I need to know how to restrict folder access in report server when report viewed using report URL it should not go to browser again and I tried given new role based access to only folder but when report
Related
C# ASP.NET MVC web application - I followed all the steps from https://blogs.iis.net/davidso/azurefile in order to be able to access my Azure location by unc.
My newly created local user is in the IISUSER Group and has the same username and pwd (storage key).
I then created an application in my website using a new APP Pool (integrated) w/said local user.
I ran the caspol command as well.
The issue I run into is when trying to do a file.SaveAs, I get an error
Incorrect username or password
Server.MapPath({application}) returns the correct unc path but doing a Directory.Exists won't locate the path.
When viewing the "connect as" with specified user in IIS I get no issues, additionally I can access the unc path directly from my local machine with same creds.
I tried going to the app pool of the application and set the user directly but no change there. Are there changes I need to make on the Website configuration that the application sits in? Prior to converting this to an application I initially had it configured as a virtual directory and got the same error.
Set the load user profile to "True" in the application pool:
try to set the azure user in iis anonymous authentication by clicking on the edit:
I am unable to upload a file using a valid access token (the token allows me to list groups, drive items etc.). The error that appears is:
invalidRequest: One of the provided arguments is not acceptable.
Using the following PUT request:
https://graph.microsoft.com/v1.0/groups/{my group id}/drive/items/{my item(folder) id}:/test.txt:/content
using content type: text/plain
I tested this exact same request using the graph explorer https://developer.microsoft.com/en-us/graph/graph-explorer and my office 365 user account and the upload worked, so I though it might be an app permissions thing, however this did not work even after granting absolutely every permission to the app and regenerating the access tokem.
Please help as I would rather use an access token than my user account to perform the uploads.
Thankyou
Oliver
Just add a worked endpoint on my side:
PUT https://graph.microsoft.com/v1.0/groups/my-group-id/drive/root:/test.txt:/content
Request body: The contents of the file goes here.
The content type of request header does not need to be configured.
You need to check your folder path too.
I managed to resolve by creating a new app definition in Azure AD with the same permissions and it worked! Perhaps there was some corruption in my original Azure application - maybe the manifest was corrupt (due to a bug)?
I have google api service account.I successfully upload the file on the drive, open the file on browser.But i am not able to get the edit mode.How can i open a particular file in edit mode.And the changes will reflect to original files.
Currently i open the file using link "https://drive.google.com/file/d/0B6TZcMlVILILeEN2al9KanZBS1k/view?usp=drivesdk" this does not support the edit mode. When the current user sign in on the above link page then i see the edit option but it saves to the current user logged in account and not reflect the original file.
You can try the above link its working now.
I am developing the application in asp.net MVC and using google api v2
One approach is to share the files to the users (depending on type in your use case). Once the file has been uploaded (thru Service Account), additional settings will be required to share the file. Set the role as writer and you'll be good to go (by calling the File's selfLink)
I have a windows desktop app (written in Delphi) that allows users to store and retrieve files.
The application stores these files in a single network shared folder (Active Directory).
The various users of the app do not all have permission to see all of the files, these permissions are controlled by the app.
Currently we have to allow every user of the app access to the shared folder, so a malicious user could find the directory and gain access to all of the files.
Is there a way that the app can act as a specific user such that only the "app as a user" and not each individual needs permission to the shared folder?
You need to either:
1) run the app as the desired user.
2) have your code programmably impersonate the desired user, via LogonUser() and ImpersonateLoggedOnUser(), or other similar functions, before then accessing the shared folder. Don't forget to stop impersonating when you are finished using the folder.
Not directly, no. The app has exactly the same rights as its user has. That's part of the OS's security model. If I had to deal with something like this, I'd do it this way:
Create a second program that runs as a Service, and set it to run under a user account that has access to the shared folder. It should implement some sort of validation logic, and listen for incoming messages. (What exact method it uses for this is up to you, but you're essentially creating a server.)
Your desktop app runs under the limited user accounts. To request a file, it sends a message to the server, in which it identifies the user and the request it's making.
The server checks the request, and if it's valid, retrieves the file and passes it back to the user app. If not, it should return some sort of error message.
Not with standard file sharing -- the application is always going to running in the security context of the logged in user.
There's 2 obvious solutions I can see:
Work with the AD security and user accounts you already have in place to modify the rights to the files in the shared folder. This only works if the security in your application can be mapped to AD security objects already. If you need to allow for impersonation (e.g. An administrator "logging into" the app as himself or herself from another user session), then you're going to need to get very comfortable with the various Windows Security APIs.
Write a server-side component that will handle your application's authentication mechanism and provide file listings and content to the client.
It's possible that #2 could be implemented with something like WebDAV, FTP/SFTP/FTPS, or some other "already done" file transfer protocol that you can piggy back off of to save you some work.
I recently had an incident where the email details of a Sharepoint user were changed in Active Directory. These changes were not transferred into SharePoint and I had a problem in one of my web parts which uses the SPUser object to get the users email address.
Is there a way to configure Sharepoint to synchronise such data automatically?
Update
I changed my email address in AD and started a full profile import. I opened my Sharepoint user settings but see no change in my profile - it still shows my old email address
Just run a profile import from Central Admin, either a full or incremental import should update the affected profile.
The only way I've managed to get around this in the past is to dump the profile record that won't update and re-run the import.
This post explains there are actually both WSS and MOSS profiles and that you need to do profile synchronization between them. (If you look at your profile in SSP Admin you probably do see the update after the import runs, but the site itself has not been updated).
Anyway, I'm still trying to get the sync to work (it says it's set up), but I thought the additional info might be helpful even if I haven't yet figured out the whole solution.