Warning 76 CA2122 : Microsoft.Security : 'User.EmployeeId.get()' calls into 'PropertyValueCollection.Value.get()' which has a LinkDemand. By making this call, 'PropertyValueCollection.Value.get()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
->'User.EmployeeId.get()'
->'User.EmployeeId.get()' C:\WiproDaas\WiproDaas\DirectoryService\User.cs 105 DirectoryService
public string EmployeeId
{
get { return this["employeeID"].Value as string; }
set { if (!string.IsNullOrEmpty(value)) this["employeeID"].Value = value; }
}
Hi, i am facing warning near get(),please help me how to solve it?
This is a trust issue. Try adding the following attribute to EmployeeId:
[EnvironmentPermissionAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
Related
I am trying to connect to LDAP of the company and I am getting a lot of troubles. I solve one and suddenly I get a new one.
Right now I think the context is well defined and there is connectivity but it complains about 'Empty encoded password' and I dont know how to face it.
I am trying to authenticate through a service user.
Now I am working with this code:
auth.ldapAuthentication()
.userSearchBase("ou=xxxx,ou=yyyy")
.userSearchFilter("SamAccountName={0}")
.contextSource()
.url("ldap://servername:389/dc=aaaa,dc=bbbb,dc=cccc")
.managerDn("CN=serviceUserName,OU=uuuu,OU=yyyy,DC=aaaa,DC=bbbb,DC=cccc")
.managerPassword("serviceUserPass")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("password");
And:
#Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
And I am having this error:
2019-05-13 10:41:37.808 WARN 22928 --- [nio-8080-exec-6] o.s.s.c.bcrypt.BCryptPasswordEncoder : Empty encoded password
2019-05-13 10:41:37.926 ERROR 22928 --- [nio-8080-exec-6] w.a.UsernamePasswordAuthenticationFilter : An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D70, comment: Error in attribute conversion operation, data 0, v1db1
I try changing the PasswordEncoder function to:
#Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
#Override
public String encode(CharSequence rawPassword) {
return BCrypt.hashpw(rawPassword.toString(), BCrypt.gensalt(4));
}
#Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
};
}
And I check that the 'encodedPassword' variable is empty (The 'rawPassword' is the one I enter in the login page). This error is:
java.lang.IllegalArgumentException: salt cannot be null
I don't know if it means it doesn't have access to LDAP, if the password can't be encoded, if it doesn't find the user...
Any help is really appreciate.
I am trying to expand child entity in entity but getting following error : 400 Bad Request
Query option 'Expand' is not allowed. To allow it, set the 'AllowedQueryOptions' property on QueryableAttribute or QueryValidationSettings.
I set [EnableQuery(AllowedQueryOptions = AllowedQueryOptions.All)]this property but no luck, then also fire same error.
Here is my URI :
localhost/OData/Ticket?$expand=Location
I also trying for get count of record but count also not working for me.Here is my URI for count.
localhost/OData/Ticket?$count=true
But here also I getting 400 Bad request error with following message :
The query parameter '$count' is not supported.
I did lot of google and found some related issues but that not work for me. Here is my Code:
Controller :
public class ODataTicketController : ODataController
{
[ODataRoute]
[EnableQuery(AllowedQueryOptions = AllowedQueryOptions.All)]
public IQueryable<Ticket> Get()
{
return db.Tickets;
}
}
Please help to resolve this.
Thank you.
Finally working all odata query on my controller. Just need IQueryable to IHttpActionResult. Now its working fine. Here is updated controller.
public class ODataTicketController : ODataController
{
[EnableQuery]
public IHttpActionResult<Ticket> Get()
{
var result = db.Tickets;
return Ok(result);
}
}
Hope it will help someone.
Thank you.
I try to set permissions for my new module. Otherwise they seem to work, but the defaults are ignored, nothing is checked for role-permission pairs I've set in the code. My code (Permissions.cs) seems OK:
using System.Collections.Generic;
using Orchard.Environment.Extensions.Models;
using Orchard.Security.Permissions;
using Orchard.Environment.Extensions;
using My.Module.Utils;
namespace My.Module
{
public class Permissions : IPermissionProvider {
public static readonly Permission AccessMyModule = new Permission {
Description = Constants.AccessAddon, Name = "AccessMyModule"
};
public virtual Feature Feature { get; set; }
public IEnumerable<Permission> GetPermissions() {
return new[] {
AccessMyModule
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return new[] {
new PermissionStereotype {
Name = Constants.MyModuleAdministratorRole,
Permissions = new[] { AccessMyModule }
}
};
}
}
}
I double checked that all the constants stored in Constants and the references for them are valid. The code snippet here is simplified, in fact I have more permissions and more roles in my project, but I confirmed commenting out everything but one permission and one role doesn't fix the problem. The defaults for the other modules in the same solution work fine, though there's no bug reported by IntelliSense and everything else in the module seems to work. So where else could be the root of the problem?
