Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)

June 25, 2013, 4:04 pm

≫ Next: private and public key authentication

≪ Previous: Question about the ASP.NET Web Site Administration Tool

I am using .net Framework 4.5. The following piece of code works fine when i run through Visual Studio on my machine. It also works fine when deployed onto my local IIS 7.5(Windows 7). However on deploying the same to one of the dev boxes having the similar .net 4.5 framework (Windows 2008 Server R2) an exception is thrown. Below are the details of the exception and the line where it is thrown. To be brief i have used both webclient and httpwebrequest classes to post the request however the exception seems to be consistent. Any post operation to any website fails on deployed code

Code snippet

WebClient wc = new WebClient();

string postbody = "test";

string response="";
try
{
response = Encoding.ASCII.GetString(wc.UploadData("http://internalservice/abc", Encoding.ASCII.GetBytes(postbody)));

//EXCEPTION THROWN ON wc.UploadData
}

EXception Details:-

Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)

Stack Trace:

[FileLoadException: Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)]
   System.Net.HttpWebRequest.GetResponse() +0
   System.Net.WebClient.GetWebResponse(WebRequest request) +25
   System.Net.WebClient.DownloadBits(WebRequest request, Stream writeStream, CompletionDelegate completionDelegate, AsyncOperation asyncOp) +245
   System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request) +247

[WebException: An exception occurred during a WebClient request.]
   System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request) +490
   System.Net.WebClient.UploadData(Uri address, String method, Byte[] data) +252
   OdataDemo.Controllers.CaseSearchController.MakeWamSSoCall(XElement xconfig) +467

↧

private and public key authentication

July 16, 2013, 2:12 am

≫ Next: Do you need Anonymous Authentication for the Allow Anonymous Attribute?

≪ Previous: Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)

I want to upload files in to the SFTP server using public key authentication. I cant use any 3rd party tools. I have store my public key in the server and my private key store in my local machine. I want to upload and download files to server using public key authentication. I got to know that I can exchange keys using Diffie-Hellman Key exchange algorithm. but I don't have much idea about authenticated socket using public key. if anyone have done this before please help me.

↧

Do you need Anonymous Authentication for the Allow Anonymous Attribute?

July 30, 2013, 3:47 pm

≫ Next: Access denied to write in folders

≪ Previous: private and public key authentication

Do you need Anonymous Authentication turned on to use the AllowAnonymous authentication attribute in MVC4? I could not tell from this article: http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx

Thank you.

↧

Access denied to write in folders

July 15, 2013, 4:41 pm

≫ Next: RoleName always empty when adding role to CreateUserWizard

≪ Previous: Do you need Anonymous Authentication for the Allow Anonymous Attribute?

Hi all,

I have a asp.net 4.0 application that create PDF files with ITextSharp and upload files. The application also use authentication forms. In my Web.Config I create the security rules for authorization and authentication. When I test the application in my machine, all works perfectly, but when I publish the application and try to upload files or create PDFs the application send me to login page, as if the user not have permisions to access this folders. My ISP use impersonate.

The Upload folder are inside "Contenido" Folder.

The PDF Folders are in root.

Can someone help me?

Here I show part of my web config.

The user which I Connect has "OPER" Role

↧

RoleName always empty when adding role to CreateUserWizard

July 10, 2013, 10:31 am

≫ Next: how to create user with create user wizard using ms access database

≪ Previous: Access denied to write in folders

Hi,

first, sorry if this kind of problem ever asked and solved somewhere else, I couldn't found it.

I try to add role when registering a user.

But when I'm trying to add the user to the roles I always get an error message saying that the rolename is empty.

Here is my code, mostly taken from default register.aspx.

