How To Configure User Authorization On Dynamically Created Resources In Web App
Mar 28, 2011
Suppose some users log in to my web app. They get authenticated (as something other than the anonymous user), so they can access any resource in the directory. The system.web/authorization section of web.config is set to deny access to anonymous users like this:
<system.web><authorization>
<deny users="?" />
</authorization></system.web>
Actually, from what I understand, this only protects files accessed through the ASP.NET system. If I drop a JPG file in there, it's accessible to everyone, without authentication/authorization. In order to ensure all files are protected, there's a different section for that:
<system.webServer><security><authorization>
<add accessType="Deny" users="?" />
</authorization></security><system.webServer>
Of course, now when someone attempts to access the JPG file, they don't get redirected to the login page. Instead, they get a nasty HTTP Error 401.2 - Unauthorized.
Now, suppose a user causes a file to be created on the server. How, in context of this elaborate Forms Authentication and Authorization scheme, do I ensure that only that user's web browser can access the file via it's URL? For example, must I modify the web.config file? If so, do I have to do this manually or can it be done through code? Will modifying it frequently cause the application to be interrupted/restarted?
View 2 Replies
Similar Messages:
Jun 28, 2010
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
View 1 Replies
Jun 17, 2010
I have a set of dinamically created User Controls on the page. They are pretty small 170X120 px in size, but when the page is displayed, they are all one under the other. All styling is default, which means they should be positioned in normal flow. Is there any way to place them next to each other. This is not a problem when I dinamically create for standard controls, like a button or an image. Why the user control is different. This is the markup behind the control:
[Code]....
and this is how I create them:
[Code]....
View 2 Replies
Jan 31, 2012
I dynamically build up a table of dates/hours worked by a user.
Last row, for each date (column) contains a little user control where the user can enter some text.
The user control work with some jQuery/UI and I will end up with each control have a date and reason set in hidden controls.
How do I get hold of these controls only when the user click a button in the code-behind? (silly question I know, but I'm not used to how webforms does its' thing)
View 1 Replies
Feb 10, 2010
I have a dynamically created address user control (on a customer administration screen) that is created through the use of a place holder. A customer can have multiple addresses, so they dynamically dropped onto the page.
I have got this far, but now I need to be able to save the updated addresses for the customer but I can't get any event to fire on the user controls. When I check to see run plhAddress.HasControls() it returns false?
The way I am generating the user controls is as follows.. private UserControl LoadControl(string UserControlPath, params object[] constructorParameters)
View 9 Replies
Feb 10, 2010
I am creating one folder like "ManageFiles" dynamically. and that time i am storing some files inside that folder.If i want to download files from that folder for some user, I am getting error.
View 1 Replies
Jun 28, 2010
In the bin folder with the AJAX control toolkit there are 16 other folders that each contain a file called AJAX.ControlToolkit.resources.dll. How do these get created? Does the AJAX control toolkit dll create these automatically ? Do I need to manually add them to a project if I want to use the AJAX control toolkit with it?
View 4 Replies
Sep 28, 2010
I'm creating an quiz application which queries the database and extracts the questions and choices. I use dynamically created controls such as a checkbox list and fill the values dynamically. How do I do this? Right now I have these functions:
array_random_init(); this creates a 10 element integer array from 1-20 - extract_question(i): this extracts a question indexed at i in DB, I created the controls and set the appropriate text in this function. - validate_question(i); this is called by button_click and validates the question i according to DB.
I understand I have to recreate the controls in Page_init on postback, but what should it look like? Do I need to add "if IsPostBack" in page_init, or do I create the controls in page_init() and reset their properties in page_load when I use extract_question(i)? Also, I cannot seem to clear the selected boxes on postback, I added page directive "enableviewstate=false" but it doesn't work.
View 2 Replies
Feb 14, 2011
I have a website that sales associates access to view account information with clients. S.A's can only view information for accounts that they are tied to. Some clients have more than one account, S.A's can be tied to more than one account, but not all accounts of one client need to be tied to one S.A.
On the account info pages, I have account numbers (dynamically displayed labels) displayed of other accounts that the account client is associated with, which the S.A's can see. I'm modding this so that if the S.A has viewing permissions of any of the other accounts on that list of accounts, that instead of a label being displayed, a button directing them to that account page will display instead. In order for this to work, I have to attach a security function to the button, otherwise the page will blow out on the S.A's.
So I'm running a piece that is displaying a button instead of a label, which is working fine. My problem is when I try to attach the security event to the dynamically displayed buttons. It seems that the page just posts back and doesn't execute my code at all.
On my Page_Load, I'm running this after the buttons and labels are displayed:
For x = 0 to tblAccountList.Rows.Count - 1
'use a try to target the button, use catch to handle if it's instead a label, only one cell per row.
Try
Dim accountLink as Button = tblAccountList.Rows(x).Controls(0)
Addhandler accountLink.Click, AddressOf Me.PermissionViewCheck
Catch ex as InvalidCastException
Continue For
End Try
Next
I don't have any code checking for postbacks or anything like that, but the "PermissionViewCheck" event never fires and just reposts the page.
