Search Results

Search found 994 results on 40 pages for 'logon'.

Page 35/40 | < Previous Page | 31 32 33 34 35 36 37 38 39 40  | Next Page >

• LogonUser using LOGON32_LOGON_NEW_CREDENTIALS works against remote untrusted domain machine

  - by Jiho Han

  So between the two machines, there is no trust - they are in different domains. I've successfully connected to the remote machine using LogonUser API using logon type, *LOGON32_LOGON_NEW_CREDENTIALS*. I am able to retrieve the content of a directory using the UNC share, and create a file stream to "download" the file. So far so good. The only issue is that it seems, LogonUser fails unless there is an already open session. Let me clarify that. I found that the ASP.NET MVC page was not working this morning, specifically the page that retrieves the file list from this remote machine using LogonUser. I look at the log and I see in the stacktrace, *System.IO.__Error.WinIOError* above Directory.GetFiles call. I then remoted into the web server and tried to open the remote folder in the explorer using the same login/password used by the web site. It went through and I could see the files. I opened up the command prompt, type in net use, and I see that there is an open connection to the remote machine. Then I went back to the page and suddenly the page is working again. So, at this point, I am not exactly sure if the LogonUser is working as expected or not. If the call requires that a network connection opened first by other means, then this is certainly not satisfactory. Does anyone know what may be happening or suggest a workaround?

  Read the article

• C# Active Directory - Check username / password

  - by Michael G

  I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain. public Object IsAuthenticated() { String domainAndUsername = strDomain + @"\" + strUser; DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass); SearchResult result; try { //Bind to the native AdsObject to force authentication. DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") }; search.PropertiesToLoad.Add("givenName"); // First Name search.PropertiesToLoad.Add("sn"); // Last Name search.PropertiesToLoad.Add("cn"); // Last Name result = search.FindOne(); if (null == result) { return null; } //Update the new path to the user in the directory. _path = result.Path; _filterAttribute = (String)result.Properties["cn"][0]; } catch (Exception ex) { return new Exception("Error authenticating user. " + ex.Message); } return user; } the target is using .NET 3.5, and compiled with VS 2008 standard I'm logged in under a domain account that is a domain admin where the application is running. The code works perfectly on windows XP; but i get the following exception when running it on Vista: System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated() at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated() I've tried changing the authentication types, I'm not sure what's going on. See also: http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory

  Read the article

• Forms authentication, ASP.NET MVC and WCF RESTful service

  - by J F

  One test webserver, with the following applications service.ganymedes.com:8008 - WCF RESTful service, basically the FormsAuth sample from WCF Starter Kit Preview 2 mvc.ganymedes.com:8008 - ASP.NET MVC 2.0 application web.config for service.ganymedes.com: <authentication mode="Forms"> <forms loginUrl="~/login.aspx" timeout="2880" domain="ganymedes.com" name="GANYMEDES_COOKIE" path="/" /> </authentication> web.config for mvc.ganymedes.com: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" domain="ganymedes.com" name="GANYMEDES_COOKIE" path="/" /> </authentication> Trying my darndest, a GET (or POST for that matter) via jQuery's $.ajax or getJson does not send my cookie (according to Firebug), so I get HTTP 302 returned from the WCF service: Request Headers Host service.ganymedes.com:8008 User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729) Accept application/json, text/javascript, */* Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Referer http://mvc.ganymedes.com:8008/Test Origin http://mvc.ganymedes.com:8008 It's sent when mucking about on the MVC site though: Request Headers Host mvc.ganymedes.com:8008 User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729) Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Referer http://mvc.ganymedes.com:8008/Test Cookie GANYMEDES_COOKIE=0106A4A666C8C615FBFA9811E9A6C5219C277D625C04E54122D881A601CD0E00C10AF481CB21FAED544FAF4E9B50C59CDE2385644BBF01DDD4F211FE7EE8FAC2; GANYMEDES_COOKIE=D6569887B7C5B67EFE09079DD59A07A98311D7879817C382D79947AE62B5508008C2B2D2112DCFCE5B8D4C61D45A109E61BBA637FD30315C2D8353E8DDFD4309 I also put the exact same settings in both applications' web.config files (self-generated validationKey and decryptionKey).

