.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

How list all of the Actions in an MVC application for security audit?

Posted By:      Posted Date: September 10, 2010    Points: 0   Category :ASP.Net
 
Hi, We are developing a big MVC application and the numbers of published end-points (Controller Actions) -audit properly assigned authorization attributes - are getting out of hand. In WinForms, each aspx file is the end-point, so I can easily audit files and folders. Things in MVC are different.  I am looking for a tool based on reflection that searches actions in all controllers available in the solution and give me a list with assigned [Authorize] attribute. Is such tool or technique available? If such tool is not available, how can I audit the security attack surface of an MVC application? A new developer can easily add an action to a controller class (we have many controllers, can't inspect them manually) and the action become available to public. Thank you, Max


View Complete Post


More Related Resource Links

Security Briefs: Access Control List Editing in .NET

  

Access control lists (ACLs) can be complex beasts, and user interfaces for editing them are incredibly tricky to implement properly. That's why I was really excited when Windows® 2000 shipped with a programmable ACL editor, shown in Figure 1.

Keith Brown

MSDN Magazine March 2005


ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S

  

The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004


Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET

  

Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002


Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr

  

This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000


Password / Application Security.

  

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?


Web Application list in Central Admin in 2007

  
Can somebody tell me where Central Admin pulls the data for: Central Administration > Application Management > Web Application List   Somehow, the name for one of my applications has changed, but the URL has remained the same.  The website content itself, the website in IIS, and the content database name all still appear to be intact and nothing has changed there.  Everything seems to be fine, I just happened to notice that the NAME of this one web application has changed and it's really bothering me that it could possibly be pointing to the wrong data.  HELP please!

Move custom list (with lookup fields) to another Web Application

  
Is it possible to move a custom list with lookup fields to other custom lists from one web application to another? Creating list templates does not work and breaks the relationship. Thanks.   Neil

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Maintain users and groups list of Active Directory for an asp.net web application only

  
Hi, I have configured active directory in my server 2008. We have a web project using asp.net mvc named Audit planning and Execution Software(Apex2).What we want to do is to authenticate Active directory users for this project.I can get all active directory users, groups, users of a group etc.I want to add users in active directory for the Apex2 project only using asp.net.I also want to display only the users and groups of Active Directory registered with the Apex2 project only. And I also want to add active directory users from whole AD list to our project's AD list. Can you please tell me, how will I do this. Shall I create an Organizational Unit and maintain all users and groups there for our project? Or, is there any other way to do this?  please help me.Thank You

"The list of workflow actions on the server references an assembly that does not exist."

  
hi,I have a query. I tried creating a workflow using the Microsoft Sharepoint Designer. But when i click on New - Workflows, its showing the following error "The list of workflow actions on the server references an assembly that does not exist. Some actions will not be available. the assembly strong name is Microsoft.sharepoint.workflowactions"Does any one came accross these sort of issues?Plz help me..... Thx in advanceRegardsAbul

the list cannot be imported because a windows sharepoint service-compatible spreadsheet application

  
I have googled this for 3 days now, without any solution. I have install, reinstall services and ms office, save as web the excel file for import, without any results, have anyone encounter this error. I need help.

New Item Added to List/Library trigers Alert to non-AD Security Group

  
I am trying to implement an alert when a new item is added to a list. Idealy this alert would be sent to either a SharePoint Group or a AD Distribution Group. I do not have access/authroization to create security groups. The research I have found so far tells me that I can only add AD users and AD mail-enabled security groups through the alert GUI. My questions is first is this a valid finding? Second, if I create a custom workflow can I have the workflow triger on new item added and have it send a notification to the specified SharePoint/Distribution group? Thank you in advance for your assistance.  

How to insert data into sharepoint list using silverlight application?

  
Hi all, I am developing an Silverlight application. And i want to insert data into sharepoint list through that silverlight application. I am able to retrieve data from sharepoint list and bind it to combo box. But how to insert data? I am retrieving data using service reference. Can anyone help me? Thanks in advance. Waiting for your valuable response.-Kaustubh

SharePoint List Security

  
I have a list which I only want administrators with full access. The rest of the people I have done the following: - Denied access the the list so that they don't see other people's  entries -Created a web part which users use to add data to the list (not all columns) and a grid to show their existing entries. However, normal people get access denied error on the web part. Any suggestions? 

BCS Method Security / External Content Type Permissions / Custom List Security Provider / Security T

  

I have an external list setup with the usual CRUD methods.  The external SQL table is also being populated by another source.  I want to enable/disable deleting depending on whether the record was created from SharePoint.  I would also like the normal list permissions to work.  So if a user has permissions to delete on the list, they can only delete items created for SharePoint. 

Where should this logic be incorporated?  On the BCS Delete method, somewhere in the External Content Type or on the list instance?  Most examples I find relate to security trimming for search.  I'm only concerned about the delete method.

I'm sure there are multiple ways to accomplish this.  Which is the best?

Thanks,
Ryan


How do I open an application by clicking on a specific document from the list of documents on SP2010

  

 

I created my own file type. And I have an application to open this specific file (xml).  In SP2010 created a list of documents and have uploaded this file type on my list of specific documents and up to here everything is working fine. 

But when I click the file from the list of documents that he was open with my software or whether it is possible to synchronize with the file.
 
My application (WPF Application) is already prepared to receive through "CommandLineArgument" the name and location of the file. If I go to the folder where my file and make double click, my software starts and open the file.
 
How do I open t

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend