Wrox Programmer Forums
Go Back   Wrox Programmer Forums > C# and C > C# 2005 > C# 2005
|
C# 2005 For discussion of Visual C# 2005.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the C# 2005 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 24th, 2007, 05:22 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,093
Thanks: 1
Thanked 12 Times in 11 Posts
Default Wrong Principal Object

I'm running VWD as administrator on Vista.

I have a login form authenticating users with table-based security. When the login form post back with the user name and password the code executes using the correct custom principal object.

The default page displays. When I click a link to load a page that calls a database to load a datagrid, the code is now using a System.Security.Principal.GenericPrincipal which throws a security exception, because the code requires the custom principal object that the login page was using?

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Principal must be of type BusinessPrincipal, not System.Security.Principal.GenericPrincipal

BusinessPrincipal is my custom principal object.

Any idea why the other page is using a System.Security.Principal.GenericPrincipal?

When I run this app using a Windows interface, everything run right. When I run it as a Web app, not working so good.

I'm a security novice, so I'm not even really sure where to start looking.

Bob


 
Old December 24th, 2007, 05:29 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi Bob,

Take a look here: http://forums.lhotka.net/forums/thread/2420.aspx

Additionally, you need some code in Login.aspx and in Global.asax to make this work correctly. The setup chapters show you what to configure where and how, while the ProjectTracker application shows you what code you need to make this work in a web application.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old December 25th, 2007, 12:43 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,093
Thanks: 1
Thanked 12 Times in 11 Posts
Default

Hi Imar,

Thanks for the response. I've been struggling with the Global.aspx issue for several days now. Since I'm porting 1.1 code to VWD, I of course bumped into the problem of 1.1 Global.aspx pages having a 2-file implementation and Global.aspx 2.0 having a default single file implmentation. I have found a way to attach a code file to a 2.0 Golbal.aspx page so I could emulate the CSLA 1.1 Global.aspx in Project Tracker. The technique is at:

http://www.xerratus.com/2006/10/20/N...arateFile.aspx

Running the code with this scheme, however, I have a new exception:

Session state is not available in this context.

The code breaks in the Global.aspx file in the Application_AcquireRequestState event handler. I see there is a Mono bug report for this issue at:

http://lists.ximian.com/pipermail/mo...ch/040599.html

Just wondering if this is anything you've bumped into in MS .NET. I've posted to the CSLA forums (don't know why I didn't think of that in the first place) regarding my Project Tracker issues, but if you have any idea why Session information wouldn't be available in the AcquireRequestState event I'd love to hear it.

Thanks as always, and happy holidays.

Bob






 
Old December 25th, 2007, 04:05 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,093
Thanks: 1
Thanked 12 Times in 11 Posts
Default

Hi Imar,

I corrected the security principal problem. I'm going to start a new thread on ASP.NET 2.0 forum about the session issue.

Principal object problem fixed with the following in Global.asax:

protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
        // set the security principal to our BusinessPrincipal
        if (Session["CSLA-Principal"] != null)
        {
            Thread.CurrentPrincipal = (IPrincipal)Session["CSLA-Principal"];
            HttpContext.Current.User = Thread.CurrentPrincipal;
        }
        else
        {
            if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
            {
                System.Web.Security.FormsAuthentication.SignOut();
                Server.Transfer("Login.aspx");
            }
        }
    }

Best,

Bob

 
Old December 29th, 2007, 09:52 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Sorry for the late replies. I was away for the holidays...

Is everything fixed now?

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Serializing Object Graph - Assigning Object to Jag venkat.kl C# 0 August 28th, 2006 10:39 AM
create a Line object ,Box object in CR at Runtime? thanhnt Pro VB 6 1 May 16th, 2005 06:51 AM
Working with Principal and Identity hasanali00 BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 31st, 2005 05:09 AM
email confirmation and site principal identity seanmayhew BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 30th, 2005 09:10 AM
Error Occurred creating Report Object: Object does sa_moizatyahoo Classic ASP Professional 0 February 1st, 2005 10:29 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.