Determine If Current Page Requires Authorization?
Aug 2, 2010
So, I have web apps with web.configs like so:
<authorization>
<deny users="?"/>
</authorization>
<location path="SomeUnsecuredPage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
In other words, most pages require authentication and authorization, but some don't.
Then I have an IHttpModule that will be used by all the different applications. All I want to do is check if the current request is "secured" at all. If the page doesn't require authorization I don't want my IHttpModule to do anything at all. I am using FormsAuthentication and I assume that FormsAuthentication already has all of this information cached somewhere, doesn't it? Also, since this check will be running constantly so it has to be very quick.
I am currently subscribing to the HttpApplication.AuthorizeRequest, but surprisingly this event fires even for resources that allow anonymous access.
View 4 Replies
Similar Messages:
Aug 2, 2010
I have a MasterPage, several content pages - each of the content pages have a UserControl.
In the MasterPage, I'm setting the Page.Title programmatically based on Page_Init "Request.UserAgent.Contains....", so that the content pages end up with different page titles based on this.
Each content page has its Title set to blank (Title=" "), but when the page renders, the pragmatically generated page title shows up in the browser tab.
In the UserControl code behind, I need to access the content page's (parent page) Page.Title value, and base on this, display some text:
If(Page.Title == "something")
{
Lable.Text = "something";
}
else if (Page.Title == "somethingElse")
{
lable.Text = "somethingElse";
}
However, my label remains blank when using this code. What is the way I need to determine the current Page.Title to what the MasterPage has set it as?
View 2 Replies
May 7, 2015
I would like to ask why I encounter this error when multiple user accessing in my online page.
Here is the error message.
Execute Reader requires an open and available Connection's current state is connecting.
View 1 Replies
Jul 13, 2010
I'm stuck with a problem of which I can not imagine I am the first person having to deal with it. Yet, Google comes up with nothing useful and neither does SO, so here I am. I'm using ASP.NET MVC1 with a sitemap. Using an html helper I create a navigation menu that highlights the current selected option in the Site.Master page. Common scenario and easily done by using:
foreach ( SiteMapNode subnode in node.ChildNodes) {
if (SiteMap.CurrentNode == subnode) { //got ourselves the current here }
}
That's all fine and dandy, however, my problem is that I have 1 controller with multiple actions. Consider the following scenario:
Accounts
* clients
* suppliers
* maintainance
They would all be in my AccountController, doing a search that is identical but with a different AccountTypeId value. When I read the SiteMap.CurrentNode value it gives me merely the info that I am using the AccountController, but not which action I called. I've tried a whole bunch of things but I can not get the action that was requested. I hope I gave enough info there to give you an idea of the scenario. If you need anything else, let me know.
View 2 Replies
Sep 13, 2010
I'm using Visual Studio 2008, and my database is SQL Server 2000.
I want to add a connection to the Server Explorer in VS. The Data source is Microsoft SQL Server (SqlClient). After entering in all my information and I click Test Connection, it is successful.
But when I click OK, I get the error:
Unable to add data connection. ExecuteScalar requires an open and available connection. The connection's current state is closed.
View 3 Replies
Jan 17, 2013
in my asp.net_vb code web. there are 9 textboxes whcih is used for entering numerical/dates
first is lve.text in whicj numder is entered
second one is lvefrom.text
thirdone is lveto.text
when user fills (lve.text) 5 and enter 15 Jan 2013 in lvefrom.text then lveto.text should show 19 Jan 2013. i had posted this earlier and got reply which is mentioned below. this code below gives me 20 Jan 2013 instead of 19 Jan 2013.
tw text boxes lve.text (number filled) and lve from.text (date filled). when user enter a numder in lve.text and select a date fro date picker in lvefrom.text then lveto.text should show date selected in lvefrom.text + number of days in lveto.text (eg if number of days is 5 and date selected in lvefrom.text is 15 Jan 2013 then lveto.text should display 19 jan 2013. because the starting day is also counted in my case.
Protected Sub lvefrom_TextChanged1(ByVal sender As Object, ByVal e As System.EventArgs) Handles lvefrom.TextChanged
Dim ObjLocDate As New Date
Dim IntLocDays As Integer
IntLocDays = Convert.ToInt32(lve.Text)
ObjLocDate = lvefrom.Text
ObjLocDate = ObjLocDate.AddDays(IntLocDays)
lveto.Text = ObjLocDate.Date.ToString("dd-MMM-yyyy")
End Sub
fourt tex box is pfx.text, fifth is pfx1.text, sixth is pfx2.text
when use filles pfx.text 3 then pfx1.text should display 12 Jan 2013 and pfx2.text should display 14 Jan 2013. these are the prefix for leave( as 12 to 14 Jan 2013 is prefix.seveth is sfx.text, eighth is sfx1.text and nineth is sfx2.text
when user fills sfx.text 3 then sfx1.text should display 20 Jan 2013 and sfx2.text should display.
View 1 Replies
Apr 5, 2010
If I take the script manager and the head out of the child I get the corresponding error messages (e.g. head tag required, script manager required).
