Search Results

Search found 13454 results on 539 pages for 'ws security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 290/539 | < Previous Page | 286 287 288 289 290 291 292 293 294 295 296 297  | Next Page >

  • silverlight 3: long running wcf call triggers 401.1 (access denied)

    - by sympatric greg
    I have a wcf service consumed by a silverlight 3 control. The Silverlight client uses a basicHttpBindinging that is constructed at runtime from the control's initialization parameters like this: public static T GetServiceClient<T>(string serviceURL) { BasicHttpBinding binding = new BasicHttpBinding(Application.Current.Host.Source.Scheme.Equals("https", StringComparison.InvariantCultureIgnoreCase) ? BasicHttpSecurityMode.Transport : BasicHttpSecurityMode.None); binding.MaxReceivedMessageSize = int.MaxValue; binding.MaxBufferSize = int.MaxValue; binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; return (T)Activator.CreateInstance(typeof(T), new object[] { binding, new EndpointAddress(serviceURL)}); } The Service implements windows security. Calls were returning as expected until the result set increased to several thousand rows at which time HTTP 401.1 errors were received. The Service's HttpBinding defines closeTime, openTimeout, receiveTimeout and sendTimeOut of 10 minutes. If I limit the size of the resultset the call suceeds. Additional Observations from Fiddler: When Method2 is modified to return a smaller resultset (and avoid the problem), control initialization consists of 4 calls: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:200 (1.25 seconds) When Method2 is configured to return the larger resultset we get: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:401.1 (7.5 seconds) Service1/Method2 -- result:401.1 (15ms) Service1/Method2 -- result:401.1 (7.5 seconds)

    Read the article

  • Internal bug tracking tickets - Redmine, Trac, or JIRA

    - by Tai Squared
    I've been looking at setting up Redmine, Trac, or JIRA to track issues. I want to be able to have my development team create internal tickets that are never seen by clients, while clients can create/edit tickets that are seen by the internal team. From the Trac documentation, you can set permissions to create or view tickets, but it doesn't seem to allow for viewing only certain tickets. It may be possible with Trac Fine Grained Permissions, but doesn't appear so. The Redmine documentation mentions: Define your own roles and set their permissions in a click but doesn't appear to have the level of granularity. From the JIRA documentation: At the moment JIRA is only able to support security at a project level or issue level. Currently there is no field level security available. According to this question, Redmine doesn't support internal tickets, so you would have to use multiple projects. I don't want a situation where I would have to create multiple projects - one internal, one external and have the external tickets brought into the internal repository. It seems as this would lead to unnecessary overhead and inevitably, the projects wouldn't be in sync. Is there any way with any of these products (possibly through a plug-in if not in the core product itself) to specify these permissions, or simplify having two projects with different users and permissions that must still share information?

    Read the article

  • nhibernate error recovery

    - by Berryl
    I downloaded Rhino Security today and started going through some of the tests. Several that run perfectly in isolation start getting errors after one that purposely raises an exception runs though. Here is that test: [Test] public void EntitesGroup_CanCreate() { var group = _authorizationRepository.CreateEntitiesGroup("Accounts"); _session.Flush(); _session.Evict(group); var fromDb = _session.Get<EntitiesGroup>(group.Id); Assert.NotNull(fromDb); Assert.That(fromDb.Name, Is.EqualTo(group.Name)); } And here are the tests and error messages that fail: [Test] public void User_CanSave() { var ayende = new User {Name = "ayende"}; _session.Save(ayende); _session.Flush(); _session.Evict(ayende); var fromDb = _session.Get<User>(ayende.Id); Assert.That(fromDb, Is.Not.Null); Assert.That(ayende.Name, Is.EqualTo(fromDb.Name)); } ----> System.Data.SQLite.SQLiteException : Abort due to constraint violation column Name is not unique [Test] public void UsersGroup_CanCreate() { var group = _authorizationRepository.CreateUsersGroup("Admininstrators"); _session.Flush(); _session.Evict(group); var fromDb = _session.Get<UsersGroup>(group.Id); Assert.NotNull(fromDb); Assert.That(fromDb.Name, Is.EqualTo(group.Name)); } failed: NHibernate.AssertionFailure : null id in Rhino.Security.Tests.User entry (don't flush the Session after an exception occurs) Does anyone see how I can reset the state of the in memory SQLite db after the first test? I changed the code to use nunit instead of xunit so maybe that is part of the problem here as well. Cheers, Berryl

