Our security department has identify a vulnerability on our self service portal that allows cross-site request forgery and clickjacking due to allowing iframes openly. They have asked that we put in place a configuration of SAMEORIGIN or DENY using X-Frame-Options in our Web.config file. Is this ok to do or is there another suggested fix?
I also found this old article but our team was able to put the entire site in an iframe. https://www.adaxes.com/questions/889/adselfservice-security
Have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ConfigureWebUI.IframeEmbedding.html. On step 5, select No.
Thank you for that...is there any way to keep it on but add the configuration mentioned above?
Unfortunately, there is no such possibility.
By default, SSL is not configured for the Adaxes Web Interface and network transmissions are not encrypted. However, you can configure SSL on the Adaxes Web ... work in both cases: with Windows-integrated authentication and with forms-based authentication.
can someone explain me how can I use this virual property adm-CustomAttributeTextMultiValue1? Thanks for your help
I added the Password last set field to the Admin view but when I click on edit it allows the admin user to change the value. Adaxes correclty handel Bad Password time and Bad password ... last set, so I guest there is a way but I can not find it. Thanks you
With Active Directory Users and Computers, I can add group members by copying a list of usernames and pasting them into the Add Members dialog box. This is very quick and easy. How can I do this with Adaxes? It seems that I can only add one member at a time.
This can be setup using the HTTP Redirect option in IIS: On the computer where Adaxes Web Interface is installed, launch Internet Information Services (IIS) Manager. In the Connections ... (301). In the Actions pane on the right, click Apply. Restart IIS.