EDIT: I followed #mdameer's comment and confirmed that GetDefaultStereotypes() really runs only after reinstall. However, an error occurred while enabling the module after reinstall, so the defaults were not loaded. I know that the supposed way is to check the role - permission name in the dashboard, but I would like to find another workaround, because
I would like to solve the error that occurred and not to risk it happenning on the production server as well, and I can't delete and reinstall this rather complex module several times just to debug this. It was likely caused by the reinstall process, nowhere in the permission initialization, but I can't know without running the code.
there are tens of roles affected, so relying on someone to click the permissions by hand each time means that there will likely be errors due to human factor.
The GetDefaultStereotypes() method is being called from class DefaultRoleUpdater in Orchard.Roles. It is called automatically from somewhere deep in the Orchard core, so simply mimicking the call and running it on startup isn't that easy. I also tried to mimic the whole function and placed it into my permissions class (or into a custom service), but now I got lost on how to run it. It is not static, but it either is part of or refers to my Permissions class, which doesn't allow for ordinary referencing by default (it has no proper constructor) and I don't want to mess it even more by changing the class to something it is not and shouldn't be.
Just set the default permissions you need in a migration instead of using GetDefaultStereotypes(). Here is a short example:
public class MyMigration: Orchard.Data.Migration.DataMigrationImpl
{
// public
public MyMigration(Orchard.Roles.Services.IRoleService aRoleService)
{
mRoleService = aRoleService;
}
public int Create()
{
//mRoleService.CreateRole("MyRoleName");
//mRoleService.UpdateRole("MyRoleName", MyPermissions)
return 1;
}
// private
Orchard.Roles.Services.IRoleService aRoleService mRoleService;
}
I'm using WCF custom Validator with HTTPS (.NET 4.5). Validate on success returns Customer object which I would like to use later. Currently I'm able to do it with Static variables which I like to avoid if possible. I tried to use HttpContext which becomes null in main thread. My understanding Validate runs under different thread. Is there any way I could share session info without involving DB or File share. See related threads here and here.
In Authentication.cs
public class CustomValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
//If User Valid then set Customer object
}
}
In Service.cs
public class Service
{
public string SaveData(string XML)
{
//Need Customer object here. Without it cannot save XML.
//HttpContext null here.
}
}
I can suggest you an alternative approach. Assuming that the WCF service is running in ASP.Net compatibility mode and you are saving the customer object to session storage. Create a class such as AppContext
The code would look something like this
public class AppContext {
public Customer CurrentCustomer {
get {
Customer cachedCustomerDetails = HttpContext.Current.Session[CUSTOMERSESSIONKEY] as Customer;
if (cachedCustomerDetails != null)
{
return cachedCustomerDetails;
}
else
{
lock (lockObject)
{
if (HttpContext.Current.Session[CUSTOMERSESSIONKEY] != null) //Thread double entry safeguard
{
return HttpContext.Current.Session[CUSTOMERSESSIONKEY] as Customer;
}
Customer CustomerDetails = ;//Load customer details based on Logged in user using HttpContext.Current.User.Identity.Name
if (CustomerDetails != null)
{
HttpContext.Current.Session[CUSTOMERSESSIONKEY] = CustomerDetails;
}
return CustomerDetails;
}
}
}
}
The basic idea here is to do lazy loading of data, when both WCF and ASP.Net pipelines have executed and HTTPContext is available.
Hope it helps.
Alright this should have been easier. Since the way UserNamePasswordValidator works, I needed to use custom Authorization to pass UserName/Password to the main thread and get customer info again from the database. This is an additional DB call but acceptable workaround for now. Please download code from Rory Primrose's genius blog entry.
I have a Document class that loads variables from Facebook with the use of stage.loaderInfo
var connect:FacebookConnectObject = new FacebookConnectObject( facebook, API_KEY, this.stage.loaderInfo );
But when I change the Document class (with another one responsible for the layout of my app), and try call the above from a movieclip that exists in my application with the use:
var facebook_class:FacebookAp = new FaceBppkApp
addChild(facebook_class) I get error
TypeError: Error #1009: Cannot access a property or method of a null object reference.
I believe the error comes fro this line
this.stage.loaderInfo
since I changed the scope...
How I am supposed to fix that?
According to a post by Devonair: Seems 99 times out of a 100 when people have a problem with a 1009 error, it's because the stage property is inaccessible.
so I used this snippet
public function start() {
if
{(stage) init();}
else
{ addEventListener(Event.ADDED_TO_STAGE, init);
}
}
private function init(event:Event = null):void {
removeEventListener(Event.ADDED_TO_STAGE, init);
// everything else...
}
In case sb has the same problem...