I am getting this
error : 403 - Forbidden: Access is denied.
While I trying to login to admin panel of kentico 10 using any users in the database.
I was synchronising the pages using staging module, after synchronising this issue appears.
Looks like none have editor access which is the minimum privilege level.
I tried to alter DB but that tool not worked.
How to solve this issues?
If you have access to the server itself, you may need to do an emergency password reset.
In the web.config, under the AppKeys, place this:
Of course replacing "admin" with the username, "password" with the new password, and the "true" is simply stating this user will have global admin privileges.
The key will auto delete after the site recycles, once you have a global admin user you can set user permissions properly.
https://docs.kentico.com/k10/securing-websites/designing-secure-websites/securing-user-accounts-and-passwords/forgotten-password
If the users on both the system are same then you could modify the users' object from your origin server and make sure they have minimum required access level and then sync these users using staging module.
After that you should be able to access the admin using one of the intended user on the target server.
If the source instance was upgraded from version 9 to version 10 while there were some user object synchronization tasks pending, synchronizing them after upgrade very likely caused corruption on your target instance. This scenario is illegal, all synchronization tasks have to be synced to the target before upgrading or discarded as mentioned in documentation:
https://docs.kentico.com/k10/installation/upgrading-to-kentico-10
I would try to run complete synchronization from the source for all users objects and if this does not fix your target instance you will have to roll it back/install fresh target and make sure you won't sync any old (v9) tasks to the target (v10). Generally staging is supported only between two instances of same major and minor version.
Related
I have read other questions on SO in regards to security and registry keys, nothing has helped me solve my particular use case scenario.
Here's my scenario:
What I'm Trying To Do
I want to, in code, delete a windows event log.
The Problem
When executing the function, I receive a System.ComponentModel.Win32Exception. The exception message is "Access is denied".
How I Am Doing It Currently
I am using an impersonator function that I wrote which wraps around the EventLog.Delete function, it drops me into a user context that has full access to the EventLog Registry Hive. Subsequently the logs I am interested in also have full access for this particular user.
My Question
Why do I receive a "Access Is Denied" if the user I am running under (through impersonation) has full access to the log in question? I've tested my Impersonation function and it works as expected for other code I've written. I don't get why I would get access denied for this.
In another scenario with my impersonation function it works just fine, for example if I tried to write to a file that the user context that is running the program does not have write access to, then I would not be able to write to the text file, however if I use my impersonation to drop into a user context that does have write access then it works just fine (I can write to the file). So I just don't understand why the same concept can't be applied to registry keys.
What am I missing here?
The Code
Exception Message
My Test
Where sw-test is a user I created for testing purposes, it has full access permissions to the registry we are trying to delete.
[TestMethod]
public void DeleteEventLog_ValidatedUser_DeleteLog()
{
using (new Impersonator(Environment.UserDomainName, "sw-test", "pswd"))
{
Logging logging = new Logging();
logging.DeleteEventLog("testLog");
}
}
Okay I eventually got around to figuring this out, there were two issues at play here that were causing the mentioned exception being thrown, they are as follows:
1. Visual Studio was NOT running in administrator mode.
Not running visual studio in administrator mode was one part of the problem, this seems to be associated with access tokens in the windows OS. According to a source I read, if I run a program without UAC on (which is my scenario, I have it off), then the program being run gets a copy of my access token. However if I have UAC enabled, the program gets a copy of my access token but it is a restricted access token. (see: What precisely does 'Run as administrator' do?) - To be honest this doesn't really make sense in my case, why do I have to run as admin if I have UAC off? Shouldn't visual studio have an unrestricted copy of my access token? I am in the administrator group with UAC off...
2. Not Specifying NewCredentials As a Logon32Type In Impersonation
I don't really understand it but as soon as I specified this for my impersonation everything started working perfectly, I read a blog about it, it talks about how it was introduced in the VISTA days and how it was mainly used to specify credentials to outbound network connections to servers, and was mainly used to remedy security-related issues server-side. Don't see how it correlates to interfacing with local event logs though. (see: https://blogs.msdn.microsoft.com/winsdk/2015/08/25/logonuser-logon32_logon_new_credentials-what-is-this-flag-used-for/)
Code
using (new Impersonator(Environment.UserDomainName, "sw-test", "pswd", Advapi32.Logon32Type.NewCredentials))
{
EventLog.CreateEventSource("testSource", "testLog");
EventLog.Delete("testLog");
}
Where the NewCredentials is an int 9
My program was working until yesterday. But my company moved to a new domain and I also had to do that. Now I cannot connect to SQL Server, what should I change in my connection string?
Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Pedram;Data Source=DELL_RACK
The error I get for my inserts is:
Operation is not allowed when the object is closed.
By the way, I think I also upgraded my Visual Studio to Update 3. Could this also be the problem?