    Read the article

  • Asp.net web forms, Asp Identity - how to store claims from Facebook, Twitter, etc

    - by user2959352
    This request is based upon the new Visual Studio 2013 integration of Asp.net Identity stuff. I have seen some of the posts regarding this question for MVC, but for the life of me cannot get it to work for standard Web Forms. What I'm trying to do is populate the AspNetUserClaims table from the claims that I get back from Facebook (or other service). I actually can see the values coming back in the OnAuthenticated below, but cannot for the life of me figure out how to add these claims to the context of the currently logged in user? There are literally hundreds of MVC examples surrounding this, but alas no Web Forms examples. This should be completely straightforward, but for some reason I cannot match up the context of the currently logged in user to the claims and credentials coming back from Facebook. Currently after the OnAuthenticated fires, it obviously returns me to the page (RegisterExternalLogin.aspx) as the built-in example provides. However, the claims are gone, the context of the login to Facebook is gone, and I can't do anything else at this point. So the ultimate question is, HOW does one populate the claims FROM Facebook into the AspNetUserClaims table based upon the context of the currently logged in user WITHOUT using MVC? var fboptions = new FacebookAuthenticationOptions(); fboptions.AppId = "xxxxxxxxxxxxxxxxxxx"; fboptions.AppSecret = "yyyyyyyyyyyyyyyyyyyyyy"; fboptions.Scope.Add("email"); fboptions.Scope.Add("friends_about_me"); fboptions.Scope.Add("friends_photos"); fboptions.Provider = new FacebookAuthenticationProvider() { OnAuthenticated = (context) => { foreach (var v in context.User) { context.Identity.AddClaim(new System.Security.Claims.Claim(v.Key, v.Value.ToString())); } context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken)); return Task.FromResult(0); }, }; app.UseFacebookAuthentication(fboptions);

    Read the article

  • What is the difference between using MD5.Create and MD5CryptoServiceProvider?

    - by byte
    In the .NET framework there are a couple of ways to calculate an MD5 hash it seems, however there is something I don't understand; What is the distinction between the following? What sets them apart from eachother? They seem to product identical results: public static string GetMD5Hash(string str) { MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); byte[] bytes = ASCIIEncoding.Default.GetBytes(str); byte[] encoded = md5.ComputeHash(bytes); StringBuilder sb = new StringBuilder(); for (int i = 0; i < encoded.Length; i++) sb.Append(encoded[i].ToString("x2")); return sb.ToString(); } public static string GetMD5Hash2(string str) { System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create(); byte[] bytes = Encoding.Default.GetBytes(str); byte[] encoded = md5.ComputeHash(bytes); StringBuilder sb = new StringBuilder(); for (int i = 0; i < encoded.Length; i++) sb.Append(encoded[i].ToString("x2")); return sb.ToString(); }

    Read the article

  • Approach for replacing forms authentication in .NET application

    - by Ash Machine
    My question is about an approach, and I am looking for tips or links to help me develop a solution. I have an .NET 4.0 web forms application that works with Forms authentication using the aspnetdb SQL database of users and passwords. A new feature for the application is a new authentication mechanism using single sign on to allow access for thousands of new users. Essentially, when the user logs in through the new single-sign-on method, I will be able to identify them as legitimate users with a role. So I will have something like HttpContext.Current.Session["email_of_authenticated_user"] (their identity) and HttpContext.Current.Session["role_of_authenticated_user"] (their role). Importantly, I don't necessarily want to maintain these users and roles redundantly in the aspnetdb database which will be retired, but I do want to use the session objects above to allow the user to pass through the application as if they were in passing through with forms authentication. I don't think CustomRoleProviders or CustomMemberProviders are helpful since they do not allow for creating session-level users. So my question is how to use the session level user and role that I do have to "mimic" all the forms authentication goodness like enforcing: [System.Security.Permissions.PrincipalPermission(System.Security.Permissions.SecurityAction.Demand, Role = "Student")] or <authorization> <allow users="wilma, barney" /> </authorization> Thanks for any pointers.

