Re: Mindboogling security problems

Tech-Archive recommends: Fix windows errors by optimizing your registry


"Juan T. Llibre" <nomailreplies@xxxxxxxxxxx> wrote in message news:u5it3fohHHA.3412@xxxxxxxxxxxxxxxxxxxxxxx
Sounds like asp.net runs as different accounts
(in the VS internal server and on the internet).

Save the following page to your application directory and run it,
both from inside VS 2005 and from the internet.

identity.aspx:
------------------ <%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
-----------

If that file returns different accounts depending on where it's run from,
adjust the access permissions accordingly.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Lloyd Sheen" <a@xxx> wrote in message news:1733817B-DEC9-4DEF-BFF6-42FC003C6FBA@xxxxxxxxxxxxxxxx
I need to add a login front end to an existing website. No big deal ????

VS 2005 / Vista / II7 / SQL Express

Well I go into the security and add a welcome page and a login page. Real easy and the .Net
Config tool allows the changing of security and creation of users etc. Again real easy.

Tested in VS and all works. Close VS and attempt from the internet. I then get "cannot open user
default database. Login failed". I know I am using correct userid / password.

What gives. So I go back to VS and all is good. Problem is that users can't run from VS.

???

Lloyd Sheen



Thanks Juan,

I get different values as you suspected. I am in Vista with II7 and have no idea how to change the access permissions.

Lloyd

.

Relevant Pages

  • [NT] Vulnerability in Microsoft Data Access Components Allows Code Execution (MS07-009)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... this vulnerability by preventing Active Scripting and ActiveX controls ... mode sets the security level for the Internet zone to High. ...
    (Securiteam)
  • Testimony of Jeff Schmidt, CEO, Authis
    ... Examining the Security Implications of Proposed Online Gambling Regulation ... recognized expert on issues related to online identification and authentication, ... authentication, and age verification. ... individual using The Internet. ...
    (rec.gambling.poker)
  • << SBS news of the week 12/6/2004>>
    ... Simply connecting to the Internet — and doing ... You would NEVER set up a server with file and printing sharing ports ... McAfee says 'Skulls' mobile security threat still low ... ISPs raise the stakes on DDoS attacks ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS news of the week 12/6/2004>>
    ... Simply connecting to the Internet — and doing ... You would NEVER set up a server with file and printing sharing ports ... McAfee says 'Skulls' mobile security threat still low ... ISPs raise the stakes on DDoS attacks ...
    (microsoft.public.windows.server.sbs)
  • Hackers Shift to Financial Gain
    ... Internet criminals not content to just wreak havoc online ... The prime objective for hackers and online thieves has shifted from ... largely hitting major corporate networks to gaining control of home ... Symantec this week released its Internet Security Threat Report. ...
    (comp.dcom.telecom)