i have an ASP MVC web site that is published.
and i adjusted <security allowRemoteAccess="yes"/> in webconfig
and now anybody can access Elmah page
by saying that i didnt use ASP.Net Identity,how can i secure ELmah Page?
I wrote a blog post a couple of months ago, that explains everything you need to know: ELMAH security and allowRemoteAccess explained. Basically, you will need to install the Elmah.MVC package and add app settings like this:
<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>
Related
I'm developing an ASP.NET MVC application, and when I run it from VS, if I let the browser sit on a page for a short time like 45 seconds, and then try to take some action, the request never makes it to my controller. Everything functions as expected if I don't wait at all before making a navigation/request. This problem has existed for the life of the project.
The IIS Express logs do not show any requests when this happens; however, in debug mode, VS can see that the browser did make a request. No breakpoints inside of the ActionResult get hit though, so I know it isn't getting called. The browser's debug tools show the request sitting in the pending state forever. The website is still running though, IIS doesn't crash. I can open another browser and access the login page, however, the POST doesn't fire the controller action.
This happens on every machine and with every browser. I've scoured the web and couldn't find others with my problem. My webconfig and applicationHosts look like the default generated ones, except for some forms auth settings.
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="PreserveLoginUrl" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" requestValidationMode="2.0" />
<authentication mode="Forms">
<forms slidingExpiration="true" timeout="60" loginUrl="~/Account/LogIn" />
</authentication>
Turns out the issue was a loader lock being made by a thread that was dying (terminated?) before it could release the lock. This lock would block any threads handling HTTP requests. Application Insights appeared in the callstack for the problematic thread, and after disabling it, the problem no longer occurs.
i have been requested to change the authentication mode in my mvc 4 project to be windows authentication, and i was using the asp.net configuration manager.
for us, it will be a major change in the code, so is there any workaround to link our outlook active directory to asp.net configuration manager ?
Try the following setting
<appSettings>
<add key="EnableSimpleMembership" value="false" />
</appSettings>
follow the link for more details
http://www.mikesdotnetting.com/article/216/windows-authentication-with-asp-net-web-pages
I see a lot of posts on this topic - no Intellisense in VS Express 2013 for Web .cshtml files. I see that some people are having success after installing the 2013.1 update, but that didn't work for me.
It didn't just quit working - it hasn't ever worked in VS Express 2013 for me. Every line that begins with # is just a black line. No highlighting, no Intellisense while typing.
I've installed the 2013.1 update.
Launched vwdexpress.exe /resetsettings
Checked the AppSettings section in web.config:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
Are there any other possible solutions for this?
Those web.config settings look ok.
As its never worked looks as though something is broken so a reinstall would be best (but painful). But first there is a 2nd update for visual studio 2013 available VS2013.2 this may correct the problem although as the first update didn't it is unlikely, worth a try. Good luck.
I created a fresh simple ASP.NET MVC 4 Internet Project, then I have created models with the ADO.NET Entity Data Model designer and then I have installed System.Web.Providers (Universal Providers) and configured Web.config in order to have two different data sources, both using SQL CE 4.0.
These are my connection strings:
<add name="DefaultConnection" connectionString="Data Source=C:\maindb.sdf" providerName="System.Data.SqlServerCe.4.0" />
<add name="MyEntitiesModelContainer" connectionString="metadata=res://*/MyEntitiesModel.csdl|res://*/MyEntitiesModel.ssdl|res://*/MyEntities.msl;provider=System.Data.SqlServerCe.4.0;provider connection string="Data Source=C:\myentities.sdf"" providerName="System.Data.EntityClient" />
The application works. But when I try to login, this is the exception I get:
To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
I have also added <add key="enableSimpleMembership" value="true" /> in Web.config because someone on different forums solved the problem doing this. It wasn't my case, the same error remains.
Could anyone help me please?
ASP.NET MVC4 ships with simple membership, and simple membership works with SQL CE out of the box, you don't need (and in fact can't use) the universal providers with Simple Membership.
From this ASP.NET forum post:
Thanks for the hint. Now that I was able to see that the provider was
being hijacked, I added
<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>
Everything Seems to be working fine now.
First post here on stackoverflow but I love the site!...
I've successfully created a fully functioning Azure hybrid model application using MVC 4. Published and works great. Now I want to add ACS for auth to my site. I've followed all the steps but when I run the app in simulation it fails to re-direct to ACS and offers up the page stating that it couldn't find login.aspx.
I have created a simple website solution just to prove that my ACS is setup correctly and it works just fine. I noticed that the web.config files of the two solutions were wildly different.
Anyone tried to do this yet? Any help would be appreciated.
--------- Solution -----------
I finally got everything to work. The key was to remove the WebMatrix.WebData references since I didn't need to do my own auth. The following came from MVC4 Release notes.
When WebMatrix.WebData.dll is included in in the /bin directory of an ASP.NET MVC 4 apps, it takes over the URL for forms authentication. Adding the WebMatrix.WebData.dll assembly to your application (for example, by selecting "ASP.NET Web Pages with Razor Syntax" when using the Add Deployable Dependencies dialog) will override the authentication login redirect to /account/logon rather than /account/login as expected by the default ASP.NET MVC Account Controller.
Open your web.config file.
Locate the Authentication node.
Change it from:
<authentication mode="Forms" />
To:
<authentication mode="None" />
Comment here, if it doesn't help, and what is the result after changes to web.config.
As a side question - how did you add reference to the ACS namespace - via "right click -> Add STS Reference", or manually changed the web.config ?
Make sure that the required Modules are registered with the web server:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
</system.webServer>
Also make sure that you have microsoft.identityModel section, and you have federatedAuthentcation node within it:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://[your_namespace].accesscontrol.windows.net/v2/wsfederation"
realm="http://127.0.0.1:81/" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
Where "realm" shall be valid URL for Realying Party Application. And requireHttps="false" is to simplify development process.
When you debug it locally, make sure you are running the Cloud project (which uses IIS), and not the Web Project (which will use Cassini / webdevserver, which does not understand the system.webServer section!)