    Read the article

  • Flash - Uploading to and Downloading from localhost

    - by Md Derf
    I have an online flash application that acts as a front end for a server application built in delphi. The server can be installed/used on a remote computer or a personal version can be downloaded and the Flash app pointed at localhost to use it. However, Flash has issues with using the POST and GET functions on the localhost, which makes uploading data files and downloading results files difficult. To get past the difficulty with downloading results files I'm planning to just have the server app serve the results file as an attachment and have the Flash app open the address of the file up in another browser window using external interface. First off, is this likely to cause similar security issues? I.E. Flash will see "localhost" in the external interface call and stop it from working the same as when I try to use POST/GET functions with localhost? Secondly, for upload this seems just a bit little trickier, I'm planning on doing something similar, having flash use external interface to open a php script for a file upload. Is this feasible and, again, will Flash still have security issues? Lastly, if anyone knows how to get flash to execute POST and GET functions with localhost addresses, I'd love to have that information to avoid all this jumping through hoops.

    Read the article

  • SQL Server 2008 - Login failed for user 'user1' The user is not associated with a trusted SQL Server connection

    - by difek
    I have installed SQL Server 2008 R2 on Windows XP. In installation process I selected 'SQL Server and Windows Authentication Mode' When I click right button of the mouse in SQL Server Management Studio on Server - Security tab 'SQL server and Windows Authentication Mode' is selected. But when I click on my Database - Properties - View connection properties Authentication Method is set on Windows Authentication. To my database was added one user1 with password user1. But I can't log in to my database from C# (Visual Studio 2008) because error occurs: Login failed for user 'user1' The user is not associated with a trusted SQL Server connection What isn't right ? When I get: string connectionStr = @"Data Source=rmzcmp\SQLExpress;Initial Catalog=ResourcesTmp;Integrated Security=True"; I have following error: {"Cannot open database \"ResourcesTmp\" requested by the login. The login failed.\r\nLogin failed for user 'RMZCMP\rm'."} rm is my original user name on which I log in to my computer. When I get rm I have error: {"Login failed for user 'rm'. The user is not associated with a trusted SQL Server connection."} again. Regards

    Read the article

  • SqlCe odd results why? -- Same SQL, different results in different apps. Issue with

    - by NitroxDM
    When I run this SQl in my mobile app I get zero rows. select * from inventory WHERE [ITEMNUM] LIKE 'PUMP%' AND [LOCATION] = 'GARAGE' When I run the same SQL in Query Analyzer 3.5 using the same database I get my expected one row. Why the difference? Here is the code I'm using in the mobile app: SqlCeCommand cmd = new SqlCeCommand(Query); cmd.Connection = new SqlCeConnection("Data Source="+filePath+";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); cmd.Connection.Open(); SqlCeDataReader tmpRdr = cmd.ExecuteReader(); if (tmpRdr.Read()) tmpTable.Load(tmpRdr); tmpRdr.Close(); cmd.Connection.Close(); return tmpTable; UPDATE: For the sake of trying I used the code found in one of the answers found here and it works as expected. So my code looks like this: SqlCeConnection conn = new SqlCeConnection("Data Source=" + filePath + ";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); SqlCeDataAdapter AD = new SqlCeDataAdapter(Query, conn); AD.Fill(tmpTable); The issue appears to be with the SqlCeDataReader. Hope this helps someone else out!

    Read the article

  • Login for webapp, needs to be availible for supportstaff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". 1. Authorized licenseholders which does all setup themselves. 2. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want's us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support, we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • struts datagrid problem - can't solve this problem

    - by shien-angel
    i am creating datagrid using the struts-layout. and i encountered this problem javax.servlet.ServletException: DispatchMapping[/monitor/datagridBL]???????????????????? at org.apache.struts.actions.DispatchAction.getParameter(DispatchAction.java:325) at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:170) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at jp.terasoluna.fw.web.struts.action.RequestProcessorEx.process(RequestProcessorEx.java:149) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at jp.co.anicom.fw.web.common.controller.RequestEncodeFilter.doFilter(RequestEncodeFilter.java:42) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at jp.co.anicom.fw.web.common.controller.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:89) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) i have been looking for ways on how to solve this. would somebody help me please...

    Read the article

  • Make PasswordRecovery control work with locked out users ?

