I am creating an application which is going to use windows authentication to allow access to page based on user and its roles. I have gone ahead and configured IIS to use windows authentication and disabled anonymous access. I am able to browse the application without any issue and I have successfully enabled windows authentication for the application.
Now I am trying to set access to controller level by using Authorize, but I am unable to figure it out how it works with ASP.net 5. I am completely new to ASP / C# programming platform but I did search online resources and I came across this and I used below example to give it a try but I get red squiggly line under users and I think ASP.NET 5 is unable to find users. I also made sure that I have added all the references at the top.
[Authorize(Users = #"CONTOSO\Rick, CONTOSO\Keith, CONTOSO\Mike")]
References:
using Microsoft.AspNet.Mvc;
using RMDAAutomation.Models.Repository;
using RMDAAutomation.Models.Entity;
using Microsoft.AspNet.Authorization;
Any suggestions is highly appreciated. :)
UPDATE 1:
TutorialsController.cs:
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Authorization;
namespace RMDAAutomation.Controllers.Web
{
public class TutorialsController : Controller
{
[Authorize(Roles = #"DOMAIN\GROUP")]
public IActionResult Index()
{
return View();
}
}
}
Tutorial Index View:
<div class="container">
<h1>Tutorials</h1>
</div>
Visual studio project settings:
using System.Web.Mvc;
This using solves the issue in my project
Related
I have an application developed using C# under Net 5. The issue I am facing is only happening when I access the site remotely as it is already published on IIS, otherwise running it directly from Visual Studio seems to work rather fine.
Below is my "Index" View :
<form method="post" asp-action="GenerateOTP" asp-controller="Home">
Below is the controller:
[HttpPost]
public ActionResult GenerateOTP(OTPData mydata)
{
...
return RedirectToAction("EnterOTP", "Home");
}
Basically the app should automatically redirect to the page "EnterOTP" after performing the commands on the "GenerateOTP" method. Instead on production the page redirects to Home/GenerateOTP on the browser and this would definitely not work as the page doesn't exist.
Any recommendation on what I am missing.
#PanagiotisKanavos Thanks for the tip. Checked my Event Viewer and found out the issue was on my ApplicationPool Identity. It wasn't authorized access to that directory. Changed it from ApplicationPoolIdentity to LocalSystem and all works fine right now.
c# with a blazor application
I'm using Microsoft Identity Web to get the scopes from my Azure AD. This is working and I can use
[Authorize(Policy = "GroupAll")]
[AuthorizeForScopes(Scopes = new[] {Constants.ScopeUserRead})]
This is working fine but now I want to create 2 pages with page 1 a different policy then page 2. And page 2 is using #inherits to reuse 99% of the code of page 1.
How do I do this? because the [authorize] code is before the
public partial class classname : ComponentBase
I hope my problem is clear. Sorry im still learning.
Maurice
I'm setting up a new server with windows Azure VM for a asp.net mvc 5 application. I'm able to open every page of the application without a problem with an exception of one controller. i.e. whenever I try to open a page belong to a specific controller, it prompts me for user name & password as below.
I use the same application in a different Windows Server 2016 VM without any issues.
I don't see any errors of the application/IIS logs either. I don't have any https requirements in the application.
What may be causing this behaviour?
namespace App.Controllers
{
public class ReportsController : BaseController
{
private readonly IReportRepository reportRepository;
public ReportsController(): this(new ReportRepository()){
}
public ReportsController(IReportRepository reportRepository){
this.reportRepository = reportRepository;
}
public ViewResult Action()
{
return View(reportRepository.All);
}
}
}
namespace App.Controllers
{
[Authorize]
public class BaseController : Controller
{
}
}
UPDATE: I renamed the ReportsController to AppReportsController and the issue disappeared.
i.e. I get the above prompt when I try to access
http://domain/Reports/Action
but not for
http://domain/AppReports/Action
Could you please someone explain to me what's going on here? Does it mean that "Reports" is reserved by the framework or something?
This is an authentication issue. In my case, it solved by below steps:
1- Go to IIS manager, in the left pane, expand the server root and select your web application from Sites node.
2- In the Home screen, go to IIS section and select Authentication.
3- Enable Anonymous Authentication.
4- Then, select Edit and set Edit Anonymous Authentication Credentials to Application pool identity.
I know this was an old post however I stumble on this one because I encountered the same error as the OP does.
