I have developed web page for displaying certificates using X509Certificate2UI class. It's working fine when it is running at local host It's displaying all certificates, I could choose the certificate, subsequently I am using certificate for digital signing a pdf document, but when I deployed it on web server it is showing exception, The current session is not interactive. It is not showing any certificates. Any one had ever face this problem. If so please guide me how to resolve this issue. I really confused why it is behaving in that manner.
Certificates are often in "stores". Sometimes USer Stores are tied to windows users. Try setting "Load User Profile" in IIS app pool to make it interactive. However this may not be enough to make it interactive the way your code is assuming.
Make sure you understand what store you are using at runtime.
I would write my code so that it did Not require an interactive session. Store in Machine store or in files.
Related
I have problem with node-red.
I have a server and i have node-red running on it, i know how to create user authentification by editing setting.js file but what i want to do is that i want to be able to create other users from a webpage that is running on the same server.
I can run a python script that edit the setting.js file and i can edit it mannualy,
but i want to be able to create and remove users from the webpage that is running on the same server.
i am using ubuntu and ngninx on my server.
The Node-RED security documentation includes a section on adding custom user authentication here. It explains how you can replace the hard coded user information with a module that will authenticate a given user. Editing the settings.js is probably not the right approach, especially as it will require you to restart Node-RED after each change.
With this approach you can build your own back end to store and manage users. There are a couple of examples of such code available, including this one that I have written that uses MongoDB to hold the user information. The management app that creates users can be found here, but you can write your own in Python if you want.
Just as a reminder, Node-RED is not a true multi-user environment, even if you declare a number of users, they will all only have shared access to one instance and set of flows. If you want a truly multi-tenant (each user has their own instance and flows) deployment you should probably look at the entire series of posts in that collection that explains how to build such a system. You can start here.
I have a web site (intranet) that allows you to download an executable (currently a .Net Console Application) written in ASP.NET and is using https.
However on many machines I can't run it right away after download - I need to right click on it, go to Properties and click Unblock which makes using this app uncomfortable (users will often have to download this executable and run - every time it is a new one as it is code generated)
Is there any way to make this executable automatically unblocked? Modifying client machine is not an option, but I can do anything with the server.
From the beginning I thought this is impossible as it is a security protection, but Chrome somehow does this. If I take a new PC with IE installed, type Chrome into Bing and install it - I don't have to unblock executable.
So far I've tested this only on W10 Chrome and IE, but I am pretty sure older Windows versions have this problem as well.
The mechanism for showing the untrusted executable dialog is based around alternate Datastreams. The metadata gets added by Windows or the browser when you download something from a network source, thus it is not possible for your file/webserver to influence this behaviour. Windows on the other hand has a ruleset which it uses to apply the flags which can be found in the TrustZone-Settings of your Internet Options.
NTFS has a neat little feature which allows for a file to have multiple contents, also known as alternate Datastreams. This is an NTFS-only feature, so you won't find it on other partition types. This basically allows you to store more data in your file which is not perse visible to the user and cannot be easily found out by a standard windows user. Windows uses those alternate datastreams to mark the origin of a file, especially when downloaded from the inter- or intranet. The Alternate Datastream which is used for this data is called the "Zone.Identifier" and holds an ID to the zone which the file was copied from. When you decide to trust a file you basically tell Windows to remove that datastream.
Windows uses the concept of different zones to classify those files. Windows knows four zones in Total: Internet, Intranet, Trusted Sites and restricted Sites. You can alter the settings and rules for those in the Internet-Options dialog in the tab "Trust Zone"
Security Remark: Before changing your settings for the trust zones in the company consider the security risks of this thrice. As it will allow any executable from those verified sources to be executed, potentially laying way to malicous executables which can then be started by already infected PCs or Users themselves.
The correct way to resolve that issue is to sign that executable with a trusted and valid code signing certificate which is better to be with EV (Extended Validation). Windows will check the certificate when you run the file and will allow it to run without further actions as it is signed with a trusted cert.