<asp:CreateUserWizard ID="RegisterUser" runat="server" EnableViewState="false"
        OnCreatedUser="RegisterUser_CreatedUser" DisplayCancelButton="True"
        LoginCreatedUser="False"><LayoutTemplate><asp:PlaceHolder ID="wizardStepPlaceholder" runat="server"></asp:PlaceHolder><asp:PlaceHolder ID="navigationPlaceholder" runat="server"></asp:PlaceHolder></LayoutTemplate><WizardSteps><asp:CreateUserWizardStep ID="RegisterUserWizardStep" runat="server"><ContentTemplate>
                      .....<p><asp:Label ID="UserRoleLabel" runat="server" AssociatedControlID="UserRole">Role:</asp:Label><asp:DropDownList ID="UserRole" runat="server" Width="320px"></asp:DropDownList><asp:RequiredFieldValidator ID="RoleRequired" runat="server" ControlToValidate="UserRole"
                                        CssClass="failureNotification" ErrorMessage="Role is required" ToolTip="Set the role to the user"
                                        ValidationGroup="RegisterUserValidationGrou">*</asp:RequiredFieldValidator></p>
                      .....</ContentTemplate><CustomNavigationTemplate></CustomNavigationTemplate></asp:CreateUserWizardStep></WizardSteps></asp:CreateUserWizard>

The code createduser event

        protected void RegisterUser_CreatedUser(object sender, EventArgs e)
        {
            string cUserName     = ((TextBox)RegisterUser.CreateUserStep.ContentTemplateContainer.FindControl("UserName")).Text;
            string cRole = ((DropDownList)RegisterUser.CreateUserStep.ContentTemplateContainer.FindControl("UserRole")).SelectedValue;

            Roles.AddUserToRole(cUserName, cRole);
        }

The problem is cRole is always empty, even I'm sure that the role in dropdown list has value.

Thanks in advance for the help.

↧

how to create user with create user wizard using ms access database

July 3, 2013, 5:37 pm

≫ Next: Login from external site (ASP.NET MVC 3.0)

≪ Previous: RoleName always empty when adding role to CreateUserWizard

hello,

i just want to know how to create a new user, using create user wizard.

i have created a page and using create user wizard control but after entering data and submitting, i am getting error that havnt specified sql control string..

i am using ms access database.

help me please

↧

Login from external site (ASP.NET MVC 3.0)

July 30, 2013, 3:38 am

≫ Next: webforms or mvc? whichone is better in security?

≪ Previous: how to create user with create user wizard using ms access database

Hi all,

My caseis:I havetwo sites,one with accesstocustomers(private)and a public. I need to be ableto loginfromthepublic to the privatesite.To do this Iadded the appropriate fields (userand password) and I send it with a POST operation to the private site as follows:

CookieContainer cookies = new CookieContainer();

                //Request login page to get a session cookie
                GETHtml(returnUrl, cookies, returnUrl);

                //Now we can do login
                Login(model.UserName, model.Password, cookies, returnUrl);
                return Redirect(@"http://privada/");

        public string GETHtml(string url, CookieContainer cookies, string returnUrl)
        {
            HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
            webRequest.CookieContainer = cookies;
            webRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.21022;";
            webRequest.Referer = returnUrl;

            using (HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse())
            {
                //We need to add any response cookies to our cookie container
                cookies.Add(webResponse.Cookies);

                using (var stream = new StreamReader(webResponse.GetResponseStream()))
                    return stream.ReadToEnd();
            }
        }

        public bool Login(string Username, string Password, CookieContainer cookies, string returnUrl)
        {
            string poststring = string.Format("UserName={0}&Password={1}&btn-acceder.x=63&btn-acceder.y=13&btn-acceder=login",
                                        Username, Password);
            byte[] postdata = Encoding.UTF8.GetBytes(poststring);

            HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(returnUrl);
            webRequest.CookieContainer = cookies;
            webRequest.Method = "POST";
            webRequest.Referer = returnUrl;
            webRequest.Headers.Add("origin", @"http://privada/");
            webRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.21022;";
            webRequest.ContentType = "application/x-www-form-urlencoded";
            webRequest.ContentLength = postdata.Length;
            using (Stream writer = webRequest.GetRequestStream())
                writer.Write(postdata, 0, postdata.Length);

            using (HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse())
            {
                //We need to add any response cookies to our cookie container
                cookies.Add(webResponse.Cookies);

                //Only for debug
                using (var stream = new StreamReader(webResponse.GetResponseStream()))
                    System.Diagnostics.Debug.WriteLine(stream.ReadToEnd());

                return (webResponse.StatusCode == HttpStatusCode.OK);
            }
        }

However, the sessiondoes not appear withprivateWeb access.Does anyone know whatI'mdoing wrong orcan guide me?

