Control Website Folder Access Using Web.config And Session Variable ?
Jan 27, 2011
the following web.config file is placed in a specific sub-folder on a website. It will allow the user John.Doe to access the pages inside the folder but will deny anonymous users
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web> [code]...
Is it possible to replace users in the following web.config file with certain session variable for example getting the day(sunday, monday, etc) from date and storing it in session("DayVar")
then the code should be something like this for the subfolder monday
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web> [code]...
is this doable ?
View 1 Replies
Similar Messages:
Mar 19, 2011
I have got a requirement to pass password and UseriD to web.config placed in a session variable . How can I do this?
in VB file it is written in this way. So, I have to pass it in Web.congif the Session variable.
dataSource.ConnectionString = "Provider=MSDAORA.1;Password=ssa_nic_" & Session("dist_code") & ";User ID=dise" & Session("dist_code") & ";Data Source=dise;Persist Security Info=True"
View 8 Replies
Jun 16, 2010
Can you use a session variable in a web config connection string? So instead of:
Code:
<add name="ConnectionString2" connectionString="Data Source=ora;Persist Security Info=True;User ID=SA;Password=PASS;Unicode=True"
something like this:
Code:
<add name="ConnectionString2" connectionString="Data Source=" & Session(DB) & ";Persist Security Info=True;User ID=SPAR;Password=;Unicode=True"
View 6 Replies
Jan 28, 2011
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
[Code]....
View 1 Replies
Jun 14, 2010
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then
'If authentication ticket incorrect then
`Response.Redirect("~/notallowed_admin.aspx")`
End If
And not, I cannot use my web.config for this particular issue.
View 2 Replies
Aug 19, 2013
I am upload the Pdf Files And Save in Folder But any one easily open this folder
http://localhost:8748/Lib/Admin/Files/ like that
And see all the uploaded pdf and click any pdf open this pdf
like that
http://localhost:8748/Lib/Admin/Files/Asp.net_Interview_Questions_and_answers.pdf
So this URL cannot be open what I can restrict this URL .....
View 1 Replies
Mar 18, 2011
I've my ASP.Net HTML 5 Application, Which have the image byte array in Session, I'm using the Latest 5.X C# facebook SDK from CodePlex.
But when user is authorized and Coming back to my canvas page at that time I can't access my ASP.Net Session, its give me a null value.
Here is my Code.
[code].....
Now pls give me some suggestion, Where I'm missing, How can I access my Application Session.
View 1 Replies
Oct 14, 2010
in my web app users login to website normally and they have tagged in user table in database as online user in Session_End i want to log them outIn Session_End i have no access to HttpContext.Current.Session or Session only they are both null how can i access to session variable at (Session_End) event.
View 1 Replies
May 28, 2010
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
View 7 Replies
Jul 18, 2010
I have two projects ,one is webforms and other is Business logic, i am storing username in Session Variable, i have audit module in businss logic which has event handlers to do auditing on object create / remove. i want to store username in audit trail, i want to save username in some global place which is session bounded so that i can get the username in my audit module.i dont want to refer System.web, or httpcontext in my businesslogic project.pls help how i can acheive this. i found this article but cudnt understand much.
"Now one option if you want to have your DLL pull the stuff from Session is to abstract out session. So you could define an interface like IStorage, that your library will know how to use. Then you can have a SessionStorage or MemoryStorage class and use IoC to inject the appropiate class into your library classes. This gives you the freedom to code it how you wanted it to be coded without tying your code to Session. Oh and one other benefit if done properly can be used to not tie your code to session in the web either.
View 7 Replies
Jun 24, 2010
how can I access a simple session state variable from any page?i would think to use: session("variableName")but that just doesnt work....
View 3 Replies
Oct 21, 2010
I am creating some sessions on successful login and I need to access them from my master page. How do I go about this?
public void showUser()
{
if (!string.IsNullOrEmpty(Session["User"].ToString()))
{
Response.Write(Session["User"].ToString());
}
else
{
Response.Write("Not Logged In");
}
}
View 1 Replies
Mar 27, 2010
How to access session variable in the class?