    - by Moe Sisko
    Example scenario in an ASP.NET application using SQL Server membership provider : 1) a user can't remember their exact password, and tries many times in a short space of time to login with an invalid password (say 5 times in a 10 minute window). This locks out the user (i.e. sets the IsLockedOut flag of the aspnet_Membership table to 1). 2) user goes to the "forgot my password" screen to try to get a new password emailed to them. This screen uses the PasswordRecovery control. User enters their correct user id, but then cannot go further in the password recovery process, since the IsLockedOut flag is 1. (They don't even get to see their security question). 3) The user would then have to phone tech support to get themselves unlocked etc. To reduce the burden on support staff, we are trying to eliminate step 3) if possible, by making the PasswordRecovery control (if possible), work with locked out users. i.e. when they enter their login ID, the security question comes up, and IF they enter the correct answer, the system will unlock the user, then send the new email to them. I'm wondering if it is possible to tweak the PasswordRecovery control to do this. Or maybe I'm approaching this the wrong way ?

    Read the article

  • When connecting SAP Business One to SQL Server 2005, what is the

    - by Nick
    we have SAP Business One - Fourth Shift Edition running here at a small manufacturing company. The consulting company that has come in to do the installation/implementation uses the "sa" id/pass to initially connect to the database to get the list of companies. From then on, I have to assume that its the sa id/pass that is being used to connect the client software to the database. Is this appropriate? I dont know where this data is being stored... as an ODBC connection? directly in the registry somewhere? Is it secure? Would it be better to set the users network ID in the database security and then use the "trusted connection" setting instead? Or do most people create a separate login in the database for each user and use that in the client settings? seems like the easiest way would be to add the users network login to the sql server security so they can use the "trusted connection"... but then wouldn't that allow ANY software to connect to the database from that machine? So anyways: what are the best-practices for setting this up?

    Read the article

  • I have got this error : Failed to create InitialContext using factory specified in hashtable

    - by user85121
    I just want to add a servlet in web.xml, like this : <servlet> <display-name>AxisJMSServlet</display-name> <servlet-name>JMSListener</servlet-name> <servlet-class>com.sinosoft.prpall.web.jms.JMSListenServlet</servlet-class> <load-on-startup>110</load-on-startup> </servlet> Everything is just fine, and when i started my programs, I got this : javax.naming.NoInitialContextException: Failed to create InitialContext using factory specified in hashtable [Root exception is java.lang.NullPointerException] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:258) at javax.naming.InitialContext.initializeDefaultInitCtx(InitialContext.java:318) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:348) at javax.naming.InitialContext.internalInit(InitialContext.java:286) at javax.naming.InitialContext.<init>(InitialContext.java:211) at org.apache.axis.components.jms.JNDIVendorAdapter.getConnectionFactory(JNDIVendorAdapter.java:85) at org.apache.axis.components.jms.JNDIVendorAdapter.getQueueConnectionFactory(JNDIVendorAdapter.java:55) at org.apache.axis.transport.jms.JMSConnectorFactory.createConnector(JMSConnectorFactory.java:227) at org.apache.axis.transport.jms.JMSConnectorFactory.createServerConnector(JMSConnectorFactory.java:156) at com.sinosoft.prpall.web.jms.JMSListenServlet.init(JMSListenServlet.java:60) at javax.servlet.GenericServlet.init(GenericServlet.java:241) at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64) at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58) at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48) at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539) at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1981) at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1955) at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1874) Can anybody tell me what is going on ?

    Read the article

  • How can I programatically create this custom binding?

    - by user277040
    We've got to access a web service that uses soap11... no problem I'll just set the binding as: BasicHttpBinding wsBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential); Nope. No dice. So I asked the host of the service why we're having authentication issues and he said that our config needed to have this custom binding: <bindings> <customBinding> <binding name="lbinding"> <security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Strict" includeTimestamp="false" requireDerivedKeys="true" keyEntropyMode="ServerEntropy"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport authenticationScheme ="Negotiate" requireClientCertificate ="false" realm =""/> </binding> </customBinding> </bindings> Only problem is we're creating our binding programmatically not via the config. So if someone could point me in the right direction in regards to changing my BasicHttpBinding into a custombinding that conforms to the .config value provided I'll give them a big shiny gold star for the day.

    Read the article

  • UAC need for console application

    - by Daok
    I have a console application that require to use some code that need administrator level. I have read that I need to add a Manifest file myprogram.exe.manifest that look like that : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"> </requestedPrivileges> </security> </trustInfo> </assembly> But it still doesn't raise the UAC (in the console or in debugging in VS). How can I solve this issue? Update I am able to make it work if I run the solution in Administrator or when I run the /bin/*.exe in Administrator. I am still wondering if it's possible to have something that will pop when the application start instead of explicitly right clickRun as Administrator?