View 2 Replies
Mar 29, 2011
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
View 1 Replies
Jun 28, 2010
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
View 1 Replies
Aug 18, 2010
I am looking for a way to figure out the current URL that the page is currently on (NOT what the asp.net page currently is, but where the CODE is at). ie. My web app is located at: [URL] my code is: String page = [URL]
String response = GetResponse(page); //basically the above code goes to the website [URL] and parses the HTML within it and brings it back and populates the variable string "response". But, sometimes the [URL] throws me a curve ball and redirects me to: [URL] I want to be able to use a try/catch to be able to "catch" the error of a different page: ie validateUser.aspx. So, I need to do to this: try
{
String page = [URL];
String response = GetResponse(page);
}
catch
{
//code to check the behind URL to see if [URL] is the URL OR IF [URL] is the current URL
}
understand I know how to find the URL of the current page the web app is on. I need to find the current page that threw the exception during the execution of the code behind.
View 1 Replies
Mar 2, 2011
I have created a simple ASP.Net page to create self printable tickets so non-technical people can change the text and layout of a ticket. Obviously the user has to be logged in to be able to print their tickets.
When providing the URL for wkhtmltopdf to convert, the tickets are not created because wkhtmltopdf does not have a session to prove the user is logged in.
Is it possible to pass the session to wkhtmltopdf in the URL, or is their a better solution?
View 1 Replies
Jan 11, 2011
I'm trying to use a java servlet in a 3rd party tool's web interface (CA service desk) to invoke it's download file functionality using a webclient in vb.net. The trouble is the text stream from response is markup and not the acutual text file stream.
It's like the page is redirecting to another page which actually presents the file for downloading. I have no idea what the redirected page URL is.
Is there a way I can process this redirected page in order to get at the download using a system.net.webclient?
View 1 Replies
Dec 9, 2010
Is there a way to test sending an XML file as a request to my ASP.Net web page within Visual Studio 2008? k, no one has answered this in a helpful way. I have a situation where I have an ASPX page that I send an XML file too and receive an XML response from. In order to debug this, I need to step into the page while providing an XML request. I This is what I need to figure out how to do?
View 2 Replies
Oct 17, 2010
I am building in error-logging into my site, and want to be able to get hold of the current page name that the error occurred in, as well as the specific subroutine or function, to then pass to a VB.NET function. Is there anyway to get hold of this information without hard-coding the names manually? For example,
Dim strCurrentPageName = ???
Dim strCurrentRoutine = ???
View 6 Replies
Jun 11, 2010
How do I eliminate the error Using Menu.IncludeStyleBlock requires Page.Header to be non-null (e.g. <head runat="server" />). When I add runat=server, I lose my style sheet for the entire app. This beganb failing when I upgraded to vs 2010 and .net 4.0. Worked fine on vs 2008 + .net 2.0.
View 1 Replies
Apr 15, 2010
I am a rookie when it comes to SSL and I need to secure a page that requires credit card processing. What steps are involved in tackling this? Is it a seamless intregration point once the cert is setup on the server?
View 2 Replies
Apr 4, 2011
I am using the authorization section in web.config:
<authorization>
<allow roles="Administrator,Attorney,Director of Operations,Office Manager,Paralegal,Partner,Processor,Salary Admin,Unit Manager"/>
<deny users="*"/>
</authorization>
With this code in place, my master page CSS, as well as my images go away, and when I remove this from the web.config it displays properly.
View 1 Replies
Apr 4, 2011
I have a site, developed by an outside company, which requires logon for all pages.
We'd like to add a single page to the site that DOESN'T require the user to be logged in...so they can click the link on the logon page to view "T&C's" type info.
Is this possible?
(ASP.Net 4.0 on IIS)
View 3 Replies
Oct 28, 2010
What ASP.NET page lifecycle event can I write code in to determine the size of the viewstate that being sent out? Also, is it possible to determine the size without parsing through the rendered HTML (like a property on the page object) or is parsing the only way?
What I'd like to do is log the sizes, specifically if they cross a certain threshold.
View 3 Replies
May 26, 2010
which is the best method to create own customized login page?
i m not interested to use inbuilt controls, thts why m want to make own sign up pages and login page
View 3 Replies
Jan 26, 2010
A few years ago I worked with a team that developed what we thought, at the time, was a unique security model for a company ecommerce site. We wrapped every object (that we cared about) with a authorization / role check. So internal and external would use the same site but what fields, buttons, links etc. that they saw varied with their authorization / role assignments. I know .NET now has some RAD (Rapid App Dev) tools for security / authentication / authorization. Everything I have been reading is based upon securing pages / folders / areas of a site but nothing about the level of granularity we took it to so:
1. Was this not such as good way to go back when we did it?
2. I thought Microsoft had an entire security "plug-in" (Not Windows Authentication). Database, roles, etc.
(Don't get me wrong they have made life a ton easier with what they have given us)
3. What is the current method / practice in use for reasonably high security ecommerce environments. Cookieless Forms Auth? Something new altogether?
View 2 Replies
Mar 19, 2011
I am newbie to web technology, and my experience is purely C#. I got an HTML design from a web designer, and I am building over it and learning as I go.I have some web pages for authorized access and others for anonymous users Also, I learned that denying access for anonymous users is done through adding the authorization tag using the following change in the webconfig
[code]...
View 1 Replies
Apr 26, 2010
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Replies
Sep 14, 2010
I don't have any sub catalogs for the .aspx files and this is my web.config file:
[Code]....
It's as if the Login.aspx won't grab the Site.Master if I add this authorization.
I get directed to the Login.aspx if I try to enter any other page, but without seeing the master page.
Is this enough info to solve this or do you need to know how the other pages looks like?
View 2 Replies
May 12, 2010
Currently, when the authorization fails, it redirects to the login page by default. However if the user is logged in, it makes no sense to be redirected to the login page. I would like it to be redirected to an eror page instead.
View 5 Replies