I am usingASP.NetMVC3.0

Thank you very muchin advance,

Jose

↧

webforms or mvc? whichone is better in security?

August 4, 2013, 10:45 am

≫ Next: How to allow mutiple user login in asp.net website?

≪ Previous: Login from external site (ASP.NET MVC 3.0)

I just want say a thing : "please give a functional answer".

thanks alot

↧

How to allow mutiple user login in asp.net website?

August 3, 2013, 9:15 am

≫ Next: change passwordformat from hashed to encrypted

≪ Previous: webforms or mvc? whichone is better in security?

Recently I have developed one project for small scale industry. where I am facing some problem wth user login. i hosted that application via IIS in one machine. their system are connected through LAN.

I have two role:

ADMIN
USER

The problem is when the admin login to the system, the user couldn't able to login to this application.

could anyone solve this issue.? or suggest me what changes are needed in web.config file.

↧

change passwordformat from hashed to encrypted

August 4, 2013, 12:06 pm

≫ Next: System.Web.Providers.Entities.MembershipEntity - how do I use this type with ASP.NET Membership functionality?

≪ Previous: How to allow mutiple user login in asp.net website?

I'm trying to change password format from hashed to enrypted in order to enable password retrieval. My questions are:

if I changed password format from hashed to enrypted, can user still login using their existing password?

If user can login, if they they changed password, is the changed new password format enrypted?

↧

System.Web.Providers.Entities.MembershipEntity - how do I use this type with ASP.NET Membership functionality?

August 3, 2013, 8:38 pm

≫ Next: Authentication config is being ignored.

≪ Previous: change passwordformat from hashed to encrypted

How do I use an EntityFramwork 4.0 MembershipProvider as the default for my System.Web.Security.Membership.Provider values?

I like the way the MembershipEntity allows me to get more properties in this type versus the regular System.Web.Security.MembershipUser. How can I use this type, in fact, all of the Entity types in System.Web.Providers.Entities look much more transparent when it comes to sharing properties versus the older MembershipUser type. So I want to migrate to this new method. Is it officially available and how do I go about this?

Edit: If Microsoft doesn't want me using this type why in the hell are they exposing it as a public type? I want some answers.

↧

Authentication config is being ignored.

August 3, 2013, 7:44 am

≫ Next: Forms authentication and User Roles

≪ Previous: System.Web.Providers.Entities.MembershipEntity - how do I use this type with ASP.NET Membership functionality?

Hello, I have this configuration in my web.config for authentication:

It was working fine until today when it started to redirecting me to /default.aspx instead /Pages/Home.aspx (the value which is set as you can see). I assume that my authentication config is beign ignored and is getting the defaults values because is redirecting me to /default.aspx which is a default value of defaultUrl. Why is happening this? How can I fix it??

↧

Forms authentication and User Roles

August 5, 2013, 11:43 am

≫ Next: url address protection

≪ Previous: Authentication config is being ignored.

I am completely lost on what I need to do to create a secure login. Can someone give me a step by step for what I'm trying to do?

Heres the breakdown....

The standard user needs to login to access either a "request" page or a "history" page. Additional pages for managers will be "pending" and "approval" pages.

There is a central users database that holds all the username/passwords. But the database was not designed to have roles for this app so the roles will have to be applied within the project.

I have NO IDEA where to begin, or what all needs to be done to accomplish this.

Any help is appreciated.

Thanks

↧

url address protection

August 1, 2013, 10:48 pm

≫ Next: Cannot get Createwizard validation to fire

≪ Previous: Forms authentication and User Roles

I have created a service oriented application. Every company that registers on my web applicaiton is given a unique id which I tied to a url which they would embed no their site.

Example of url is

http://servicewebapp.com/Client/customerid

my challenge is I am looking for a way that my client (i.e companies that registered on my service oriented application) can have some privacy. cos if a malicious user views the html on their site he could view the url and get their company user id (customerid).