  Read the article

• Implementation review for a MVC.NET app with custom membership

  - by mrjoltcola

  I'd like to hear if anyone sees any problems with how I implemented the security in this Oracle based MVC.NET app, either security issues, concurrency issues or scalability issues. First, I implemented a CustomOracleMembershipProvider to handle the database interface to the membership store. I implemented a custom Principal named User which implements IPrincipal, and it has a hashtable of Roles. I also created a separate class named AuthCache which has a simple cache for User objects. Its purpose is simple to avoid return trips to the database, while decoupling the caching from either the web layer or the data layer. (So I can share the cache between MVC.NET, WCF, etc.) The MVC.NET stock MembershipService uses the CustomOracleMembershipProvider (configured in web.config), and both MembershipService and FormsService share access to the singleton AuthCache. My AccountController.LogOn() method: 1) Validates the user via the MembershipService.Validate() method, also loads the roles into the User.Roles container and then caches the User in AuthCache. 2) Signs the user into the Web context via FormsService.SignIn() which accesses the AuthCache (not the database) to get the User, sets HttpContext.Current.User to the cached User Principal. In global.asax.cs, Application_AuthenticateRequest() is implemented. It decrypts the FormsAuthenticationTicket, accesses the AuthCache by the ticket.Name (Username) and sets the Principal by setting Context.User = user from the AuthCache. So in short, all these classes share the AuthCache, and I have, for thread synchronization, a lock() in the cache store method. No lock in the read method. The custom membership provider doesn't know about the cache, the MembershipService doesn't know about any HttpContext (so could be used outside of a web app), and the FormsService doesn't use any custom methods besides accessing the AuthCache to set the Context.User for the initial login, so it isn't dependent on a specific membership provider. The main thing I see now is that the AuthCache will be sharing a User object if a user logs in from multiple sessions. So I may have to change the key from just UserId to something else (maybe using something in the FormsAuthenticationTicket for the key?).

  Read the article

• Is an LSA MSV1_0 subauthentication package needed for some impersonation use cases?

  - by Chris Sears

  Greetings, I'm working with a vendor who has implemented some code that uses a Windows LSA MSV1_0 subauthentication package (MSDN info if you're interested: http://msdn.microsoft.com/en-us/library/aa374786(VS.85).aspx ) and I'm trying to figure out if it's necessary. As far as I can tell, the subauthentication routine and filter allow for hooking or customizing the standard LSA MSV1_0 logon event processing. The issue is that I don't understand why the vendor's product would need these capabilities. I've asked them and they said they use it to perform impersonation. The product definitely does need to do impersonation, but based on my limited win32 knowledge, they could get the functionality they need using the normal auth APIs (LsaLogonUser, ImpersonateLoggedOnUser, etc) without the subauthentication package. Furthermore, I've worked with a number of similar products that all do impersonation, and this is the only one that's used a subauthentication package. If you're wondering why I would care, a previous version of the product had a bug in the subauthentication package dll that would cause lockups or bluescreens. That makes me rather nervous and has me questioning the use of such a low-level, kernel sensitive interface. I'd like to go back to the vendor and say "There's no way you could need an LSA subauth package for impersonation - take it out", but I'm not sure I understand the use cases and possible limitations of the standard win32 authentication/impersonation APIs well enough to make that claim definitively. So, to the win32 security gurus out there, is there any reason you would need an LSA MSV1_0 subauthentication package if all you were doing is impersonation? Thanks in advance for any thoughts!

  Read the article

• Oracle JDBC intermittent Connection Issue

  - by Lipska

  I am experiencing a very strange problem This is a very simple use of JDBC connecting to an Oracle database OS: Ubuntu Java Version: 1.5.0_16-b02 1.6.0_17-b04 Database: Oracle 11g Release 11.1.0.6.0 When I make use of the jar file JODBC14.jar it connects to the database everytime When I make use of the jar file JODBC5.jar it connects some times and other times it throws an error ( shown below) If I recompile with Java 6 and use JODBC6.jar I get the same results as JODBC5.jar I need specific features in JODB5.jar that are not available in JODBC14.jar Any ideas Error Connecting to oracle java.sql.SQLException: Io exception: Connection reset at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:74) at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:110) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:171) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:227) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:494) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:411) at oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:490) at oracle.jdbc.driver.T4CConnection.(T4CConnection.java:202) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:474) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:171) at TestConnect.main(TestConnect.java:13) Code Below is the code I am using import java.io.; import java.sql.; public class TestConnect { public static void main(String[] args) { try { System.out.println("Connecting to oracle"); Connection con=null; Class.forName("oracle.jdbc.driver.OracleDriver"); con=DriverManager.getConnection( "jdbc:oracle:thin:@172.16.48.100:1535:sample", "JOHN", "90009000"); System.out.println("Connected to oracle"); con.close(); System.out.println("Goodbye"); } catch(Exception e){e.printStackTrace();} } }

  Read the article

• certificate issues running app in windows 7 ?

  - by Jurjen

  Hi, I'm having some problems with my App. I'm using 'org.mentalis.security' assembly to create a certificate object from a 'pfx' file, this is the line of code where the exception occurs : Certificate cert = Certificate.CreateFromPfxFile(publicKey, certificatePassword); this has always worked and still does in production, but for some reason it throws an exception when run in windows 7 (tried it on 2 machines). CertificateException : Unable to import the PFX file! [error code = -2146893792] I can't find much on this message via google, but when checking the EventViewer I get an 'Audit Failure' every time this exception occurs: Event ID = 5061 Source = Microsoft Windows Security Task Category = system Integrity Keywords = Audit Failure Cryptographic operation. Subject: Security ID: NT AUTHORITY\IUSR Account Name: IUSR Account Domain: NT AUTHORITY Logon ID: 0x3e3 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: VriendelijkeNaam Key Type: User key. Cryptographic Operation: Operation: Open Key. Return Code: 0x2 ` I'm not sure why this isn't working on win 7, I've never had problems when I was running on Vista with this. I am running VS2008 as administrator but I guess that maybe the ASP.NET user doesn't have sufficient rights or something. It's pretty strangs that the 'Algorithm name' is 'Not Available' can anyone help me with this... TIA, Jurjen de Groot

  Read the article

• IE8 developer tools missing some styles

  - by Craig Warren

  Hi, I'm having some problems with some CSS properties in IE8. I've tested my site in IE7, Chrome and Firefox and they work fine but IE8 is having some layout issues. I inspect the developer tool option on ie8 and I've noticed that some of the properties I set in CSS are being ignored by ie8. For example: #header { position: relative; padding: 20px; height: 100px; background:url(header.png); } In this header IE8 ignored the height property: If I inspect the element in developer tools it is missing that property and it's crushed into another line: background:url;HEIGHT: 100PX The same thing happens for floats too: #logon { float: left; text-align:right; width:20%; height: 40px; padding-left: 0px; padding-right:7px; border:0; margin:0; background: url(navgradient.gif); } This ignores the float value: background: url(navgradient.gif); FLOAT:left; What is happening here and how can I fix it?

  Read the article

• LogonUser -> CreateProcessAsUser from a system service

  - by Josh K

  I've read all the posts on Stack Overflow about CreateProcessAsUser and there are very few resolved questions, so I'm not holding my breath on this one. But it seems like I'm definitely missing something, so it might be easy. The target OS is Windows XP. I have a service running as "Local System" from which I want to create a process running as a different user. For that user, I have the username and password, so LogonUser goes fine and I get a token for the user (in this case, an Administrator account.) I then try to use that token to call CreateProcessAsUser, but it fails because that token does not come with SeAssignPrimaryTokenPrivilege - however, it does have SeIncreaseQuotaPrivilege. (I used GetTokenInformation to dump all the privileges associated with that token.) According to the MSDN page for CreateProcessAsUser, you need both privileges in order to call CreateProcessAsUser successfully. It also says you don't need the SeAssignPrimaryTokenPrivilege if the token you pass in to CreateProcessAsUser() is a "restricted version of the calling process' primary token", which I can create with CreateRestrictedToken(), but then it will be associated with the Local System user and not the target user I'm trying to run the process as. So how would I create a logon token that is both a restricted version of the calling process' primary token, AND is associated with a different user? Thanks! Note that there is no need for user interaction in here - it's all unattended - so there's no need to do stuff like grabbing WINSTA0, etc.

