473,387 Members | 1,864 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > mindboogling security problems

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Mindboogling security problems

I need to add a login front end to an existing website. No big deal ????

VS 2005 / Vista / II7 / SQL Express

Well I go into the security and add a welcome page and a login page. Real
easy and the .Net Config tool allows the changing of security and creation
of users etc. Again real easy.

Tested in VS and all works. Close VS and attempt from the internet. I then
get "cannot open user default database. Login failed". I know I am using
correct userid / password.

What gives. So I go back to VS and all is good. Problem is that users
can't run from VS.

???

Lloyd Sheen

Apr 24 '07 #1
3 1269
Sounds like asp.net runs as different accounts
(in the VS internal server and on the internet).

Save the following page to your application directory and run it,
both from inside VS 2005 and from the internet.

identity.aspx:
------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
-----------

If that file returns different accounts depending on where it's run from,
adjust the access permissions accordingly.

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Lloyd Sheen" <a@b.cwrote in message news:17**********************************@microsof t.com...
>I need to add a login front end to an existing website. No big deal ????

VS 2005 / Vista / II7 / SQL Express

Well I go into the security and add a welcome page and a login page. Real easy and the .Net
Config tool allows the changing of security and creation of users etc. Again real easy.

Tested in VS and all works. Close VS and attempt from the internet. I then get "cannot open user
default database. Login failed". I know I am using correct userid / password.

What gives. So I go back to VS and all is good. Problem is that users can't run from VS.

???

Lloyd Sheen


Apr 24 '07 #2

"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:u5**************@TK2MSFTNGP02.phx.gbl...
Sounds like asp.net runs as different accounts
(in the VS internal server and on the internet).

Save the following page to your application directory and run it,
both from inside VS 2005 and from the internet.

identity.aspx:
------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
-----------

If that file returns different accounts depending on where it's run from,
adjust the access permissions accordingly.

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Lloyd Sheen" <a@b.cwrote in message
news:17**********************************@microsof t.com...
>>I need to add a login front end to an existing website. No big deal ????

VS 2005 / Vista / II7 / SQL Express

Well I go into the security and add a welcome page and a login page.
Real easy and the .Net
Config tool allows the changing of security and creation of users etc.
Again real easy.

Tested in VS and all works. Close VS and attempt from the internet. I
then get "cannot open user
default database. Login failed". I know I am using correct userid /
password.

What gives. So I go back to VS and all is good. Problem is that users
can't run from VS.

???

Lloyd Sheen


Thanks Juan,

I get different values as you suspected. I am in Vista with II7 and
have no idea how to change the access permissions.

Lloyd

Apr 24 '07 #3
re:
I get different values as you suspected.
Yup, that seemed like a likely cause.

re:
I am in Vista with II7 and have no idea how to change the access permissions.
I'm not using Vista, but the process should be similar to Windows XP or Windows Server:

You open the Windows Explorer ( it may have a different name in Vista )
and right-click the directory where the files are located in.

That will bring up a context menu from which you can select the security options.

From there, you should be able to add whichever account came up when
you ran the file from the internet, so you can give it at least read access.

Check it out. If you need additional help, post back.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Lloyd Sheen" <a@b.cwrote in message news:7B**********************************@microsof t.com...
>
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:u5**************@TK2MSFTNGP02.phx.gbl...
>Sounds like asp.net runs as different accounts
(in the VS internal server and on the internet).

Save the following page to your application directory and run it,
both from inside VS 2005 and from the internet.

identity.aspx:
------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
-----------

If that file returns different accounts depending on where it's run from,
adjust the access permissions accordingly.

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Lloyd Sheen" <a@b.cwrote in message news:17**********************************@microsof t.com...
>>>I need to add a login front end to an existing website. No big deal ????

VS 2005 / Vista / II7 / SQL Express

Well I go into the security and add a welcome page and a login page. Real easy and the .Net
Config tool allows the changing of security and creation of users etc. Again real easy.

Tested in VS and all works. Close VS and attempt from the internet. I then get "cannot open
user
default database. Login failed". I know I am using correct userid / password.

What gives. So I go back to VS and all is good. Problem is that users can't run from VS.

???

Lloyd Sheen


Thanks Juan,

I get different values as you suspected. I am in Vista with II7 and have no idea how to change
the access permissions.

Lloyd

Apr 24 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
[PHP5] Will be security be enforced ?
by: Julien Buratto | last post by:
I don't think Php, setting safe_mode and register globals did a serious job on 4.1.x versions and above. Actually I would like to see that crapy problems beeing solved on Php5 but it seems...
PHP
0
Security in data handling
by: Ken in Melbourne Australia | last post by:
For some Open Source (GPL licensed) programs that I am working on, I am trying to create some PHP routines for data handling with good security. The routines I have created for this are given...
PHP
4
[HELP] RMI & Java security (too secure!)
by: Lorenzo | last post by:
hi you all, first of all apologies for having cross-posted this message but really i did not know where to post it. please let me know what ng you consider the most suitable for the described...
Java
28
Who should security issues be reported to?
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
Python
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
3
Access 2002 security
by: mar10 | last post by:
I am creating a database in Access 2002 for a small firm that would like security on the tables. They want some employees to have write access only to tables, while others read-only. I have not...
Microsoft Access / VBA
5
Passing User Credentials to site running under Integrated Security
by: cdlipfert | last post by:
Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under...
ASP.NET
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
15
Security - PHP Vs Java
by: himilecyclist | last post by:
My State government organization has written a PHP/MySQL application which has been in production for about 6 months and has been highly successful. We are now embarking on a similar database...
PHP
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!