    Read the article

  • max file upload size change in web.config

    - by Christopher Johnson
    using .net mvc 3 and trying to increase the allowable file upload size. This is what I've added to web.config: <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules runAllManagedModulesForAllRequests="true"> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" /> </modules> <handlers> <add name="Elmah" path="elmah.axd" verb="POST,GET,HEAD" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" /> </handlers> <security> <requestFiltering> <requestLimits maxAllowedContentLength="104857600"/> </requestFiltering> </security> *ignore the elmah stuff. it's still not allowing file sizes larger than 50MB and this should allow up to 100MB no? any ideas?

    Read the article

  • Create an SQL Express 2008 database in C# code, but login fails when trying to connect with a sysadm

    - by Andrés Gonzales
    I have a piece of code that creates an SQL Server Express 2008 in runtime, and then tries to connect to it to execute a database initialization script in Transact-SQL. The code that creates the database is the following: private void CreateDatabase() { using (var connection = new SqlConnection( "Data Source=.\\sqlexpress;Initial Catalog=master;" + "Integrated Security=true;User Instance=True;")) { connection.Open(); using (var command = connection.CreateCommand()) { command.CommandText = "CREATE DATABASE " + m_databaseFilename + " ON PRIMARY (NAME=" + m_databaseFilename + ", FILENAME='" + this.m_basePath + m_databaseFilename + ".mdf')"; command.ExecuteNonQuery(); } } } The database is created successfully. After that, I try to connect to the database to run the initialization script, by using the following code: private void ExecuteQueryFromFile(string filename) { string queryContent = File.ReadAllText(m_filePath + filename); this.m_connectionString = string.Format( @"Server=.\SQLExpress; Integrated Security=true;Initial Catalog={0};", m_databaseFilename); using (var connection = new SqlConnection(m_connectionString)) { connection.Open(); using (var command = connection.CreateCommand()) { command.CommandText = queryContent; command.CommandTimeout = 0; command.ExecuteNonQuery(); } } } However, the connection.Open() statement fails, throwing the following exception: Cannot open database "TestData" requested by the login. The login failed. Login failed for user 'MYDOMAIN\myusername'. I am completely puzzled by this error because the account I am trying to connect with has sysadmin privileges, which should allow me to connect any database (notice that I use a connection to the master database to create the database in the first place).

    Read the article

  • How to set connection string dynamically in NHibernate

    - by jcreddy
    Hi I want assign connection string for NHibernate using following code and getting exception (bold). log4net.Config.DOMConfigurator.Configure(); Configuration config = new Configuration(); IDictionary props = new Hashtable(); props["hibernate.connection.provider"] = "NHibernate.Connection.DriverConnectionProvider"; props["hibernate.dialect"] = "NHibernate.Dialect.MsSql2000Dialect"; props["hibernate.connection.driver_class"] = "NHibernate.Driver.SqlClientDriver"; props["hibernate.connection.connection_string"] = @"Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Sample;Data Source=HYDHTC92318D\SQLEXPRESS"; props["hibernate.connection.current_session_context_class"] = "web"; props["hibernate.connection.show_sql"] = "true"; props["hibernate.connection.proxyfactoryfactory.factory_class"] = "NHibernate.ByteCode.Castle.ProxyFactoryFactory, NHibernate.ByteCode.Castle"; foreach (DictionaryEntry de in props) { config.SetProperty(de.Key.ToString(), de.Value.ToString()); } config.AddAssembly("nhibernator"); factory = config.BuildSessionFactory(); session = factory.OpenSession(); The ProxyFactoryFactory was not configured. Initialize 'proxyfactory.factory_class' property of the session-factory configuration section with one of the available NHibernate.ByteCode providers. Example: NHibernate.ByteCode.LinFu.ProxyFactoryFactory, NHibernate.ByteCode.LinFu Example: NHibernate.ByteCode.Castle.ProxyFactoryFactory, NHibernate.ByteCode.Castle Please let me know the solution. Regards JCReddy

    Read the article

  • SiteMap control based on user roles doesn't works

    - by nCdy
    <siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/> .... any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes. but if I do HttpContext.Current.User.IsInRole("Administrator") it shows me if user in Administrator role or not. web config : <authentication mode="Forms"/> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20"> <providers> <add connectionStringName="FlowWebSQL" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"/> </providers> </membership> <roleManager enabled="true" defaultProvider="SqlProvider"> <providers> <add connectionStringName="FlowWebSQL" name="SqlProvider" type="System.Web.Security.SqlRoleProvider" /> </providers> </roleManager>

    Read the article

  • Allowing Google to bypass CAPTCHA verification - sensible or not?