  Read the article

• SQL Server 2008 Express Edition Connection Problem

  - by waqasahmed

  I have VS 2008 Professional Edition. After the installation (which included SQL Server 2008), I decided to install SQL Server 2008 Express Edition with Advanced Tools (so I could get SQL Server Management Studio on it). So I uninstalled the SQL Express that came with VS 2008, and installed the standalone SQL Server Express 2008 version with advanced tools. However, When I try to logon onto SQL Server Management Studio using: .\SQLEXPRESS as Server name and Windows Authentication as the authentication, I get the following message: TITLE: Connect to Server ------------------------------ Cannot connect to .\SQLEXPRESS. ------------------------------ ADDITIONAL INFORMATION: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1) For help, click: http//go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=-1&LinkId=20476 ------------------------------ BUTTONS: OK ------------------------------ Any suggestions on how to get it to work? I have tried disabling Windows Firewall as well and still no luck. I am using WIndows Vista and SQL Server 2008 Express SP1 Patch has also been applied recently.

  Read the article

• How can I disable the CTRL-ALT-DEL key combination completely on XP/Vista/7?

  - by Travesty3

  I have been googling extensively to figure this out, and nobody seems to be able to give a direct answer. Let me start by saying that I'm NOT talking about requiring CTRL-ALT-DEL to enter logon information. I'm working on a golf simulator program which is used at golf centers. I need the ability to completely disable the CTRL-ALT-DEL key sequence so that the golf center customers can't get out of the program and access the computer at all. I realize there are other key combinations that need to be handled as well, we already have this entire feature working in XP, but we're going to be switching to Windows 7 soon, and CTRL-ALT-DEL is the only one that doesn't seem to work in Win7. I'd really like an all-around solution if at all possible. This same program may also be installed on a client's personal computer for an in-home golf simulator, but the computers that really need this feature (golf center computers) are provided to the golf center by us, so would the best option be to write a new shell? I don't know anything about that at all, other than others that suggest writing a new shell for kiosk mode. I'd really like a simpler option, like modifying the registry in some way. I have heard that you can remove some buttons from the menu screen that pops up, but unless I can remove pretty much all of them (including the shutdown/restart button in the bottom-right corner), this won't be enough of a solution for me. Thanks for taking the time to read this and thanks again for any help you could provide! -Travis

  Read the article

• MVC 2 Data annotations problem

  - by Louzzzzzz

  Hi. Going mad now. I have a MVC solution that i've upgraded from MVC 1 to 2. It all works fine.... except the Validation! Here's some code: In the controller: using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Security.Principal; using System.Web; using System.Web.Mvc; using System.Web.Security; using System.Web.UI; using MF.Services.Authentication; using System.ComponentModel; using System.ComponentModel.DataAnnotations; namespace MF.Controllers { //basic viewmodel public class LogOnViewData { [Required] public string UserName { get; set; } [Required] public string Password { get; set; } } [HandleError] public class AccountController : Controller { [HttpPost] public ActionResult LogOn(LogOnViewData lvd, string returnUrl) { if (ModelState.IsValid) { //do stuff - IsValid is always true } } } } The ModelState is always valid. The model is being populated correctly however. Therefore, if I leave both username and password blank, and post the form the model state is still valid. Argh! Extra info: using structure map for IoD. Previously, before upgrading to MVC 2 was using the MS data annotation library so had this in my global.asax.cs: ModelBinders.Binders.DefaultBinder = new Microsoft.Web.Mvc.DataAnnotations.DataAnnotationsModelBinder(); Have removed that now. I'm sure i'm doing something really basic and wrong. If someone could point it out that would be marvellous. Cheers

  Read the article

• Accessing a file on a network drive

  - by Rekreativc

  Hello. Background: I have an application that has to read from files on a network drive (Z:) This works great in my office domain, however it does not work on site (in a different domain). As far as I can tell the domain users and network drives are set in the same way, however I do not have access to users etc in the customers domain. When I couldn't access the network drive I figured I needed a token for a user. This is how I impersionate the user: [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); ... const string userName = "Razvoj02"; const string pass = "Programer02"; const string domainName = null; const int LOGON32_PROVIDER_DEFAULT = 0; const int LOGON32_LOGON_INTERACTIVE = 2; IntPtr tokenHandle = new IntPtr(0); bool returnValue = LogonUser(userName, domainName, pass, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); if (!returnValue) throw new Exception("Logon failed."); WindowsImpersonationContext impersonatedUser = null; try { WindowsIdentity wid = new WindowsIdentity(tokenHandle); impersonatedUser = wid.Impersonate(); } finally { if (impersonatedUser != null) impersonatedUser.Undo(); } Now here is the interesting/weird part. In my network the application can already access the network drive, and if I try to impersonate the active user (exactly the same user, including the same domain) it will not be able to access the network drive. This leaves me helpless since now I have no idea what works and what doesn't, and more to the point, will it work on site? What am I missing?