I'm trying to use the boxr package to link my box account to R-Server.
I get as far in the box_auth() instructions as step 3 from the box pdf https://cran.r-project.org/web/packages/boxr/boxr.pdf
A window pops up and I authorise connection then I get the error 'Safari can't connect to the server'.
I have no knowledge of how apache or web development works so forgive my naivety, I've come to understand the problem is I don't have localhost set up on my Mac.
I'm unable to turn these features on because it requires admin rights and my company won't allow users to have this.
Is there something else I can put in the redirect_uri box apart from localhost that will allow this to authenticate?
Thanks
The issue i had was mostly that authenticating box through R-Server isn't supported. https://github.com/brendan-r/boxr/issues/23
To get around this I used my personal laptop to authenticate locally then uploaded the .Renviron and .boxr-oauth files to R server (which is the advice in the github post)
This was slightly tricky as R wasn't showing the .boxr-oauth file but I managed to copy it to a folder, zip the folder, then upload that to R-Server.
Now running the box_auth() function authenticates as it should.
As of v0.3.5 (November 2019) boxr has a new alternative authentication method designed for remote servers, box_auth_service(), that closes issue 23. It's slightly is different than the oAuth way, because it uses "Service" accounts as the actors instead of the "User" account. But the "Service" accounts are what's needed to maintain security within a organization, so we opted for that. Please open an issue on the repo if you run into any issues.
Please suggest a clean(er) way of adding a user (like myself) to Shiny Server running on Ubuntu. I found this link: Setting up shiny User permissions but would like more advice on this. And I don't want to host RStudio server, just want to host Shiny server. Also can I run Tomcat along with Shiny server on the same machine?
I think you may be misunderstanding what that link is saying. You're not setting up different users for the Shiny server, you're setting up users on your computer, and managing them in such a way that you keep track of permissions for files you create on the computer. The important thing is to make sure the "shiny" user on your computer (which will be the one hosting your shiny server apps, unless you modify the default settings) has the correct permissions to access the files it will need when running those apps.
When you run a Shiny app, you won't be logged in as a user per se, rather the "shiny" user will host the computation for you, and deliver any output to you through your browser interface.
To my knowledge, unless you're using Shiny Server Pro, you won't have the ability to specify different users when using the apps (this is different to a "session", which is another topic).
When you create a shiny app, and install it (by moving it to the "/srv/shiny-server" folder), you'll need to make sure the user "shiny" on your computer has read access to that file at the very least. If your app involves reading data files from your computer, make sure the "shiny" user has read access to those too. If your app involves writing to files on our computer, make sure the "shiny" user also has write permission for those files.
Currently I'm working on a piece of code that involves using the Crystal Reports Viewer to export .RPT files to PDF. My problem is that the code works on literally everything except the website I'm planning to eventually put it on.
When placed on the website it throws back the error "Failed to open the connection." which I believe is connected to the SQL Server connection that's formed in order to read data for the report itself.
The code itself is solid and works when used in a separate console application I built to test it whether said code is run on my local machine or on the server itself. It even runs when I test the website in Visual Studio's virtual host.
I've narrowed it down to being some sort of permissions issue, but I am not knowledgeable enough in the various permissions settings to figure out which ones specifically apply to this situation. It's worth mentioning that other pages on the website are directly connecting to the same database, but they are doing so directly through Linq instead of going through the Crystal Report Viewer.
So does anybody know which settings I need to modify in order to fix the connection error.
An added note: One of the other suggestions is to make sure there's an ODBC DNS in place that matches the one being used by the code. I have created such a DNS already.
Application Pool dictates how your application runs in many ways. You can probably configure the web.config to run under the credentials, or access level of your choice.
Solution for people who didn't read the comments:
Change the identity under the advanced setting's of your application pool to the desired level of access.
Glad I could help.- J