.net - Path Access In Web.config Without Using Forms Authentication?
Oct 14, 2010
I am required to control access to a specific file on our server. I suggested, for the time being (rather than affording time for other routes until we can), that we simply use the web.config to lock this file down to everyone by means of a location/system.web/authorization setting.
This soon failed to protect the resource and I quickly became aware why (I think). It is a public site and is not using Forms authentication (currently just defaulting to Windows).
So, for clarity, here are the relevant parts the config file...
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="thefile.extension">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can I secure this resource without turning on Forms authentication? Or can I turn authentication on but never actually require authentication to occur, by allowing all resources but the ones explicitly stated, or by explicitly stating all allowed and denied resources?
View 1 Replies
Similar Messages:
May 28, 2010
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
View 7 Replies
Mar 30, 2011
I need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 Replies
Feb 13, 2010
I had applied the following code as said by you :
byte[] b = YourByteArrayFromDb;
File.WriteAllBytes(MyFilePath, b);
But I am receiving an exception "Access to the path is denied". How do I solve this using ASP.Net with C#? And is there any format to set the path as string?
View 3 Replies
Mar 25, 2010
aspnet_regiis.exe -pdf "connectionStrings" c:web.config And this is the error I got. Error - "The configuration for physical path 'C:Web.Config' cannot be opened. And the permissions of that file is not read only.
View 2 Replies
Jan 11, 2010
how to set authentication level's in web config.
View 3 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Mar 8, 2010
when i set forms authentication to my website to web.config file as
<authentication mode ="Forms">
<forms
loginUrl="login.aspx"></forms><authentication><authorization><deny
users="?"/></authorization>
and login button ,i write the following code
FormsAuthentication.RedirectFromLoginPage("login",
false);
and logout button ,i write the following code
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
it works but when i press browser back button after logout button click
it maintains the page history and the page will redirect to last requested page
View 7 Replies
Mar 7, 2011
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
View 8 Replies
Oct 5, 2010
I trying dotnetzip on localhost everything works fine.but on a real dotnet hosting it raises error :
Access to the path 'C:inetpubvhosts�lahblah.comsubdomains
aporhttpdocsDotNetZip-luqevaxu.tmp' is denied.
using (ZipFile zip = new ZipFile(Server.MapPath("~")+"/a.zip"))
{
zip.AddFile(Server.MapPath("~")+"/deneme.txt");
zip.Save();
}
View 1 Replies
Feb 24, 2011
im using visual studio 2008. in my project im using forms authentication,my project structure is as follows
root
|
login.aspx
home.aspx
web.config
admin (folder)
|
admin.aspx
web.config
root web.config is as follows
[Code]....
and inner web.config is
[Code]....
and my users are
Username Role
admin1 Admin
admin2 Admin
user1 User
user2 User
as you can see that in second web.config, i gave access to users with "Admin" role and "user1" user.
for giving access to "admin" folder, i wrote the following:
[Code]....
and saved the web.config as
[Code]....
this is working fine when i run it from visual studio development server, when i host it in IIS, im getting the following error
[Code]....
here the problem is, it is not able to save the web.config i got one solution, that is, i added
[Code]....
View 1 Replies
Apr 15, 2010
I have a few pages that need to use SSL and I am confused bc I read you should set the forms authentication section in the web.config to use SSL. so if this is the case, the user logs in (login page is using ssl) the forms auth cookie is created and now if i redirect to the non ssl enable home page, does this mean the auth cookie will not be transmitted, so i can't display like a welcome module or know the username of the user who logged in?
View 6 Replies
Jul 8, 2010
I wanted to impose specific timeout interval and request length on some specific pages that uploads documents of size up to 50MB. Hence I did the following config changes after going through some sites.
<location path="Upload.aspx" >
<httpRuntime maxRequestLength="51200"/>
<httpRuntime executionTimeout="36000"/>
</location>
I keep getting error when I run the application. I tried various other ways like giving the complete path like <sitename>/<applicationname>/<v.folder name>/<filename>.I tried this on both IIS 6.0 and IIS 7.0.
View 8 Replies
Mar 5, 2010
I have one requirement that i have to place the log file in the same directory of solution. That is my solution is placed in [drive]workProject1solution file. But i have to create my log file to [drive]workProject1Loglog.log. How it can be set in app.config file.
View 1 Replies
Apr 19, 2010
Server Error in '/ATM HARDEWARE REPORT_web app' Application.Access to the path '\192.168....c' is denied. Description:An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.UnauthorizedAccessException: Access to the path '\10.50.168.7c' is denied.ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.Source Error:
[Code]....
Line 14: fs.Close()
Line 15: ' Ensure that the target does not exist.
Line 16: File.Delete(path2)
Line 17:
Line 18: ' Copy the file.
View 3 Replies
Oct 2, 2010
This is part of my web.config
<location path="Secure">
<system.web>
<authorization>
<allow users="SecureUsers" />
</authorization>
</system.web>
</location>
I want to be able to search for path of Secure and find out the user role that is specified. My input is the path, such as "Secure" and the value I'm trying to retrieve is "SecureUsers".
View 1 Replies
Jan 5, 2011
In my ASP.NET's Web Config file I have the following location elements defined:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2. I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
View 1 Replies
Mar 9, 2011
[Code]....
[Code]....
I want to I get the file path test.config.How do find the the path to that file ?I tried something this but it appears an error:Object reference notes Set to an instance of an object.
View 2 Replies
Mar 10, 2010
i have a website in my local PC that works fine, i deployed on the windows server 2003 and all the pages are working but the checkout page.
View 1 Replies
Apr 26, 2010
I am getting the access denied error while trying to delete file using the file.delete() method even though i have set permitted full control to NETWORK SERVICES user and IUSER_(user_name) and ASP.NET Machine Account users on the folder that contains the file to be deleted.
My page also allows files to be uploaded(to the same folder) and that part works perfectly fine but I get this UnauthorisedAccessException when I try to delete it at app runtime...pls do help me out folks..cant believe this error has taken my whole day..
View 3 Replies
Feb 18, 2011
dynamically switch WCF web service reference URL path through config file. how do you do this?
View 3 Replies
Jun 30, 2010
Is there any way of doing something like this?
<location path="/(view|edit)post.aspx?id=[7-9][0-9]+">
<system.web>
<authorization>
<allow roles="AdminPublishers"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Authorization is just an example. I would like to be able to do other things with those locations.
View 1 Replies
May 23, 2010
I am loading the config file programaticality so that i can edit it but ive hit a hitch in that when i debug it through VS i get the following error:
An error occurred loading a configuration file: Failed to map the path '/'.
My code is:
[Code]....
I use it in other sections of my site and know that it works as intended when it is deployed to my webhost. I am having issues with another section where I use it so I want to step through it to debug, what do I change this "~" to, to correctly reference the config when I am debuging locally.
View 2 Replies
Mar 7, 2011
I am trying access a file from shared path and I face this error.
View 3 Replies
May 23, 2013
i have a folder in soultion explore that in folder there are some xml file but when write data in c# in xml file,error Access to the path 'E:YavariTCMS-v3TCMSTCMSMDFXMLXMLFile1.xml' is denied. every i remove propertice readeonly from xml or folder that contain xml file ,next tim reade onl true
View 1 Replies