I have solved this one in case there's someone encounters the same as this.
but the solution may vary depends if we have the same applications installed.
check if the web server / server has an installation of sql server.
check if there is reporting services installed.
remove / uninstall the reporting services from the application control panel
follow this link if you don't know how to remove the report service How to remove Report Service
Please check again if you still encounter the same error. Cheers!
The browser will tell you your connection to the site is not private if you don't use transport layer security (i.e. HTTPS) in your web application, and you are being asked to enter data - in this case your credentials. Doing this is dangerous because that data can easily be sniffed by a malicious person.
There is no reason in today's world to not have a secure site, I strongly recommend you get a certificate (they are free and super easy!)
Just don't use "Reports" use "Report" instead. Controller name ReportController not ReportsController. It'll be alright. I've faced the problem and this is the solution I've got.
I'm in the process of learning ASP.net, specifically WebAPI and MVC. I'm using Visual Studio Community 2013, .NET 4.5, and C#. I'm a total newb so I'm actually going through this particular walkthrough to understand how things work:
http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api
It's been ok so far, but I want to move on to connecting a database to populate my dataset. I'm very familiar with using Firebird and was able to install Firebird as a dataprovider (through NuGet and installing the appropriate DDEX files). Unfortunately, I'm having difficulty understanding how to query the database and populate my array.
Basically, this is what my code looks like:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using FirebirdSql.Data.FirebirdClient;
using System.Configuration;
using System.Collections;
namespace NBAPoolWebService.Controllers
{
public class UserController : ApiController
{
User[] users = new User[]
{
new User { ID = 1, CREATED=new DateTime(2011, 1, 12), ISACTIVE='Y', USERNAME="TEST1"},
new User { ID = 2, CREATED=new DateTime(2012, 2, 22), ISACTIVE='Y', USERNAME="TEST2"}
};
public IEnumerable<User> GetAllUsers()
{
return users;
}
public IHttpActionResult GetUser(int id)
{
var user = users.FirstOrDefault((p) => p.ID == id);
if (user == null)
{
return NotFound();
}
return Ok(user);
}
}
}
Currently, if I visit http://localhost/api/user, I get my list of test users via JSON (which is what I want).
What I'm hoping to understand is how to change the array that I set to come from my Firebird database (via an SQL query). I know how to get my query (select * from users), I have a valid connection (confirmed through visual studio) and I have seen some tutorials on how to use FBConnection.
What I'm having difficulty with is actually using the data from the query and populate the objects in the array.
Any help would be greatly appreciated. If you could tell me the piece of code that I need to enter, or point me to the right tutorials, or if you think I should be using a specific technology or methodology, that would be great.
What I'm trying really trying to accomplish/understand is how to create a Web service that responds with JSON and that is connected to a Firebird database.
Thanks in advance for any help!
I've learned a ton about .Net and Entity Framework by watching pluralsight videos. If you don't have an account with them, signing up for the trial would allow you to watch Entity Framework and Data Models. There is a module dedicated to Creating Database First Entity Data Models, which you may find useful.
After a bunch of research, I stumbled upon the following link:
[link]http://johntomaselli.blogspot.ca/2012/04/mvc-4-firebird-ef-41-and-database-first.html
So I deleted my existing User Controller and Model and created a new Model using ADO.NET Entity Data Model (named User).
From there, I used EF Designed from Database and used the connectionstring I created in my web.config.
From there it let me choose the database tables I wanted and built out a Model called User.edmx.
After that, I created a controller using Web API2 Controller with action, using Entity Framework.
This allowed me to choose a model class with the corresponding name.
At this point, I think I need to do some research on the Entity Framework but this at least allows me to create a web service that connects to the database.
Hopefully this helps other young newbs on their start with ASP.net, MVC, WebAPI, Entity Frameworks, and Firebird.
My next steps will be understand the User.edmx and if I should have created a model for all tables (instead of just one). Hopefully I understand that when I resarch the Entity Framework.
I am currently using built in Windows Authentication for my MVC3 web app.
It works as expected but I can't seem to figure out how to hide certain links on a view based on what user is logged in. I found info on using If (Roles.IsUserInRole) but that dont work as I do not know that Windows roles if any we are using. I think we are using Groups instead of roles.
Thanks
Role = group membership, so you can use it like this:
if (Roles.IsUserInRole("domain\\Administrators")) {
// do something
}
I think you can also use this solution:
if (Roles.IsUserInRole("role","username")) { //should also work, worked for me in the MVC3
// do something
}