Search results matching tag 'Authorization'

Re: delete and edit confirmation

aquaren — Sat, 05 Dec 2009 05:00:00 GMT

The best way to implement this is to authenticate the user before they get to the page that contains the grid view. If the user is not authorized to edit or delete, either conditionally hide the column that contains those buttons, or do not allow them access to the page. This will improve the use experience dramatically. The last thing a user wants is to be repeatedly prompted for credentials.

The request failed with HTTP status 401: Unauthorized while calling CRM Dynamics web service

Kbergeron — Wed, 18 Nov 2009 05:00:00 GMT

We got a little very tricky probleme while calling the CRM Dynamics web service. There the code we try to run :

(Got some probleme to provide the code please see this post to to it : http://social.microsoft.com/Forums/en-US/crm/thread/5bf62780-cb26-41d5-9f4a-1f41d593e6a2)

The point is that this code work perfectly in a consol app but when we do the call in our WCF web service application an 401 exception occure. Pleae not that the test are made on the same machine with exactly the same code and with the same crn address (the one from the crm dynamic discovery service) and the same WSDL reference.


Please help!

Couldnot load file or assembly, authorization WCSF

shinus — Fri, 13 Nov 2009 05:00:00 GMT

Hi.
In my web application i tried to implement authorization using WCSF.
but when i run the application , i am getting this error,

Could not load file or assembly 'Microsoft.Practices.EnterpriseLibrary.Security, Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

for the line
globalServices.AddNew<EnterpriseLibraryAuthorizationService, IAuthorizationService>();

of AddGlobalServices method in ShellModuleInitializer class.
Please see the configuration section for authorization in config file,

securityConfiguration defaultAuthorizationInstance="RuleProvider" defaultSecurityCacheInstance="">
<authorizationProviders>
<add type="Microsoft.Practices.EnterpriseLibrary.Security.AuthorizationRuleProvider, Microsoft.Practices.EnterpriseLibrary.Security, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="RuleProvider">
<rules>
<add expression="R:Admin" name="AllowViewAdministration" />
</rules>
</add>
</authorizationProviders>
</securityConfiguration>

After reading articles related to this error i found out that i have two versions of the same dll installed in my system. Microsoft.Practices.EnterpriseLibrary.Security Version=4.1.0.0 installed with Enterprise library and
Microsoft.Practices.EnterpriseLibrary.Security Version=3.1.0.0 installed with web client software factory.
Is this making the problem?
If yes, then what is the solution?

Authentication and authorization

karads008 — Thu, 12 Nov 2009 05:00:00 GMT

Hi,

I have an ASP.NET web appllication(deployed in web server) which will communicate with WCF service(in appserver)

and in turn WCF service will communicate with database(database server) and give the data back to the application.Earlier i was using membership feature of asp.net for authentication and authorization in web application. To keep up with our architecture, web server can not access database directly, so i moved memberhsip feature from web application to WCF service.Now how do i need to implement authentication and authorization in web application for this scenario?

i am a beginner in asp.net..so if anyone have any idea about this pls help me..or pls direct me to a proper article.

thanks in advance!!

Creating custom application privileges in AD

bdm782 — Thu, 05 Nov 2009 05:00:00 GMT

I'm working on an application that will need to utilize a bunch of custom privileges that will be granted to various users of the application. So for instance, there will be privileges in the app like:

print reports
update profile data
create new reports
delete reports
add users

and so on (there are about 20-30 distinct privileges specific to the application).

We would like to be able to manage these privileges for users in Active Directory by groups or somesuch manner.

What is the best way to implement this in Active Directory?

One idea that has been kicked around was to add these as custom attributes by modifying the active directory schema. Is that really the best way to go, or are there alternatives?

thanks, Bob

how to add roles?

jeremyzb — Tue, 27 Oct 2009 04:00:00 GMT

Hi all,

how can I add roles in web.config or in database, then the following codes works.

[Authorize(Users="aa")]

[Authorize(Roles="admin")]

thanks

Grant access to Signup.aspx

KenNichols — Tue, 27 Oct 2009 04:00:00 GMT

When I use the following in my web.config file it will not allow access to my Signup.aspx. How do I grant everyone access so that new users can sign up?

<authentication mode="Forms">
      <forms loginUrl="Login.aspx">
      </forms>
</authentication>

  <authorization>
      <deny users="?"/>
  </authorization>

Re: how to check a roles

bhadelia.imran — Wed, 14 Oct 2009 04:00:00 GMT

You need to add few configuration in your web.config

<location path="Admin/ManageUser.aspx">
  <system.web>
    <authorization>
      <allow roles="SiteAdmin"/>
      <allow roles="Superuser"/>
      <deny users="*" />
    </authorization>
  </system.web>
</location>

This mean, you are allowing user who has SiteAdmin or Superuser role to access ManageUser page, rest will get logged off.

Authorizing (accessing) a specific portion (portal) of web site

janabasim — Tue, 29 Sep 2009 04:00:00 GMT

Hi Gurus!

My client want the admin portion of the website to be accessible only with in his own local network (intranet) while the website should be hosted on a single webserver.

Well solution I found so far is that:

Verify the IP address of the request and perform authorization based on that IP address.

I am looking for something more efficent and secure, please let me know your expert thoughts.

problem displaying protected pages after login using forms and roles

jayirvin — Thu, 17 Sep 2009 04:00:00 GMT

My web site has been modeled after the asp.net personel starter kit since it came out. I'm now running asp.net 3.0 and IIIS 7.

I am trying to protect the web pages in a folder named Memberpages using roles.The role name Friends. Logging into my web site has allways gave me access to the Admin folder. Loggin in has allways givin me access to photo albums marked private.

I have followed every step I can find on M/S technet for setting up authentication and authorization using roles. IIS has put a web.config file in the directory Memberpages. However after loggin in to my web site as an administrator or a friend I cannot view the pages in the Memberpages directory.

I have tryed everything I can find in any help files but I cannot set it up so i can view index.htm in the Meberspages director after loggin in. I am redirected to the login page or I get a page cannot be displayed error.

does anyone know of a problem that can prevent forms auth from renduring a requested page after login even when enabled on IIS7, both forms and roles

this is what i have in the web.config file in the memberspages folder

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Deny" users="?" />
                <add accessType="Allow" roles="Friends" />
            </authorization>
        </security>
    </system.webServer>
    <location path="index.htm">
        <system.webServer>
            <security>
                <authorization>
                    <add accessType="Allow" roles="Friends" />
                </authorization>
            </security>
        </system.webServer>
    </location>
</configuration>