  Read the article

• Active Directory login - DirectoryEntry inconsistent exception

  - by Pavan Reddy

  I need to validate the LDAP user by checking if there exists such a user name in the specified domain. For this I am using this code - DirectoryEntry entry = new DirectoryEntry("LDAP://" + strDomainController); DirectorySearcher searcher = new DirectorySearcher(entry); searcher.Filter = "SAMAccountName=" + strUserName; SearchResult result = searcher.FindOne(); return (result != null) ? true : false; This is a method in a class library which I intened to reference and use whereever I need this functionality in my project. To test this, I created a simple test application. The test occurs like this - Console.WriteLine(MyClassLib.MyValidateUserMethod("UserName", "Domain",ref strError).ToString()); The problem I am facing is that this works fine when I test it with my testapp but in my project, when I try to use the same method with the same credentials - The DirectoryEntry object throws an "System.DirectoryServices.DirectoryServicesCOMException" exception and the search.Filter fails and throws ex = {"Logon failure: unknown user name or bad password.\r\n"} exception. I have tried impersonation but that doesn't help. Somehow the same method works fine in mytestapp and doesn't work in my project. Both these applications are in my local dev machine. What am I missing? Any ideas?

  Read the article

• kohana project structure

  - by user176217

  Hello Guys. I'm investigating using Kohana for my next project. The site will consist of user registration (and hence user profiles) where users will have certain privileges. The site will also have an admin section where administrators can go to say block a user or delete a post or look at usage statistics for example. A good comparison site would be a multi-user blog, where each blogger depending on her/his permissions can post/edit/delete blogs...just as an example. Firstly, I'm not sure about how to set up the controller/view structure in order to separate the admin section from the front facing site. I'm using Kohana 3, so I was thinking of a controller structure like so: application/classes/controller/front (front facing)...and application/classes/controller/admin (for administrative section). Or I notice you may be able to use the Route class to set up routes, so I could set up an "admin" route. for example: www.example.com/admin will lead to the admin logon screen. www.example.com --- front controller. As well, can I somehow separate the "Admin" views and controllers from the "front facing" views and controllers like divide them up based on folder structure? Any help is very much appreciated. Thank you.

  Read the article

• Is there an event that raises after a View/PartialView executes in ASP.NET MVC 2 RC2?

  - by sabanito

  I have the following problem: We have an ASP.NET MVC 2 RC 2 application that programmatically impersonates an AD Account that the user specifies at logon. This account is used to access the DB. At first we had the impersonating code in the begin_request and we were undoing the impersonation at the end_request, but when we tried to use IIS 7.5 in integrated mode, we learned that it's not possible to impersonate in the Global.asax so we tried different things. We have succesfully moved our code from the BeginRequest to the ActionExecuting event and the EndRequest to the ResultExecuted, and now, about 80% of our code works. We've just discovered that since we're passing the Entity Framework objects as models for our views, there's this remaining 20% that won't work because some Navigation Properties are not loaded when the view begins it's execution, so we're getting connection exceptions from Sql Server. Is there any event or method that executes AFTER the view, so we can undo the impersonation in it? We thought ResultExecuted will do just that, but it doesn't. We've been told that passing the plain Entities into the view as models is not a good idea, but we have A LOT of views that may have this problem and there's not automated way to know it. If some of you could explain why it's not a good idea, maybe we can convince the team to fix it!

  Read the article

• How to share data between SSRS Security and Data Processing extension?

  - by user2904681

  I've spent a lot of time trying to solve the issue pointed in title and have no found a solution yet. I use MS SSRS 2012 with custom Security (based on Form Authentication and ClaimsPrincipal) and Data Processing extensions. In Data extension level I need to apply filter programmatically based on one of the claim which I have access in Security extension level only. Here is the problem: I do know how to pass the claim from Security to Data Processing extension code... What I've tried: IAuthenticationExtension.LogonUser(string userName, string password, string authority) { ... ClaimsPrincipal claimsPrincipal = CreateClaimsPrincipal(...); Thread.CurrentPrincipal = claimsPrincipal; HttpContext.Current.User = claimsPrincipal; ... }; But it doesn't work. It seems SSRS overrides it within either GenericPrincipal or FormsIdentity internally. The possible workaround I'm thinking about (but haven't checked it yet): 1. Create HttpModule which will create HttpContext with all required information (minus: will be invoke getting claims each time - huge operation) 2. Write to custom SQL table to store logged users information which is required for Data extension and then read it 3. try somehow to append to cookies due to LogOn and then read each time on IAuthenticationExtension.GetUserInfo and fill HttpContext None of them seems to be a good solution. I would be grateful for any help/advise/comments.

