Blogger Widgets
  • Sharing Photos using SignalR
  • TFS Extenstion - allows copy work items between projects
  • Displaying jquery progressbar with ajax call on a modal dialog
  • Managing windows services of a server via a website
  • Exploring technologies available to date. TechCipher is one place that any professional would like to visit, either to get an overview or to have better understanding.

Search This Blog

Wednesday 30 June 2010

ASP.NET - Handling Impersonation failures of web.config

Impersonation is possible in number of ways. One of the most common method is to to store encrypted user credentials in registry. Configure web.config to pickup the credentials for authentication as below :-

Use encrypted attributes in the configuration file web.config

So far so good, now consider if the user credentials have failed the following error is displayed




The following section should allow you to display a custom error page:-


<customErrors mode="RemoteOnly" defaultRedirect="GeneralError.aspx"/>


this will work only after the user is authorised and a session is created for the user.

Hence in order to display custom error page for invalid user credentials from web.config, error handling for login credentials should be handled in Global.asax as below :-


void Session_Start(object sender, EventArgs e)
{
if (!Impersonate.ImpersonateUser())
Response.Redirect("GeneralError.aspx",true);

}


Now the code for ImpersonateUser()

///
/// Summary description for Impersonate
///

public class Impersonate
{
// Declare signatures for Win32 LogonUser and CloseHandle APIs
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool LogonUser(
string principal,
string authority,
string password,
LogonSessionType logonType,
LogonProvider logonProvider,
out IntPtr token);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool CloseHandle(IntPtr handle);
enum LogonSessionType : uint
{
Interactive = 2,
Network,
Batch,
Service,
NetworkCleartext = 8,
NewCredentials
}
enum LogonProvider : uint
{
Default = 0, // default for platform (use this!)
WinNT35, // sends smoke signals to authority
WinNT40, // uses NTLM
WinNT50 // negotiates Kerb or NTLM
}


public Impersonate()
{
//
// TODO: Add constructor logic here
//
}

public static bool ImpersonateUser()
{
bool bRet = false;
IntPtr token = IntPtr.Zero;
WindowsImpersonationContext impersonatedUser = null;
try
{
// Create a token for DomainName\Bob
// Note: Credentials should be encrypted in configuration file
string user = ConfigurationManager.AppSettings["userid"];
string domain = ConfigurationManager.AppSettings["domain"];
string pass = ConfigurationManager.AppSettings["password"];
bool result = LogonUser(user, domain,
pass,
LogonSessionType.Network,
LogonProvider.Default,
out token);
if (result)
{
WindowsIdentity id = new WindowsIdentity(token);

// Begin impersonation
impersonatedUser = id.Impersonate();
bRet = true;
}
}
catch(Exception ex)
{
string err = ex.Message;
// Prevent any exceptions that occur while the thread is
// impersonating from propagating
}
return bRet;
}
}



Hence user authentication is performed in session_start and allows to redirect to custom error page for unauthorised access.

"Many of the great achievements of the world were accomplished by tired and discouraged men who kept on working."

Monday 28 June 2010

Issue with user control getting loaded with asp:timer

I have been working on a web application which requires loading a user control using asp:timer control. Application is completely based on widgets.

The default page has number of widgets that are loaded dynamically at runtime and all widgets has the facility to enable or disable timer.

All events were working fine except "User Widget" not firing any events. Here is how the code is :-

WidgetTimer.ascx















UserControl.ascx


<%@ Control Language="C#" AutoEventWireup="true" CodeFile="DataListMgrReal.ascx.cs" Inherits="DataListMgrReal"%>










Select Repository






PageSize="25"
AutoGenerateColumns="false"
GridLines="None"
CssClass="gridViewData"
Height="159px">











I have been struggling to find the issue. Then i have tried creating a new web app and have tried with just the above snippet and that works fine.

After some modifications the btnUpdate_Click stated working but only works for the second click.

i have come accross the following articles...

http://forums.asp.net/t/1079709.aspx


http://bytes.com/topic/net/answers/730873-ajax-updatepanel-dynamic-controls-registerstartupscript-click-twice

Application was so complicated so the only detail that has skipped out of my mind is "UserControl" ID property.

I am not assigning ID property manually which has been causing the issue all the time. I have finally fixed the issue now its a relief......

Hope this might be helpful for someone like me with this odd combination.

Never overlook a minute detail !!!
Copyright © 2013 Template Doctor . Designed by Malith Madushanka - Cool Blogger Tutorials | Code by CBT | Images by by HQ Wallpapers