Control Website Folder Access Using Web.config And Session Variable ?
Jan 27, 2011
the following web.config file is placed in a specific sub-folder on a website. It will allow the user John.Doe to access the pages inside the folder but will deny anonymous users
Is it possible to replace users in the following web.config file with certain session variable for example getting the day(sunday, monday, etc) from date and storing it in session("DayVar")
then the code should be something like this for the subfolder monday
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then 'If authentication ticket incorrect then `Response.Redirect("~/notallowed_admin.aspx")` End If
And not, I cannot use my web.config for this particular issue.
in my web app users login to website normally and they have tagged in user table in database as online user in Session_End i want to log them outIn Session_End i have no access to HttpContext.Current.Session or Session only they are both null how can i access to session variable at (Session_End) event.
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
I have two projects ,one is webforms and other is Business logic, i am storing username in Session Variable, i have audit module in businss logic which has event handlers to do auditing on object create / remove. i want to store username in audit trail, i want to save username in some global place which is session bounded so that i can get the username in my audit module.i dont want to refer System.web, or httpcontext in my businesslogic project.pls help how i can acheive this. i found this article but cudnt understand much.
"Now one option if you want to have your DLL pull the stuff from Session is to abstract out session. So you could define an interface like IStorage, that your library will know how to use. Then you can have a SessionStorage or MemoryStorage class and use IoC to inject the appropiate class into your library classes. This gives you the freedom to code it how you wanted it to be coded without tying your code to Session. Oh and one other benefit if done properly can be used to not tie your code to session in the web either.
I am have declared a session variable in login page of my application. I want to access that session variable in Application_BeginRequest of global.asax file. But I am not able to do it. Could you please suggest how to access the session variable in my global.asax file
accessed only using IE 6.0 or above. If anyone tries to access the website using any other browser I want to display a big warning message. Is it possible to configure this in web.config insted of checking via javascript. I am assuming something like in authentication we have customErrors attribute were we can set the custome error page in case of failure to authenticate the user.
An associate wants to store an Access database in the App_Data folder of a website that lives on a local server and write new data to it daily from Microsoft Access on a client computer on the local network.Internet users will access the Access data from the website.
Is it possibe to write to an Access database in the App_Data folder of a website that lives on a local server using Microsoft Access? And also connect and read with ASP.Net?The internet connection is "Read Only".
Setting the .Net trust level to Medium on a site will ensure that no code can access files outside the application directory.
I have an ASP.Net site that must run in Full Trust. I have configured my website in IIS to use its own Application Pool Identity [URL].
Currently it is possible for scripts/code in this app to read files outside of the application directory. This occurs because by default, accounts that are a member of the BUILTINusers group are able to read most files on the system, including c: and c:windows. It appears that Applicaion Pool Identity accounts are also members of BUILTINusers.
Is it possible to prevent file access outside the website folder while keeping Full Trust?
Currently in an .aspx file, I am storing a value (filename that was created in that session) in an hidden text box. When the user clicks on the "Print" labeled Hyperlink control, it opens the file that was stored in the hidden text box control. But when the user goes to different screen (in the same session), I loose the filename value that is stored in the hidden text box control. So I would like to store the filename variable in a session variable. So that if the user leaves this .aspx file and comes back to this .aspx file I can load the value into the hidden text box from the session variable.
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
I have a wizard control. When someone clicks a button within the wizard control I automatically advance to the next step (rather than forcing them to click next). However, this seems to cause the session state variable not to be saved. I've done some research and noticed that Response.Redirect does hard redirects that truncate page execution - and that you can add a false parameter to prevent this...what I'm wondering is if the wizard control is doing the same thing and if so, if I can add a parameter to this as well?
I'm creating a session variable in my .vb file and I'm able to display it in my .aspx but I can't seem to use it as a control in my asp:CompareValidator. The only way I can think to reference it on the .aspx page is with <%=Session("MyVariable") %> but such constructs are not allowed in a validator with runat="server". But it seems like the validator must have that attribute and value.
Really what I'm trying to do is validate a user-entered number in a textbox against the one populated in that same textbox from the database. If the user replaces the textbox value with a smaller one I want to show an error message and prevent submit.
Have a project where I need to access a RSS feed. The issue is this RSS feed, you need to be logged in as a user. They have a simple web form (login + password).
1) Post a web form with my login and password
2) Maintaining Session (w/successful login), do an additiional GET to retrieve the RSS feed.
I am doing this in an ASP.Net page so it all happens server side in VB.Net