  Read the article

• ImpersonateLoggedOnUser and starting a new process that uses ocx fails.

  - by markus

  I write a c++ windows application (A), that uses LogonUser, LoadUserProfile and ImpersonateLoggedOnUser to gain the rights of another user (Y). Meaning the A starts using the user that is logged on on the workstation (X). If the user wants to elevate his rights he can just press a button and logon as another user without having to log himself out of windows and back in. The situation now is (according to the return values of the functions): LogonUser works, LoadUserProfile works and ImpersonateLoggedOnUser works as well. After the impersonation I start another process. This process is an application (B) that needs an OCX control. This fails and the application tells me that the .oxc file is not properly installed. The thing is, if I start B directly as the user that is logged on to the machine (X), it works. If I start B directly as the user (Y) to which I want to elevate my rights using A, it works. If I am logged in as (X) and choose "run as" (Y) in the explorer, it works! Do you know which steps I need to do to do the same as the "run as" dialog from windows?

  Read the article

• .NET MVC custom routing with empty parameters

  - by user135498

  Hi All, I have a .net mvc with the following routes: routes.Add(new Route( "Lookups/{searchtype}/{inputtype}/{firstname}/{middlename}/{lastname}/{city}/{state}/{address}", new RouteValueDictionary( new { controller = "Lookups", action = "Search", firstname = (string)null, middlename = (string)null, lastname = (string)null, city = (string)null, state = (string)null, address = (string)null, SearchType = SearchType.PeopleSearch, InputType = InputType.Name }), new MvcRouteHandler()) ); routes.Add(new Route( "Lookups/{searchtype}/{inputtype}", new RouteValueDictionary( new { controller = "Lookups", action = "Search", firstname = "", middlename = "", lastname = "", city = "", state = "", address = "" }), new MvcRouteHandler()) ); routes.Add(new Route( "Lookups/{searchtype}/{inputtype}", new RouteValueDictionary( new { controller = "Lookups", action = "Search", firstname = "", middlename = "", lastname = "", city = "", state = "", address = "", SearchType = SearchType.PeopleSearch, InputType = InputType.Name }), new MvcRouteHandler()) ); routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Account", action = "LogOn", id = "" } // Parameter defaults ); The following request works fine: http://localhost:2608/Lookups/PeopleSearch/Name/john/w/smith/seattle/wa/123 main This request does not work: http://localhost:2608/Lookups/PeopleSearch/Name/john//smith//wa/ Not all requests will have all paramters and I would like empty parameters to be passed to the method as empty string or null. Where am I going wrong? The method: public ActionResult Search(string firstname, string middlename, string lastname, string city, string state, string address, SearchType searchtype, InputType inputtype) { SearchRequest r = new SearchRequest { Firstname = firstname, Middlename = middlename, Lastname = lastname, City = city, State = state, Address = address, SearchType = searchtype, InputType = inputtype }; return View(r); }

