How can I deny access to particular directory in IIS. In Apache I could just add .htaccess file:
Order allow,deny Deny from all
to Logs or cache directory and nobody will allowed to see any content in that directory.
However when I add Web.config:
[Code]....
it works only for files handled by asp and doesn't work for i.e. log.txt.
I don't have access to IIS server, I can only add and change files.
I have a directory in my website called /MyFiction. It is an installed version of Wordpress for a particular blog and I would like to keep it to where you can only get to it if you're authenticated. I'm an old hat to ASP.NET but with MVC I'm still a newbie....
View 3 Replieshow I can prevent someone from viewing directory list (files) from url?
For example: [URL]... I don't want anyone to see directory list of files under the folder directory by just entering above. I have several project folders for my web app and in each folder, I have a web.config file <authorization><deny users="?" /></authorization> as well as <location> tags. They are working fine from preventing unauthorize access to the .aspx pages and redirecting to login page. But still want to prevent viewing the directory folder.
I have a problem with ASP.NET web configuration file. I want to deny some users or roles to accessing a specific PDF file. I am using ASP.NET membership and role management system. So I added this lines of codes to a Web.config file:
<location path="myfile.pdf">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
and put it to the directory witch the file is included in it. Now when I run the project in local system I can not access the PDF file wile I login with "admin" role. But when I publish the project on the web server I can not brows the folder but I can view the PDF file when I browse complete path to the PDF file. So:
I can not access : [URL]
but I can view : [URL]
I have a web application that has a configuration folder that houses multiple XML files that are configuration settings for multiple "portals" as you will. I need IIS to have access to them so the "portal" loads (sql connection strings, master page paths) but I want to deny any outside access (url browsing). Here's an example below:
[URL]
I need to restrict access to this file if you're browsing to it but still allow the system access to it so it can parse the "portal" that it's loading.
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
[Code]....
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have set up a SQL Role and denied SELECT, INSERT, UPDATE, DELETE access to a number of tables.I noticed that a user in this role can create a stored procedure containing a SELECT, INSERT, UPDATE or DELETE statement on the table that I have denied access to.How could I stop the user in the role from being able to create/alter/execute stored procedure which use the tables than I have denied access to?Also, the user in the role needs to be able to execute stored procedure on the tables which they are not denied access to.
View 7 RepliesI have a folder called <mysite>/Pages. This folder is PUBLICIn this folder I have a aspx page called : MySecure.aspx I have on the default.aspx page a hyperlink to the "~/Pages/MySecure.aspx page".I want to limit access to the MySecure page to only those in a Admin role (so no members no guests or www users can see it. I dont want to move MySecure.aspx into a secure folder.This is what I did in the wedconfig
<location path="Pages/MySecure.aspx">
<system.web>
<authorization>
[code]...
I have an internal corporate ASP.NET MVC website.
Requirement(1): When any person is on the network, they can access this site EXCEPT one AD Group (Example: AD_Sales group).
Requirement(2): Also like for example if a person that has the access passes a url (Ex: http://mysite/Home/Index/Product/Letter) to a sales group person, he still should NOT access and need to display a custom message saying "You are not authorised to view this page".
If the scenario is like to issue the access to one AD Group and deny access for all others, it is fairly is. It can done from IIS. I am Wondering how to do this.
i have a web application which can be accessed via intenet the application is running on iis and configured using a router..i m looking for a good solution where i can give access to only authorized computers rest of the computers cannot access the applcation for eg:- if i have a users in office1 in sales dept. and he access the application from his office, so i want to deny the same user or any other user, that he cannot access the same application from home or antwhere else.
View 8 RepliesI have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
I have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
[Code]....
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
My web application need to list the network share information. The return code is '5' after I call NetShareEnum[Netapi32.dll] in windows integrated authentication.
I found that currently I am using Kerberos protocol to authenticate the access users and the token is grenerated with [TokenImpersonationLevel.Impersonation].
Who know how to resolve this problem? Is there any way to get a token with [TokenImpersonationLevel.Delegation] in Kerberos? BTW, I am sure about that the access user has the Access privilege to list the network share in target server.
I have a shared folder with directories on a remote server that I am trying to access with the method System.IO.Directory.GetDirectories(). This folder is based off of the credentials gotten from windows authentication. My problem is that everything works fun when I debug the Web Application in the built in IIS in VS, but when I set it up in IIS V5.1, it tells me that I have an invalid username and password. I am using Visual Studio 2005 on a Microsoft XP SP2 machine.
View 5 RepliesHow to get a primary token to solve a double - hop and be able to access Active Directory [URL]
I don't understand a method A where is ASPX page to set the security mechanism to Anonymous only.
I am trying to access a remote network share from a C# program in asp.net. What I need is something like
function download(dirname)
{
directory = (This is the part I don't know how to do)
[code]...
im a little bit angry, because i realy don't know how i can access a virtual directory a created in the IIS.
For example i created virtual directory called "Images" in the IIS under my default website. The "Images" folder is connected with my physical harddrive "D:Bilder".
Now how do i access this folder from code behind? I really tried everything but i can't load a image from this virtual directory :
I have an ASP.NET page that creates directories, and in another page I upload some files in these folders, but when I upload a file in a directory, the below error appears:
Access to the path 'my path' is denied.
I am developing an asp.net web application. I have to access one of the image in images folder in root directory. I am using following code in my code behind file.
string imageDirectory = HttpContext.Current.Server.MapPath("~/images/");
string imageUrl = imageDirectory + "/img1.bmp";
This works fine in my local machine. My question is does this code work when I move my application to production ?
.NET 4.0
I wonder if it's possible to use .NET to get access to users in Active Directory:
- Methods that returns a collection of users belonging to a specific AD group
- Get access to AD propterties beloning to the user account, want to check if the user account is disabled or not
I am trying to deploy an asp.net MVC and a WCF service in a single website. The root site is the MVC application and i am going to run the WCF as a virtual directory of the site. However the service cant be accessed since the routing of the MVC would not relay the request to the service. It would say "Page not Found".
http://PC:9000 <- root of mvc application
I have a virtual directory for the wcf named "wcf",
http://pc:9000/wcf/service.svc <- should have accessed the service but routes of the mvc intervened and will display page not found.
how to make this work? How would i ignore the routing if the call is for the service?
How we can use DirectorySecurity class for getting write access to a directory?
View 1 RepliesI wonder if there is anyway to deny users from beeing able to view or acces speciall folders in the application...for instance.. lets say that we have an application with teh folder "dir",then by default the user whould be able to type [URL] and actually access this folder and see all its content..or if we have an image file for example in the "dir" folder called "img.jpg" then the user whould be able to type [URL] and the image file whould be shown...but what if I dont want the user to be able to see this file,or any of the dir-folders subfolders and files?..how whould I do that?
View 6 RepliesI need to check if an authenticated user is authorized to access a directory. I have done this before with a base class library method, I just cannot remember what class it's part of or what it's name was. I think the method was a static method and the class may have had the word Utility in it's name, but I just can't remember or find it on the net. BUT I KNOW I HAVE USED IT! The method definition was something like:
bool SomeTypeWithTheWordUtilityInTheNamePossibly.VerifyUserIsAuthorized(Principal user, string virtualPath)
I'm not using a roles provider in this application and I'm not planning to.