I am using ASP.Net Forms Authentication. My Web.config looks like this.
[code]....
So currently every aspx page requires authentication.
I want to allow access to even unauthenticated users to a specific page named special.aspx. How can I do this?
I have the following implementation and I'm sure there is an easy way to do what I want to do but I can't figure it out.
1. I use forms based authentication to authenticate to my site
2. I use active directory to authenticate the users
3. I use the Allow Users="xxx" tag to authorize the users limited to the list that can access my site. (e.g.. even though Mary is an AD user she can't access my site unless I put her credentials in the allow users tag in the web.config file)
All is working well but I want to move the users access list (e.g.. <allow users="john" />" from the web.config to a database table so that I can create a user maintenance page for my admins to add and delete user access. For the life of me I can't figure out how to do this and I can't seem to find an article on it either.
[code]....
i have one web service how can i give access to that web service to many user(with secure method). Now i am checking url and only doing for one site. So what should i do.
View 1 RepliesI have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 RepliesURL....I use this one as my login, and I addes hyperlink for Forgot Password. But why I can't access the FORGOT PASSWORD.aspx for every time I click it. And when I login it redirects t Forgot Password.How I can access it without logging in?
View 1 RepliesNow, I have a ListView populate products from LinQ DataSource, and a DataPager, when I load the page, it load page 1 of products(I have many pages of products), how can I acess a specific page (page number 2 for example) when I load page.
View 4 RepliesI have created a new asp.net website ( 3 pages of c# ) I need now to apply security on those pages. each page has a couple of buttons to run specific process . How would I apply security in the following senarios
I have 3 people who have access to all three pages, however, each person has the right to click specific buttons on the pages. What is the best way to apply security.
This is what I thought and need someone to confirm it. I have created a table like this
id
controlName
RoleId
1
btnCreateCustomer
101
[Code]....
I am using forms authentication with
<authorization>
<deny users="?" />
</authorization>
However, I want to allow all calls made for specific extension say *.abc.
I tried:
<location path=".abc">
<system.web>
<authorization> [code]....
but wildcards are not allowed.How can I allow *.abc calls to work for all users?Is there any web.config element I can use OR anything I can do in AuthenticateRequest httpmodule?
I've developed a web application and I've added some security features. Now i want to create a page for managing users and user access in my web application.Can anyone suggest some tutorial for managing users and access because i'm new to asp.net.
View 1 RepliesI want to use the login component with forms authentication, but i don't want to use the whole package. I have a database with users in it, and i create the users manually, through another section of my site. I will authenticate them using my own functions, in the Authenticate event.
But, specifying the forms authentication in web.config, i seem to recall having seen somewhere, that i could add pages that were protected, while the rest of the site wasn't.
How do i do this? Currently, i have only 1 page that i want to protect.
I am building a website in which students are able to view their grades for specific courses. They are able to view their grades through the use of grid views and formviews. The students are able to login and through the "Administer website" feature on the login view, if they arent a student then they will not be authorized to view the gridview page in which all the grades are listed.
What I want to do next is to be able to 1. when a student logs in, i want that specific student that logged in to be able to view his/her specific grade and not be able to view any other person's grade, how do i do that? My code is written in C#, but I am using the postback URL feature,
Allow Admin Users to Access Basic Users Accounts?
View 4 RepliesJust to avoid misuse of website i have to make it specific for certain region. Like people could view menu across the world and only the people of mumbai can order online. I want a submit button that would be visible to only mumbai people.
View 1 RepliesMy Company registered in certain services on the Web and are relying on the company's Ip to use these services, Director asked me to allow some staff to enter these sites from outside the company,after authorized staff enter to comany's site, How could they use the company's Ip to allow them to browse services sites ? Do I need to use a method such as proxy sites like youtube proxy? or there is another way?How do I do this in asp.net?
View 10 RepliesMy Company registered in certain services on the Web and are relying on the company's IP to use these services, Director asked me to allow some staff to enter these sites from outside the company, after authorized staff enter to comany's site. How could they use the company's IP to allow them to browse services sites? Do I need to use a method such as proxy sites like youtube proxy? or there is another way?How do I do this in asp.net?
View 2 RepliesOn our production servers, the admins created a WebUser active directory account which is users for anonymous access to IIS and is also used to authenticate database access with our SQL Server instances using Integrated Security=SSPI in the connection string and identity impersonate="true" in the web.config.
I've often come across situations where I would like to or even need to use forms authentication. However, I using forms authentication, Integrated Security seems to use the logged in user's credentials to authenticate against the database. In these cases I have changed the connection string to use the credentials of a SQL Server users instead. I would prefer to not have a hard coded username and password in the connection string or rather worse in code. Is it possible to use forms authentication just for user authentication for users and windows authentication with the IIS user for database access? What would be the best practice in such a situation?
I have an issue with loginUrl parameter on Forms authentication. Forms Authentication always redirect unauthenticated users to ~/Account/Login ignoring the url configured into Web.Config.
This happend if i add reference to WebMatrix.WebData,WebMatrix.Data into main web.config file (system.web/compilation/assemblies). N.B.: Moving this reference to child web.config file (the one contained into View folder) error doesn't occour anymore
I have an ASP.NET web application that is using forms authentication. Everything is configured and working correctly. However, i'm dealing with the issue of creating and maintaining users and role membership.
I know that I can roll my own solution but I'm wondering if there is an alternative solution?
Does iis7 provide screens for managing forms authentication users? Is there a reliable, free solution that someone would recommend?
I am trying to create an Intranet application and I want my users to be able to log in with their windows account. However my organisation has over 150000 employees but I only want the 10-12 people in my department to be able to log in.
How do I do this? Do I need to store the 10-12 users in a database?
How do I migrate users from a existing users table to Forms Authentication?
There seems to be three options:
T-SQL - Iterate through the existing users table and insert into Forms Authentication tables using the stored procedure aspnet_Membership_CreateUser Code - create a utility that will iterate through the existing users table and insert into Forms Authentication tables using Membership.CreateUser() Code - as users login verify credentials against existing users table and insert into Forms Authentication tables using Membership.CreateUser()
Which is the most practical?
I have been currently trying option 1 but I am running into difficulties using the password salt to create the encrypted password from a plain text password
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesI set up forms authentication in my asp.net application, and everything works apparently without problems. However from time to time some of the users trying to log in inform me that suddenly they cannot enter anymore as their user seems to be deactivated. Even if they try the forgot password entry, they get "user not found" response, but if I check the user is still there, and according to asp.net configuration it is even active.The only solution I found until now to reactivate the user is to remove it and create it again, and then it works. But it cannot work like this of course.
View 5 RepliesI have my code output a gridview with all the data with an option to select records. I'm trying to make a code which would allow me to select a record, and then print this record using a specific Report stored in MS Access.
I've located the code to print the Report it self, but it prints ether all the records or a range.
For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?
[code]....
Is there any reasonably efficient way to get a list of users who are not in a specific role?
The only methods I can see are Get all the users from DB and do a check in code
Go directly to the db and sidestep the role provider