  Read the article

• Django formset unit test

  - by Py

  I can't running Unit Test with formset. I try to do a test: class NewClientTestCase(TestCase): def setUp(self): self.c = Client() def test_0_create_individual_with_same_adress(self): post_data = { 'ctype': User.CONTACT_INDIVIDUAL, 'username': 'dupond.f', 'email': '[email protected]', 'password': 'pwd', 'password2': 'pwd', 'civility': User.CIVILITY_MISTER, 'first_name': 'François', 'last_name': 'DUPOND', 'phone': '+33 1 34 12 52 30', 'gsm': '+33 6 34 12 52 30', 'fax': '+33 1 34 12 52 30', 'form-0-address1': '33 avenue Gambetta', 'form-0-address2': 'apt 50', 'form-0-zip_code': '75020', 'form-0-city': 'Paris', 'form-0-country': 'FRA', 'same_for_billing': True, } response = self.c.post(reverse('client:full_account'), post_data, follow=True) self.assertRedirects(response, '%s?created=1' % reverse('client:dashboard')) and i have this error: ValidationError: [u'ManagementForm data is missing or has been tampered with'] My view : def full_account(request, url_redirect=''): from forms import NewUserFullForm, AddressForm, BaseArticleFormSet fields_required = [] fields_notrequired = [] AddressFormSet = formset_factory(AddressForm, extra=2, formset=BaseArticleFormSet) if request.method == 'POST': form = NewUserFullForm(request.POST) objforms = AddressFormSet(request.POST) if objforms.is_valid() and form.is_valid(): user = form.save() address = objforms.forms[0].save() if url_redirect=='': url_redirect = '%s?created=1' % reverse('client:dashboard') logon(request, form.instance) return HttpResponseRedirect(url_redirect) else: form = NewUserFullForm() objforms = AddressFormSet() return direct_to_template(request, 'clients/full_account.html', { 'form':form, 'formset': objforms, 'tld_fr':False, }) and my form file : class BaseArticleFormSet(BaseFormSet): def clean(self): msg_err = _('Ce champ est obligatoire.') non_errors = True if 'same_for_billing' in self.data and self.data['same_for_billing'] == 'on': same_for_billing = True else: same_for_billing = False for i in [0, 1]: form = self.forms[i] for field in form.fields: name_field = 'form-%d-%s' % (i, field ) value_field = self.data[name_field].strip() if i == 0 and self.forms[0].fields[field].required and value_field =='': form.errors[field] = msg_err non_errors = False elif i == 1 and not same_for_billing and self.forms[1].fields[field].required and value_field =='': form.errors[field] = msg_err non_errors = False return non_errors class AddressForm(forms.ModelForm): class Meta: model = Address address1 = forms.CharField() address2 = forms.CharField(required=False) zip_code = forms.CharField() city = forms.CharField() country = forms.ChoiceField(choices=CountryField.COUNTRIES, initial='FRA')

  Read the article

• Fails proceeding after POSTing to web server

  - by OverTheRainbow

  Hello According to this question, it seems like the error "Too many automatic redirections were attempted" is caused when forgetting to use a cookiecontainer to connect to a web server that uses cookies to keep track of the user. However, even though I used "request.CookieContainer = MyCookieContainer", I'm still getting into an endless loop that is terminated by VB Express with this error message. Imports System.IO Imports System.Net 'Remember to add reference to System.Web DLL Imports System.Web Imports System.Text Public Class Form1 Const ConnectURL = "http://www.acme.com/logon.php" Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim request As HttpWebRequest = WebRequest.Create(ConnectURL) 'Build POST data request.Method = "POST" request.ContentType = "application/x-www-form-urlencoded" Dim Data As New StringBuilder Data.Append("Account=" + HttpUtility.UrlEncode("jdoe")) Data.Append("&Password=" + HttpUtility.UrlEncode("test")) Dim byteData() As Byte byteData = UTF8Encoding.UTF8.GetBytes(Data.ToString()) request.ContentLength = byteData.Length Dim postStream As Stream = Nothing Try postStream = request.GetRequestStream() postStream.Write(byteData, 0, byteData.Length) Finally If Not postStream Is Nothing Then postStream.Close() End Try 'Dim MyCookieContainer As New CookieContainer Dim MyCookieContainer As CookieContainer = New CookieContainer() request.CookieContainer = MyCookieContainer 'Makes no difference 'request.KeepAlive = True 'request.AllowAutoRedirect = True Dim response As HttpWebResponse 'HERE '"Too many automatic redirections were attempted" response = request.GetResponse() Dim reader As StreamReader = New StreamReader(response.GetResponseStream()) RichTextBox1.Text = reader.ReadToEnd End Sub End Class This is probably a newbie issue, but I don't know what else to try. Any idea? Thank you for any hint.