    - by edanfalls
    My web site has a database lookup; filling out a CAPTCHA gives you 5 minutes of lookup time. There is also some custom code to detect any automated scripts. I do this as I don't want someone data mining my site. The problem is that Google does not see the lookup results when it crawls my site. If someone is searching for a string that is present in the result of a lookup, I would like them to find this page by Googling it. The obvious solution to me is to use the PHP variable $_SERVER['HTTP_USER_AGENT'] to bypass the CAPTCHA and custom security code for the Google bots. My question is whether this is sensible or not. People could then use Google's cache to view the lookup results without having to fill out the CAPTCHA, but would Google's own script detection methods prevent them from data mining these pages? Or would there be some way for people to make $_SERVER['HTTP_USER_AGENT'] appear as Google to bypass the security measures? Thanks in advance.

    Read the article

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • How to minor updates to Drupal-6 with shared hosting

    - by marty.fried
    I've got Drupal working on a shared host, and I uploaded some modules from my home system successfully, but I've got the message that there is a security update for my version, and I should update immediately. I'm not sure how I'm supposed to do that. It seems like the update is an entire new installation. I originally installed it using the hosting company's installer, Fantastico. Should I simply over-write the existing installation with the new files? Or ignore the message? I realize I shouldn't over-write the sites folder, or anything I've modified. The instructions that come with the download seem to be for a major version upgrade, and are way too much trouble for frequent security updates. Searching Drupal's site shows many other methods, but no indication of anything official. And some were ridiculously error-prone, and not really useful. I don't have shell access to the hosting site, although I can pay extra to get it if I really need to. Or, maybe I can clone the site on my local Linux system, do the update using a script, then upload the whole thing. Does anyone have experience with this situation?

    Read the article

  • Editing a .class file directly, playing around with opcodes

    - by echox
    Hi, today I just tried to play a little bit around with the opcodes in compiled java class file. After inserting iinc 1,1 the java virtual machine responds with: Exception in thread "main" java.lang.ClassFormatError: Truncated class file at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) at java.lang.ClassLoader.defineClass(ClassLoader.java:616) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) at java.net.URLClassLoader.defineClass(URLClassLoader.java:283) at java.net.URLClassLoader.access$000(URLClassLoader.java:58) at java.net.URLClassLoader$1.run(URLClassLoader.java:197) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) Could not find the main class: Test. Program will exit. This is my example source code: public class Test { public static void main(String[] args) { int i = 5; i++; i++; i++; System.out.println("Number: " + i + "\n"); } } The opcode for an increment is 0x84 + 2 bytes for operands. There's only one section in the resulting class file, which contains 0x84: [..] 8401 0184 0101 8401 01[..] So I would translate this as: iinc 1,1 iinc 1,1 iinc 1,1 corresponding to my i++; i++; i++; I then tried to append just 840101 to increment the variable once more, but that didn't work and resulted in the ClassFormatError. Is there anything like a checksum for the class file? I looked up the format of a classfile in http://java.sun.com/docs/books/jvms/second_edition/html/ClassFile.doc.html but could not find anything which points out to some kind of bytes_of_classfile or something. I also don't understand why the error is "Truncated Class File", because I did append something :-) I know its not a good idea to edit class files directly, but I'm just interested on the VM internals here.

    Read the article

  • "Downloading" a computed value form JavaScript

    - by Travis Jensen
    I'm hoping you can prove me wrong here (please, please, please! ;). I have a situation where I need to download encrypted data from a Server D (for "Data"). Server K (for "Key") has the encryption key. For security sake, I would really prefer that Server D never know the key that Server K knows. What I want is my client (e.g. your browser) to connect to Server D for the data and Server K for the key and doe the decryption locally so the unencrypted stuff never leaves your computer. I can do this fine for text areas in the dom by replacing the contents of the HTML. However, sometimes, I would like to do larger files that I stream to the file system. For instance, perhaps I want to encrypt a movie and decrypt it and stream the contents to the my video player. I am not a JavaScript guru by any stretch, especially when it comes to the edge cases of things like the security sandbox. For Small D, I can handle the decryption, but I don't know how to save the decrypted file. Large D seems problematic as memory runs out. Anybody have any ideas that don't involve native plugins? Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 286 287 288 289 290 291 292 293 294 295 296 297  | Next Page >