The connection string will stay the same. It won't change at all. This relies on the user's security context to authenticate to sql server. Therefore, we'll need to fix it so that the users accessing the database are authorized to use the database.
The change will need to be either in how you choose what user is logged in (ie: if this is an asp.net site doing impersonation, or similar process for setting the current user) orby grant login rights to users in the new domain in Sql Server, or both.
You can use SQL Server authentication Mix mode.
For create a Connection String in mix mode use this
Server=myServerAddress;Database=myDataBase;User Id=myUsername;
Password=myPassword;
and en total you can see this link : [http://www.connectionstrings.com/sql-server/][1]
if you use mix mode authentication , change windows permission can not make error in your program.
EDIT: I reinstalled MySQL and this fixed itself. No idea what the issue was.
I ran the following commands in MySQL from the command line:
1. REVOKE ALL PRIVILEGES ON MyDB.* FROM user#'%';
2. DROP USER user#'%";
3. GRANT INSERT,SELECT,DELETE,UPDATE ON MyDB.* TO user#'%' IDENTIFIED BY 'somepassword';
4. FLUSH PRIVILEGES;
The grants for the user are:
GRANT USAGE ON . to 'user'#'%' IDENTIFIED BY PASSWORD
GRANT SELECT,INSERT,UPDATE,DELETE ON 'MyDB'.* TO 'user'#'%'
But then I get the following error message when I try to do an update.
UPDATE command denied to user 'user'#'somehost' for table 'sometable'
Relevant info:
SELECT,INSERT, and DELETE all work properly.
I am using C# with Connector/NET
'somehost' is on the same network as the server (different computer).
'sometable' is in MyDB.
If I log in to the server with 'user' on the host machine, update queries work just fine.
EDIT:
If I grant UPDATE,SELECT,INSERT,DELETE to user#'somehost.net', UPDATE queries work without a problem.
Any ideas?
After taking away all the grants, first you should give the usage privilege to the user.
GRANT USAGE on MyDB.* to 'user'#'localhost'
Usage privilege tells the server that this user is allowed to use MySQL
Reinstalling fixed the issue. Not sure what the problem was.
I am trying to use eventlogs in my application using C#, so I added the following code
if (!EventLog.SourceExists("SomeName"))
EventLog.CreateEventSource("SomeName", "Application");
The EventLog.SourceExists causes SecurityException that says
"The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security."
I am running as administrator in Windows 7.
Any help would be appriciated.
This is a permissions problem - you should give the running user permission to read the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog
Alternaitvely you can bypas the CreateEventSource removing the need to access this registry key.
Both solutions are explained in more detail in the following thread - How do I create an Event Log source under Vista?.
Yes, it's a permissions issue, but it's actually worse than indicated by the currently accepted answer. There are actually 2 parts.
Part 1
In order to use SourceExists(), the account that your code is running under must have "Read" permission for the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog key and it must also have "Read" permissions on each of the descendant-keys. The problem is that some of the children of that key don't inherit permissions, and only allow a subset of accounts to read them. E.g. some that I know about:
Security
State
Virtual Server
So you have to also manually change those when they exist.
FYI, for those keys (e.g. "State") where even the Administrator account doesn't have "Full Access" permission, you'll have to use PsExec/PsExec64 to "fix" things. As indicated in this StackOverflow answer, download PsTools. Run this from an elevated command prompt: PsExec64 -i -s regedit.exe and you'll them be able to add the permissions you need to that key.
Part 2
In order to successfully use CreateEventSource(), the account that your code is running under must have "Full Control" permissions on HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog as well as have "Full Control" permissions on the log you're adding the new source to.
But wait, there's more...
It is also important to know that both CreateEventSource() and WriteEntry() call SourceExists() "under the hood". So ultimately, if you want to use the EventLog class in .Net, you have to change permissions in the registry. The account needs "Full Control" on the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog key and "Read" for all children.
Commentary: And I believe all of this mess is because when Microsoft originally designed the EventLog, they decided it was critical that people would be able to log something by "Source" without needing to know what log that "Source" went with.
Short tip:
One event source is registered during Service instalation (if application is Windows Service), and can be used without Security Exception with low-profile process owner (not Administrator)
I perform service installation / run with C# code in typical way from SO/ MSDN
Important is property ServiceName in class System.ServiceProcess.ServiceBase .
Good afternoon,
The simplest is that you run vs2019 as an administrator, so when debugging or excute the service, it will run correctly without generating the exception.
As the title states, is it possible to set SQLNET.AUTHENTICATION_SERVICES programmatically with the Oracle.DataAccess DLL?
#Adam - this needs to be set to NONE to prevent the classic invalid authorization / authentication method oracle provides to applications when they attempt (normally) the second connection to the machine. Changing this value to none prevents this issue from occurring.
#user - this will be difficult depending on the location of the file as your application may need to be run as an administrator to run with the correct privileges to save the changes.