  Read the article

• MAPI find the contacts and calendar folder

  - by Rogier21

  In my outlook I have 1 exchange connection and 2 Personal Folders. I want to go fetch ALL items from the calendars and contacts so I use: /** * Create outlook application */ Outlook.Application oApp = new Outlook.Application(); Outlook.NameSpace oNS = oApp.GetNamespace("mapi"); oNS.Logon(Missing.Value, Missing.Value, true, true); /** * Loop through all the folders */ foreach (Outlook.MAPIFolder oFolder in oNS.Folders) { if (oFolder.Name == "Public Folders") { break; } /** * Get calendar items */ //Outlook.MAPIFolder oCalendar = oNS.GetDefaultFolder(Outlook.OlDefaultFolders.olFolderCalendar); Outlook.MAPIFolder oCalendar = oFolder.Folders[5]; Outlook.Items oCalendarItems = oCalendar.Items; //Outlook.MAPIFolder oContacts = oNS.GetDefaultFolder(Outlook.OlDefaultFolders.olFolderContacts); Outlook.MAPIFolder oContacts = oFolder.Folders[7]; Outlook.Items oContactItems = oContacts.Items; But this does not work oFolder.Folders[5] is not always 5 for the calendar, sometimes it's a different value. I cannot find the items by name oFolder.Folders["Calendar"]; because in Dutch the folder will be named "Agenda". Usually I use: Outlook.MAPIFolder oCalendar = oNS.GetDefaultFolder(Outlook.OlDefaultFolders.olFolderCalendar); But then I only get the default calendar. How can I get the other calendars?

  Read the article

• Global hotkey capture in VB.net

  - by ggonsalv

  I want to have my app which is minimized to capture data selected in another app's window when the hot key is pressed. My app definitely doesn't have the focus. Additionally when the hot key is pressed I want to present a fading popup (Outlook style) so my app never gets focus. At a minimum I want to capture the Window name, Process ID and the selected data. The app which has focus is not my application? I know one option is to sniff the Clipboard, but are there any other solutions. This is to audit the rate of data-entry in to another system of which I have no control. It is a mainframe emulation client program(attachmate). The plan is complete data entry in Application X. Select a certain section of the screen in App X which is proof of data entry (transaction ID). Press the Magic Hotkey, which then 'sends' the selection to my App. From System.environment or system.Threading I can find the Windows logon. Similiarly I can also capture the time. All the data will be logged to SQL. Once Complete show Outlook style pop up saying the data entry has been logged. Any thoughts.

  Read the article

• Exception calling UpdateModel - Value cannot be null or empty

  - by James Alexander

  This is probably something silly I'm missing but I'm definitely lost. I'm using .NET 4 RC and VS 2010. This is also my first attempt to use UpdateModel in .NET 4, but every time I call it, I get an exception saying Value cannont be null or empty. I've got a simple ViewModel called LogOnModel: [MetadataType(typeof(LogOnModelMD))] public class LogOnModel { public string Username { get; set; } public string Password { get; set; } public class LogOnModelMD { [StringLength(3), Required] public object Username { get; set; } [StringLength(3), Required] public object Password { get; set; } } } My view uses the new strongly typed helpers in MVC2 to generate a textbox for username and one for the password. When I look at FormCollection in my controller method, I see values for both coming through. And last but not least, here's are post controller methods: // POST: /LogOn/ [HttpPost] public ActionResult Index(FormCollection form) { var lm = new LogOnModel(); UpdateModel(lm, form); var aservice = new AuthenticationService(); if (!aservice.AuthenticateLocal(lm.Username, lm.Password)) { ModelState.AddModelError("User", "The username or password submitted is invalid, please try again."); return View(lm); } return Redirect("~/Home"); } Can someone please lend some insight into why UpdateModel would be throwing this exception? Thanks!

  Read the article

• What is the benefit of using ONLY OpenID authentication on a site?

  - by Peter

  From my experience with OpenID, I see a number of significant downsides: Adds a Single Point of Failure to the site It is not a failure that can be fixed by the site even if detected. If the OpenID provider is down for three days, what recourse does the site have to allow its users to login and access the information they own? Takes a user to another sites content and every time they logon to your site Even if the OpenID provider does not have an error, the user is re-directed to their site to login. The login page has content and links. So there is a chance a user will actually be drawn away from the site to go down the Internet rabbit hole. Why would I want to send my users to another company's website? [ Note: my provider no longer does this and seems to have fixed this problem (for now).] Adds a non-trivial amount of time to the signup To sign up with the site a new user is forced to read a new standard, chose a provider, and signup. Standards are something that the technical people should agree to in order to make a user experience frictionless. They are not something that should be thrust on the users. It is a Phisher's Dream OpenID is incredibly insecure and stealing the person's ID as they log in is trivially easy. [ taken from David Arno's Answer below ] For all of the downside, the one upside is to allow users to have fewer logins on the Internet. If a site has opt-in for OpenID then users who want that feature can use it. What I would like to understand is: What benefit does a site get for making OpenID mandatory?

  Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40  | Next Page >