Please how can I mask the url so that the user id for every registered company is not known to a common browser and still redirect them to my app.

Thanks alot

↧

Cannot get Createwizard validation to fire

August 5, 2013, 11:43 am

≫ Next: Ask for User Credentials

≪ Previous: url address protection

I cannot get CreateWizard Validation to fire for UserName, password to fire. When entering data each validation error message displays but when the CreateUserButton is clicked the data good or bad is written into the membershipdb. I converted the Login module to a template. Can I call the validation in the C# code behind in for the UnamedCreateUser event? Is the information written to the membershipdb before the code behind envent is executed?

Thank you

↧

Ask for User Credentials

August 5, 2013, 7:11 pm

≫ Next: Token management in WCf

≪ Previous: Cannot get Createwizard validation to fire

Hello,

I have a web application and I deployed in IIS. When user open that link, I want user to enter Credentials which will validate against Active Directory of my company.

Here, It is a single sign-on application. I have not mention any security in Web.config except Authentication mode=Windows.

What is the logic behind this ?

↧

Token management in WCf

August 6, 2013, 2:57 am

≫ Next: HTTP Error 404.0 - Not Found

≪ Previous: Ask for User Credentials

how do i check access token in my wcf service ihave created a httphandler for that but how do i save access token. any help appriciated

↧

HTTP Error 404.0 - Not Found

August 5, 2013, 11:17 pm

≫ Next: Authentication Problem

≪ Previous: Token management in WCf

I have my website online but it's throwing me this error:

HTTP Error 404.0 - Not Found

I made it so you need to login to access the pages, but instead of redirecting me to the right pages, it's throwing this error.

/Account/Login?ReturnUrl=%2f

Instead of Account/Login? it should be Login.aspx?ReturnUrl

How do I change where it's being redirected?

↧

Authentication Problem

August 6, 2013, 5:24 am

≫ Next: How to determine if user has access to controller method based on Auth attribute

≪ Previous: HTTP Error 404.0 - Not Found

I already posted this problem to the IIS Forum, but maybe someone in this forum can also help me.

Here our Problem: We're using IIS 7.5 on Windows Server 2008 and ASP.NET v4.0.

We created a website for our intranet which accesses Active Directory (AD) and an SQL Server.

We tested the scripts belonging to this website by running them manually (they worked without problems).

But since we put the website on our server we have authorization problems. (authentication methods => Windows Authentication and ASP.NET Impersonation, because the scripts on the server should run with the permissions of the logged in user.)

The scripts should create a new AD user but we always get the error "Access denied".

Notice that domain admins could access the website and are able to create AD users manually (scripts worked with domain admin account)

I forgot to say that the used scripts are bases on powershell scripts and located in a project subdirectory on the server.

The user group and the application pools have permission to use these scripts. This means that the error "Access denied" is really caused by the powershell script trying to create an user on the AD.

The ApplicationPool for this website is called "test" and runs as ApplicationPoolIdentity in Classic pipeline mode.

We already looked for the reason of this problem on different websites but couldn't find a solution.

It looks like the process keeps running as "test" which of course doesn't have the permissions to create an AD user.

If possible, we don't want to set up a specific user somewhere in IIS.

We tried this in ASP.NET Impersonation but this didn't work either. Is there a way to run all processes belonging to this website as the currently logged in user?

What do we need to do in order to pass the authenticated users permissions to our scripts?

Thanks for any kind of help Laughing

PS: Reading from the AD or the SQL server is no problem, so there is no connection problem but a permission problem.

↧

How to determine if user has access to controller method based on Auth attribute

August 5, 2013, 8:49 pm

≫ Next: WebForms or MVC?

≪ Previous: Authentication Problem

I'm using Auth[] attributes on my controller methods to control access to those methods. I would like to determine programmatically if a user has access to a method so that I can be proactive, rather than let mvc raise a login box when a user doesn't have access. Although redirecting to the login page seems to make perfect sense, it doesn't make for very good usability to display a bunch of stuff the user doesn't have access to.

Is it possible to do something like this?

//this is pseudo code

If (user.HasAccess("some controller method")){

//do something

}

↧