View 5 Replies
Mar 10, 2011
I am have declared a session variable in login page of my application. I want to access that session variable in Application_BeginRequest of global.asax file. But I am not able to do it. Could you please suggest how to access the session variable in my global.asax file
void Application_BeginRequest(Object sender, EventArgs args)
{
string language = HttpContext.Current.Application["language"].ToString();
}
View 2 Replies
Jan 25, 2011
accessed only using IE 6.0 or above. If anyone tries to access the website using any other browser I want to display a big warning message. Is it possible to configure this in web.config insted of checking via javascript. I am assuming something like in authentication we have customErrors attribute were we can set the custome error page in case of failure to authenticate the user.
View 2 Replies
Apr 20, 2010
An associate wants to store an Access database in the App_Data folder of a website that lives on a local server and write new data to it daily from Microsoft Access on a client computer on the local network.Internet users will access the Access data from the website.
Is it possibe to write to an Access database in the App_Data folder of a website that lives on a local server using Microsoft Access? And also connect and read with ASP.Net?The internet connection is "Read Only".
View 4 Replies
May 27, 2010
In Visual Studio I added a text file Example.txt to the root folder of my web site (where Default.aspx exists).
Later in C# code I reference this file :
string text = File.ReadAllText("~/Example.txt"); // also tried without the ~/
During runtime, both debug and non-debug, I get an error at this line of code:
C:Program Files (x86)Common FilesMicrosoft SharedDevServer10.0Example.txt'.
So, how should I reference this file?
View 2 Replies
Jan 4, 2011
Setting the .Net trust level to Medium on a site will ensure that no code can access files outside the application directory.
I have an ASP.Net site that must run in Full Trust. I have configured my website in IIS to use its own Application Pool Identity [URL].
Currently it is possible for scripts/code in this app to read files outside of the application directory. This occurs because by default, accounts that are a member of the BUILTINusers group are able to read most files on the system, including c: and c:windows. It appears that Applicaion Pool Identity accounts are also members of BUILTINusers.
Is it possible to prevent file access outside the website folder while keeping Full Trust?
View 1 Replies
Nov 22, 2010
Currently in an .aspx file, I am storing a value (filename that was created in that session) in an hidden text box. When the user clicks on the "Print" labeled Hyperlink control, it opens the file that was stored in the hidden text box control. But when the user goes to different screen (in the same session), I loose the filename value that is stored in the hidden text box control. So I would like to store the filename variable in a session variable. So that if the user leaves this .aspx file and comes back to this .aspx file I can load the value into the hidden text box from the session variable.
View 11 Replies
Mar 15, 2011
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
[Code]...
i tired this but its giving error
[Code]....
View 1 Replies
Mar 22, 2010
I have an ASP control custom built and I need to pass a value taken from a session variable to it like so:
<custom:control id='mycontrol' value="+Session['myControlValue']+">
...
</custom:control>
the above code obviously doesn't work, I need a way to insert the Session value in the control in this way somehow,
View 1 Replies
Apr 15, 2010
I have a wizard control. When someone clicks a button within the wizard control I automatically advance to the next step (rather than forcing them to click next). However, this seems to cause the session state variable not to be saved. I've done some research and noticed that Response.Redirect does hard redirects that truncate page execution - and that you can add a false parameter to prevent this...what I'm wondering is if the wizard control is doing the same thing and if so, if I can add a parameter to this as well?
View 1 Replies
Apr 13, 2010
I'm creating a session variable in my .vb file and I'm able to display it in my .aspx but I can't seem to use it as a control in my asp:CompareValidator. The only way I can think to reference it on the .aspx page is with <%=Session("MyVariable") %> but
such constructs are not allowed in a validator with runat="server". But it seems like the validator must have that attribute and value.
Really what I'm trying to do is validate a user-entered number in a textbox against the one populated in that same textbox from the database. If the user replaces the textbox value with a smaller one I want to show an error message and prevent submit.
View 3 Replies
Dec 14, 2010
Have a project where I need to access a RSS feed. The issue is this RSS feed, you need to be logged in as a user. They have a simple web form (login + password).
1) Post a web form with my login and password
2) Maintaining Session (w/successful login), do an additiional GET to retrieve the RSS feed.
I am doing this in an ASP.Net page so it all happens server side in VB.Net
View 1 Replies
Jul 28, 2010
when we accept user details in a login page and i want to use login details throughout the website.....can we do like this
session["uname"]=username;
string s=session["uname"].tostring(); this is in first page
string str=session["uname"].tostring(); this is my second web page
it is giving error
we can't access in other pages
View 5 Replies
