I have a site, developed by an outside company, which requires logon for all pages.
We'd like to add a single page to the site that DOESN'T require the user to be logged in...so they can click the link on the logon page to view "T&C's" type info.
Is this possible?
(ASP.Net 4.0 on IIS)
I have a web application that requires two separate authentication and authorization.
In the root webconfig i configure the security for authenticating and authorizing public users
I also need authentication and authorization for the back end. That is the administrator who will manage the web application.
For this i have a subdirectory "admin" that will contain all the functionality for the back end. In the "admin" subdirectory i have a second web.config and i tried to add all the security for the administrator but it does not let me
Is it possible to have to separate authorization and authentication for a single web application. All the details will be save in microsoft's sql tables generate (for example aspnet... tables)
I have a page with features supplied from both a master page and a child master page.In the content placeholder for the head in both master pages I have supplied the link to the stylesheet for the site.In Design View in VS 2008 the CSS code seems to be functioning correctly.When viewing in a browser the CSS does not appear to be applied at all.
Here is the CSS code for the div elements within the main content placeholder:
[Code]....
I am having a change password page in that when the user change his password and click on submit i will show a message and will redirect to main form. But the text which i like to display is not displaying. What i need is i would like to have the page in the same form for few amount of time and then redirect to the desired one.
<script type="text/javascript">function LoadPage()
{
var v =setTimeout("MovePage()",5000); //will call the MovePage() function after 5 seconds
}
function MovePage()
{
location.href='/FedData/newRoutingNumbervalidator.aspx';
}
</script>
Is it possible in VB.NET to change defaults settings on a page? For example I have..
Label1.Text = "Hello World!"
This is my code on the page load, now I want to give the user the ability to change that to whatever they want after clicking a button. So someone types "Hello!" and presses the button, how can I make it save the file with "Hello!" instead of "Hello World!" so that everyone else who comes after that user will see "Hello!" and not "Hello World!"? Basically I need to know if it is possible to edit the page using that same page.
I am currently working on a project where I want to implement a bit of logic for each .aspx viewed.My idea was to use an httphandler that will target *.aspx, and in the handler, I would do my bit of logic, such as printing out: This is the xth page you have visited in this session.I am curious if there are any problems with my idea or is there a more proper solution I am not aware of.Though I have tried implementing my solution, I run into an infinite loop. After I complete my logic with the handler, I redirect to the same page, but that of course calls the same handler. Is there a way to bypass the handler on the redirect or a specific way to execute the same page without accessing the handler.
I am using some Html.ActionLinks to change the value of a Session variable. Right now I am RedirectToAction("Index","Home"). This puts the user back at the home page every time they change that value. I would like to return the user to the view they were one when they clicked that link instead of redirecting them back to the home page. How can I do that?
View 5 RepliesHow Many User Visit A post And Visit A Thread How Can we get?
View 1 RepliesI am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
I am using the authorization section in web.config:
<authorization>
<allow roles="Administrator,Attorney,Director of Operations,Office Manager,Paralegal,Partner,Processor,Salary Admin,Unit Manager"/>
<deny users="*"/>
</authorization>
With this code in place, my master page CSS, as well as my images go away, and when I remove this from the web.config it displays properly.
which is the best method to create own customized login page?
i m not interested to use inbuilt controls, thts why m want to make own sign up pages and login page
A few years ago I worked with a team that developed what we thought, at the time, was a unique security model for a company ecommerce site. We wrapped every object (that we cared about) with a authorization / role check. So internal and external would use the same site but what fields, buttons, links etc. that they saw varied with their authorization / role assignments. I know .NET now has some RAD (Rapid App Dev) tools for security / authentication / authorization. Everything I have been reading is based upon securing pages / folders / areas of a site but nothing about the level of granularity we took it to so:
1. Was this not such as good way to go back when we did it?
2. I thought Microsoft had an entire security "plug-in" (Not Windows Authentication). Database, roles, etc.
(Don't get me wrong they have made life a ton easier with what they have given us)
3. What is the current method / practice in use for reasonably high security ecommerce environments. Cookieless Forms Auth? Something new altogether?
So, I have web apps with web.configs like so:
<authorization>
<deny users="?"/>
</authorization>
<location path="SomeUnsecuredPage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
In other words, most pages require authentication and authorization, but some don't.
Then I have an IHttpModule that will be used by all the different applications. All I want to do is check if the current request is "secured" at all. If the page doesn't require authorization I don't want my IHttpModule to do anything at all. I am using FormsAuthentication and I assume that FormsAuthentication already has all of this information cached somewhere, doesn't it? Also, since this check will be running constantly so it has to be very quick.
I am currently subscribing to the HttpApplication.AuthorizeRequest, but surprisingly this event fires even for resources that allow anonymous access.
I am newbie to web technology, and my experience is purely C#. I got an HTML design from a web designer, and I am building over it and learning as I go.I have some web pages for authorized access and others for anonymous users Also, I learned that denying access for anonymous users is done through adding the authorization tag using the following change in the webconfig
[code]...
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 RepliesI don't have any sub catalogs for the .aspx files and this is my web.config file:
[Code]....
It's as if the Login.aspx won't grab the Site.Master if I add this authorization.
I get directed to the Login.aspx if I try to enter any other page, but without seeing the master page.
Is this enough info to solve this or do you need to know how the other pages looks like?
Currently, when the authorization fails, it redirects to the login page by default. However if the user is logged in, it makes no sense to be redirected to the login page. I would like it to be redirected to an eror page instead.
View 5 Repliesi am developing the web application in Asp.net i hav many .aspx pages in the project some of belongs to Admin and some some of to Customer so how can i divide that and how to access admin pages to admin login and customer pages to customer login.
View 1 RepliesI need the gallery to be viewed as a thumbnail and each pic should be opened in the separate page when clicked .
View 4 RepliesI looking for the easiest way to export the currently viewed asp.net web page to a PDF document using iTextSharp - it can be either a screenshot of it or passing in the url to generate the document.
View 2 RepliesI am working on a component in C# to record how many unique viewers have viewed my website / page, making certain the same user revisiting, is not recorded twice. What is an efficient method to write such a component? Do you track cookies or session objects?
Would I record their ip address (which is not static) or computer name?
This information would be stored in a database (as far as I know)
The text on my website is skewed and different areas are running together when viewing my site on a Mac using either Firefox or Safari. Is there anything I can do about this?
View 1 RepliesI have a home page for logged in users which lists titles to various posts that have been submitted. The question I have, is how do I make the title for each post bold if the user has not viewed it?
I have come up with the idea of creating a new db table and storing the userid and postid when the user clicks the link, but haven't come up with a way to translate that into bold/unbold links on the homepage.
I have gridview in my page that bind from database and show product information and when users click on productimage from gridview it will go to Show.aspx page...
I want know that how many users visit each product...
I mean I want see that How many users click on ProductImage from girdview and go to Show.aspx page(separatly for each product)...
How I can do it?