sure that the data is not sniffed or interfere with?
am thinking of encrypting the data before sending, saving it that way until it need to be viewed before decrypting. what type of encryption would you suggest? Is there any other way you would suggest this data be sent?
View 2 Replies
Feb 8, 2012
im finish my application and im finish ex�cutable the my application. and my question he's, if posible somebady want open my executable the my application with vb.2008.is that posible
View 1 Replies
Jan 23, 2010
What kind of security has to be built into the application if it is connecting to a remote database server, mail server, on the company network/over a WAN?
View 9 Replies
Aug 18, 2009
I wish to implement some role based security in my application. Has anyone got any links with some usefull info on this subject.
View 2 Replies
Oct 15, 2010
Through COM, one can potentially gain absolute control over a target system. For example: using javascript's ActiveXObject object in IE, one can create certain objects which were designed to have direct access or interaction with system properties and files.One would think common sense dictates users disable ActiveX features in IE immediately after installing the browser to ensure their system is protected while surfing the net, or at least paying close attention to which websites they permit. But, I doubt many average PC users know how or why to do this, or just get tired of mirco-managing it over time. I think any PC user or admin my COM class caters to would greatly appreciate not having to deal with that. Thankfully it looks like IE versions come packaged with ActiveX disabled by default nowadays.
I've built a very versatile COM class library in VB. I didn't intend for it to be callable from any website, but that feature is just part of the COM platform. I'd like to prevent the library from being called from IE unless the website is on a white-listed domain to proactively protect the user (and ultimately their entire intranet) from harm from malicious websites. What would be the best method in VB.Net to tell which application called my DLL, to be able to tell if it was called from any command or process originating from IE? And, what domain called my dll? System.Environment.GetCommandLineArgs()(0) gets me the calling application path. With this info, I can compare it to a black/white-list of applications.
View 2 Replies
Apr 7, 2011
I am having an issue with the sitemap control, I have added the hierarchical levels within the web.sitemap file and added the sitemap control to the various masterpages. I have however two homepages which can be viewed depending on the user of the system.
Is there any way to define two sitemap structures within this web.sitemap file or can I just create another sitemap file?
View 1 Replies
Jul 23, 2009
I have built a MVC website on IIS6. I used the built-in ASP.NET Security without Membership, just the way it was implemented in the template solution. It is easy to secure a contoller or action, but now I need to expose the user management to an admin logged into the site. I understand that the builtin ASP controls for doing this are not "best practice" and are a dog to get working. So what is the best practice for offering user management through a ASP.NET MVC application?
I considered using the Entity Framework and wireing it up to the myriad of stored procs. but that seems awkward. I see options for AccountMembershipService and FormsAuthenticationService. That is what the existing project account controller uses. But, I am not fimilliar with either.I can't help but think that this should have already been there from the project template. This is a fundamental part of any website and you were given 15%, why not the rest?
View 5 Replies
Mar 5, 2012
We are in the process of upgrading to WIN7 support and finding issues with the existing impersonant security model we previously used. So i am looking for suggestions before we hit the code.Application ABC.exe is running on a PC with restricted permissions
View 15 Replies
Feb 21, 2012
I have been trying to open the following XML file in VB.NET using the Linq library.
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="http://wegotflash.com/sitemap.xsl"?>
<urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
[code]....
The code that I'm using works with normal XML files, but whenever I add the xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" attribute to the root node, nothing is getting returned by the application. Here is the VB.NET code that is reading the XML file:
Dim XMLFile As XDocument = XDocument.Load(TextBox1.Text)
For Each url As XElement In XMLFile.Descendants("url")
[code]....
View 1 Replies
Sep 27, 2011
When I try to run my DLL in Autocad, I got the message below.Application attempted to perform an operation not allowed by the security policy. To grant this application the required permission, contact your.I know there are many threads on this error, but Im not sure about one thing.Can I resolved this on our FilesServer or I have to do something on each computers that will use the DLL ?
View 3 Replies
Jun 10, 2011
Counting days independent of system calander ?
View 1 Replies
Jun 10, 2011
I want to add a feature to my trial version of the application. After first activation, I want to make it limited to 90 days. But I am concerned about user's changing the date of system hence deceiving my application. Is there any possibility to make it fool proof in a way that even if user takes the calender back, application expires after 90 days of first activation? First activation date has been saved in the database.
View 2 Replies
Apr 28, 2009
Out of 70 users of my application 2 are getting the following message when they to run the application... That assembly does not allow partially trusted callers. The reason for the error is that by default .net applications run from a network location have limited permissions. You need to use caspol.exe to add the network folder where your application is being run from to the Trusted Zone. If you do a search on these forums you will find plenty examples of how to do this. It is fairly simple. It will have to be done on every machine that will be running the application and a simple cmd file can be made to do this. The only difference is that I've asked our service desk to install the application to the local C drive which I believe they did.
