SqlClientPermission in a sandbox web part - sharepoint

I'm trying a long time to get a working SQL connection in my web part. I read a lot of msdn stuff and tried many things, but I can't get it working... Every time I try to open a SQL connection, my web part throw an exception: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission.
I tried custom.configs which set the .net trust higher, edit the manifest, set the permissions with the PermissionSet-Class and also tried FullTrust, but nothing worked. How do I set the permission correctly?
Btw, the web part is a sandbox solution.
It would be awesome if someone could give me a detailed view, how to set the permissions.

For this kind of operation, You need to develop a full trust proxy(SPProxyOperation) to be used by your Sandbox Solutions.
The sandbox solutions has Code Access Security and Permission restrictions. For details you can visit:
http://extreme-sharepoint.com/2011/10/07/sharepoint-sandbox-reallly-new-feature/

Related

Sign in with Google works with Azure App Service, but not on Localhost

I successfully set up simple authentication with Google using this link: https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-google,
It works on my azure site, but not when I try and use my localhost.
I redirect to "/.auth/login/google" and it says "Cannot GET /.auth/login/google"
What could be causing this error?
Apparently if you are doing the easy authentication system, the one that that link and its counterparts show, you can't use localhost with it. How one is supposed to develop in such an environment is beyond me, and why this wasn't pointed out in the docs is as well.
If you are reading this because you had the same problem, you may need a new auth system. This sort of thing has happened with the other Microsoft authentication crap I've tried. Ultimately just don't mess with their authentication systems I think. Just don't.

Excel WebApi Odata Authentication with Organisational Account

I have created an OData Service using .Net 6 / OData 8 and am trying to authenticate using Organisational Account in Excel. I can test the authentication sucesfully in Postman and also in my web App that uses the authenticated service.
However, if I try and create an OData Feed in Excel and authenticate using [Organisational Account], I get an error "We were unable to connect because this credential type isn't supported for this resource.".
Microsoft seems to indicate that it is not supported to connect to "arbitrary" services per the following link.
https://learn.microsoft.com/en-us/power-query/connectors/odatafeed#authenticating-to-arbitrary-services
However, this is a pretty big limitation and I'm interested to know if anyone has been able to solve this problem yet.
I won't go into the configuration of my web api, suffice it to say that I have tried every possible combination of builder.Services.AddAuthentication()..... that I can find and they all seem to have a similar issue - ie. I can use the WebApi for everything that I need it for - except Excel.
A quick Google search gets many, many hits (and I think that I have read them all - ..... twice), but try as I might I haven't yet found one that has an answer that works.
The following link showed some promise, which indicated it might be possible to change the audiencce, but I could not make it work.
https://www.c-sharpcorner.com/article/azure-odata-feed-web-api-authentication-setup-with-azure-ad/
I did find another promising link that I can't seem to find again that indicated we could add the Office 365 Client Id to the list of Authorised Client Applications under Expose an Api of the app registration in Azure AD B2C. I did that, with not success.
I'm really at my wits end on this and have been trying to get a solution on and off the last couple of weeks. Would really appreciate any help from others who might have tried and succeeded at this.
Confirming that I have now worked out how to do this and have posted the solution to the following SO thread. connecting-excel-to-oauth-api-on-azure
There are a number of steps to the solutions, so won't attempt to summarise them here.

Is my site hacked?

I have my client website www.healthiva.com.. this is developed in .Net C#. In global.asax i have a functionality to send alert email to development team, if any unhandled exceptions are thrown in the whole application. Some times dev team gets email like "The file '/ivr/VAD_Deploy1.aspx' does not exist", "The file '/ivr/mxm_3cx/mxm30.aspx' does not exist".. Our application does not have these files obviously & hence the error. Now my worry is, is someone trying to hack our site by running some scripts ? if yes, please suggest some good security policies.. (the site already uses SSL)..
You are safe
I've just done a couple of tests to see, and it appears that you are getting these errors because other resources in your application are trying to access these directories. Rather than handle these errors and provide a user safe code, it's simply throwing a default server error. Your website is not being hacked - it's just badly written (Sorry, no offence) and lacks sufficient logging techniques.
However, that does not mean that you are still 100% safe. You can either consult with a private security expert or look at automated tools online to test the security of your website. I'd recommend doing some research on the OWASP Top 10 for this, and how to prevent these measures. Most hackers will try to go for one of these methods before trying more robust and niché attacks.
EDIT: Relevant image showing what happens when the server throws an exception

Why can't we assign Localization to ApplicationPoolIdentity

I've been investigating some localization issues with our web application and even though I start to understand the problems and the way to solve them... I still have a couple of questions I failed to find a decent answer to.
It would be great of some people can point me out to appropriate documentation for me to read up and understand more the concept of ApplicationPoolIdentity.
What I understand so far:
There are 2 ways to make your web application Localization-aware based on your requirements.
1) Configure in the web.config file (Globalization) or in the IIS UI for the specific website.
This works great, except it does not pick up Globalization on IIS-level when website is Auto Detect or Invariant Culture? What's the hierarchy it's using?
2) Configure Localization for the user under which the IIS process is running.
You need to copy the Localization settings to the system accounts (as explained here)
You then need to run the apppool under one of these accounts (local, Networkservice, LocalService...)
It does not seem to work when running under ApplicationPoolIdentity
ApplicationPoolIdentity is a virtual user account, assuming that's why it's not picked up by the copy-to action in Localization.
Although, it's not working either when I say Copy-To-New-Accounts.
So what Localization is the ApplicationPoolIdentity using???
It seems the default one based on the Windows Installation, am I right here?
If anyone can correct me and answer my questions, or link to some more documentation around this. Really appreciated.

CASifying Liferay

I think that this is an usual question, but I'm reasking it cause I didn't got a real good question.
So, I have Liferay 6.1 CE running on Tomcat 7, and I want to import the users from an LDAP server and then make an SSO with CAS.
In my Portal, I have other application integrated (here also I have a problem with the integration of Alfresco) who need to be logged in also with the credantials from LDAP, this is why I need an SSO solution, like CAS.
How can I face this issue ? is there anyone who could help me fixing all this ?
Any information can help me, I have to accomplish all this in two weeks...I hope that everything that I'm asking are feasible.
Thanks & Regards
Liferay provide all necessary infrastructure to resolve your requirement. Look for CAS and LDAP at portal.properties https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/portal.properties and configure this in your portal-ext.properties Liferay: How to configure Liferay Portal
You have two tasks here, importing users from LDAP and authenticating users with CAS. You can configure both from the Control Panel (UI) or the portal-ext.properties file. If you configure using both methods and there's a property conflict, the Control Panel settings take precedence.
Importing users from LDAP isn't difficult (I've done it in both 5.2.3 and 6.1), although importing/not importing the password can be confusing. Try tackling this task first and make sure you're able to authenticate against LDAP. I'd recommend using an authentication chain (multiple means of authentication where if one method fails, a second method will be attempted, and so on). It would be useful to configure it this way in the event of an outage with CAS so you don't have a single point of failure. Note: If you use portal-ext.properties, be sure to read this post and add properties mentioned (even if you aren't going to use them):
ldap.user.custom.mappings.1=
ldap.contact.mappings.1=
ldap.contact.custom.mappings.1=
Regarding authentication against CAS, I've been using it for a couple years on Liferay 5.2.3, and in my experience it's worked very reliably.

Resources