I'm using Plone 4.3 in Windows 2008 with IIS.
Not like visions before Plone 4.3, like Plone 4.1.5, I can change password for "admin" in ZMI manage Pages: /acl_users/users.
In Plone 4.3 I cannot find page /acl_users/users.
Tried to reset password by reset password link instead, got exceptions.
The Zope User Manager has always been /acl_users/source_users, iirc (it is in my Plone 4.1 versions).
Just try /acl_users/manage_main...
Related
I have a website working perfectly with Symfony 4.3 with security active and different roles for different users. Everything works perfectly.
Today I decide to upgrade website to Symfony 4.4 then 5.0 then 5.1.
Since 5.0, security hangs: I'm correctly logged in, but all tests (is_granted from twig for example) do not work anymore, like if default voter return false. Roles are correctly reads from DB (checked with a dump).
I think it can comes from a config file but can't figure which one...
BTW: I follow explanations from SymfonyCasts
How can I fix this issue?
I have Plone 4.3.2 (Zope 2.13.21) installed. As mentioned in the documentation (http://plone.org/documentation/kb/securing-plone) cookies should be secure and httpOnly with Zope 2.12 or higher.
Also note that the suggested patch has been included in Zope 2.12.0
b1, so Plone 4, which will use Zope 2.12 or higher, won't have this
problem
But if I log in as admin (or another user that is defined at zope-root) the __ac cookie is not secure and not httpOnly. If I log in as a user created in a site everything is fine. Is there a way to change this?
First off, to set cookie settings in Plone:
append /manage onto your plone site url
click "acl_users"
click "session"
click "properties" tab
Then, as for root login, it depends on where you login.
Zope root does not implement a cookie plugin, it only logs in with basic auth. IMO, you should never have zope root accessible without first tunneling or using a VPN to get into it.
Finally, you can disable credentials_basic_auth plugin from your plone site.
I have set up a ADFS 3.0 server on Windows Server 2012 R2.
To satisfy the requirement, I need to customize the default login page (not only the UI, but the validation logic).
Since ADFS 3.0 is not allow me to customize the login page, I decide to write the login page myself.
I decide to extract the source code of ADFS 2.0 login page, and deploy it to IIS as my new login page. Is it possible?
Or please provide some information on customizing the ADFS 3.0 login page.
No because ADFS 3.0 no longer uses IIS.
Also the page is locked down - there are some PowerShell commands to do simple things.
To configure the login page refer: Handling Expired Passwords in AD FS 2012 R2
Update: This question comes up so many times that I wrote it up.
Refer: ADFS : Customising the screen for ADFS 2012 R2 or ADFS 3.0 or ADFS 2.2
hope someone can provide me some insight on this iss problem!
Th situation is this, i understand that upgrading to IIS7 is absolutely necessary for security but will do so in the future but now, i'm using IIS6 and would like to force IIS6 to display qualified hostname of the IP address.
So far my other websites had gone through and been changed to display the qualified hostname but my dotnetnuke server (version 4.08.04), i am unable to locate the file(dnn or iis6) to change this.
I've used this procedure below for changing
IIS < 7
Force IIS to Display Hostname
It is possible to force IIS to display the hostname of the server instead of the IP address via the following:
Open a command window
Select "Start"
Select "Run"
Type in "cmd" and press enter or select the "OK" button
Browse to the "C:\inetpub\adminscripts" directory (or wherever this directory is located on your server)
Run the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
The IIS web service will now return the qualified hostname instead of the IP address.
You can do this with a setting in DNN using the Ifinity Friendly URL provider http://www.ifinity.com.au/Products/Friendly_Url_Provider_For_DNN
Because you are on such an old version of DNN thought you might have to go back to a fairly old version of that provider to make it work. DNN 4.8.4 has quite a few security bugs, so upgrading to a later version of DNN (even on IIS 6) would be ideal.
I believe you could upgrade to DNN 6.2.8 (or whatever the last 6.* release was) without having to upgrade IIS, though you would need .NET 4.0 for any version of DNN after 5.1
I've published my website and tried to host in my localsystem.Im getting the login page but cannot login to my application.When i click the submit button in the login page,the page simply refreshes and comesback.The page is not showing any error like 'invalid username or password' which i've set for not proper login
Im using visualstudio 2008 and iis 5.1. What could be cause of this error ??
Now i installed iis6,but still having the same problem ...........
If you're using the built in asp.net membership and roles you will have to set up new users and roles for the published website because the ones currently in your database will only be valid for the development application; they will have a different applicationId. You would normally do this is IIS but I've never used 5.1 so no idea how to on there.