View 10 Replies
Sep 5, 2011
I need to implement, Controls Based Security in a Windows Forms Application using VB.NET. I tried google but did not get anything much to work with.
I would like if someone, could suggest some books or tutorials.
View 1 Replies
Mar 5, 2011
I am using asp.net sitemap with the in-built asp.net menu but this is very 'dull'. I want to apply CSS and jQuery to give it a better visual look and feel. I have read various articles based on [URL]
Is there any examples or tutorials similar to this which are FREE?
View 2 Replies
Nov 9, 2009
System.NullReferenceException: Object reference not set to an instance of an object. Making the Sitemap.CurrentNode work in my code is oddly a problem. I haven't figured out how to list code on STOF yet. so here is the code that will easily be displayed. [Code]
View 2 Replies
Jun 7, 2011
I have already asked about the problem in java forum.Now i think the solution is only possible through microsoft products.Problem is i want to get the handle of a application and send commands to that application.Is it possible commands are send to combo box , text area, buttons etc..
View 2 Replies
Jun 10, 2010
This error occurs when I want to add my app to the startup keys
My.Computer.Registry.LocalMachine.OpenSubKey("SOFTWAREMicrosoftWindowsCurrentVersionRun", True).SetValue(Application.ProductName, app)
[code].....
View 1 Replies
Jan 30, 2011
On our site, we have our sitemap in this order:
SiteName > SelectedProject > Path > To > Page
Where SiteName takes you to the very root page which is primarily to select a project and SelectedProject takes you to the project's homepage.Currently, in the Web.sitemap file, SelectedProject has a static name. How can I rename it to the name of the selected project, which can be obtained from Session("PRJ")? I'd strongly prefer any code behind to be given in VB.NET, not C#.
View 1 Replies
Jan 13, 2010
i have a custom SiteMapProvider which I populate from a database. I also have a custom SiteMapNode which has to be constructed with a custom Page argument.[code]Should I return false in AuthorizeCore() to have everything work according to default authorization protocols? (What are these?) Or should I throw my exception.SiteMap.CurrentNode is Null / Nothing (in AuthorizeCore()) if the page which is requested is not accessible to the user (obviously). How should I change my implementation? I want to keep the functionality that the Page objects are only loaded once, so I need to store them somewhere.
View 1 Replies
Aug 20, 2009
I have a dynamic website that shows articles. Any article can have sub articles and sub articles can have sub articles etc. I have wrote a routine that recursively goes through the data creating a new sitemap xml file. My problem is this:-
Art1
SubArt1a
SubArt1aa
[code].....
View 7 Replies
Jun 1, 2010
I am writing a small visual basic application to install clean up tools quickly on any machines that we need to work on here at my workplace. I am using 4-5 cleanup programs that I have packaged into MSI's and have batch scripts that I am calling in my visual basic application to run them as silent installs. However, because I am doing the silent installs, windows always pops up with the "open file - security warning" and I have to click run for each individual program. I am wondering how to get around this from my end within the application. I know it can be disabled in windows but I am not wanting to have to go through a process on every machine that I run this program on. I would like to find a fix on the back end in my script.
View 2 Replies
Mar 17, 2010
I have a Visual Basic.Net Windows Forms application to which I am considering adding the WebBrowser control. I'm assuming that the PC's on which this application will ultimately be deployed/installed will have the latest Windows (XP, Vista, or 7) updates, a firewall, and an Internet security suite installed/running.
With this deployment environment in mind, does the WebBrowser control make my application or the deployment PC vulnerable to any significant security risks? Are there any programming issues that should be addressed to eliminate potential security risks when using the WebBrowser control?
View 1 Replies
Jun 13, 2011
I am making changes to my companies internal paysite in order to come into compliance with the new credit card regulations. We have decided that when we get a split tender transaction that comes through we want to get the remaining balance along with how much was on the card to start out with and send that info back to the customer service rep with a message relaying the need for another payment source along with the remaining balance and the amount that was originally on the card.
Instead of chaining the transactions together with the split tender Id we have decided we would like to finalize each split tender transaction with a prior_auth_capture and then request the next payment source and amount and process that transaction in the same manner. I know that we are side stepping the functionality some but those are my orders.
My questions are, is this feasible and possible and how do you do this in code? I am using the C# SDK to implement this in VB.NET 2008
My thoughts are that I would have to process the transaction for the amount passed as a auth_capture transaction and then some how do the prior_auth_transaction with a zero amount or something?
View 1 Replies
Apr 25, 2010
I am not capable of creating different users that have different authorization using vb.net.
View 5 Replies
May 8, 2009
I need to validate a basic authorization header that is being sent to my HttpListener in VB.NET. I'm grabbing the header like so (feel free to point out better ways to do this as well):
EncodedAuth = Context.Request.Headers.GetValues("Authorization")(1)
Now how do I decode them? I understand the theory but I can't seem to find the right code.
View 1 Replies