View 6 Replies
Mar 29, 2011
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
View 1 Replies
Nov 30, 2010
I am going through the Security Tutorials here on ASP.Net. I am currently working on the last part of the Membership - User-Based Authorization. The tutorial covers restricting access to specific pages or to directories using a second Web.Config file. I am running into a problem with the myLogin page DestinationPageURL. Here is what is happening: 1. When the website starts, the Login page opens. 2. If I log in with an existing user, I am sent to the Default.aspx page. That is what is in the yLogin.DestinationPageURL for the login page.
View 1 Replies
Jan 27, 2011
I am using asp.net authentication and authorization with form authentication for my web application.
When I create a new user using asp.net create user control,the newly create user automatically gets logged in,the already logged users looses his session.
Don't know why this is happening.Is there some setting for this?
View 1 Replies
Jan 27, 2011
My scenario is a 3-Tier app where the data tier is a SQL Server database, the middle tier is a WCF application hosted in a Windows Service and finally the presentation is an Asp.Net MVC application.As usual, the middle tier is the one that performs all of the business logic. Access database, define business rules.. etc. BUT now here's question: How do you handle security in such a scenario? I mean, the user has to log in on the ASP.NET application, but I want to authenticate it not only in ASP but in the WCF middle tier as well, since a WCF service is supposed to be accessed by more apps.
I want the user to log in on the Asp.Net application and let WCF know the credentials as well. Is there some kind of session in WCF in which to specify a logged in user? How do pros handle security in this case? I know you can secure the WCF services with message security, but how do Asp.Net and WCF sync on a single logged user? I want to secure WCF operations depending on the user for authorization means.
View 2 Replies
Mar 7, 2010
After a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the ASP.net configuration tool that denies them access but the default setting allows them in. How do I go about this?
View 1 Replies
Nov 11, 2010
I have been experiementing with the annonymous types in C#, and am wondering if it would be possible to have a 'dynamic key' in the annonymous object.Here is what I have so far:
[Code]....
[ { "monday": true } ] what I am getting: [ { "temp": true } ]Is there a way to have the object's 'key' be dynamicly created? What I want it to be able to send the KeyValuePair's key as the object's key. Is this possible?
View 2 Replies
May 24, 2010
I'm trying to get the value of a dynamically created radiobuttonlist via javascript to call a pagemethod.
This is how I'm creating the rbl:
rbl.Attributes["onclick"] = "javascript:preview('" + rbl.ID + "','" + rbl.ClientID + "');";
And this is the javascript:
function preview(controlid, clientid)
{
var radio = document.getElementsByName(clientid);
var answer = "k";
for (var ii = 0; ii < radio.length; ii++)
{
if (radio[ii].checked)
answer = radio[ii].value;
}
PageMethods.SaveAnswer(controlid, answer);
}
The problem however is that I want to get the groupname of the radiobuttionlist so I can use getElementsByName, but i have no luck so far.
View 1 Replies
Mar 4, 2010
This is what I have in the RegisterUser.aspx and yet when the admin registers a new user, then on clickiing the register button, the site logs in as the user who was just created.
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
Roles.AddUserToRole((sender as CreateUserWizard).UserName, "Department");
}
View 4 Replies
Mar 4, 2010
I have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
This is web.confg code:
<?xml version="1.0"?>
View 22 Replies
Nov 10, 2010
Our application lets the administrator create new users. Since the administrator is logged in, I have set Logincreateduser = false so that the administrator is not logged out even after creating the new user.
The problem is :I need the userid of the newly created user to store additional details of the user in another database table. I see that i can get the username using Createuserwizard1.username; but how do I get the userID?
View 2 Replies
Feb 3, 2011
I have recently upgraded to VS 2010 and converted my web site into a web application. Now, when I attempt to build, I receive the error:
Resource name '<name>.Resources.resources' cannot be used more than once.
There is no page name or anything, and I have completely exhausted all that Google has to offer.
View 2 Replies
Feb 15, 2010
I'm creating 14 textboxes for every day in a month and user can select the month so i have o create them dynamically. But i can't reach the values in the textboxes.
When i don't create them dynamically like
<asp:TextBox ID= "TextBox1" name="TextBox1"> </asp:TextBox>
I can get the value from the C# side by using the
((TextBox)Page.Form.FindControl("TextBox1")).Text
However this moethod doesn't work for the textboxes that i created dynamically. I'm creating them in a loop it's something like;
[Code]....
Then i add the text box to the necessary places at my table.However i can't reach the textboxes when i use the same method
((TextBox)Page.Form.FindControl("!A uniqe ID!"));
It gave a null value...
View 7 Replies
Jul 20, 2010
I have a tree view with checkboxes for leaf nodes. If i click on checkboxes, I am creating some html controls dynamically. And in other static button click event I need to get an ID's of those dynamically created controls.
My Code is:
.aspx
<asp:Panel ID="pnlOuter" runat="server" Visible="false" Width="650px">
<table>
<tr>
<td>
<asp:Label ID="lblQtnrName" runat="server" Text="Questionaire Name"></asp:Label>
<asp:TextBox ID="txtQtnrName" runat="server"></asp:TextBox>...
View 14 Replies
Jun 21, 2010
I will have to retrive data from database assume this is the data I got
|No | Name|
46 ANN
24 LISA
20 JOAN
41 JACK
and so on. I will have to create checkbox dynamical by these data like this
checkbox ANN checkbox LISA checkJOAN
checkbox JACK
I will create a container and then create checkbok , then add control to container.. my problem is how to give it a break each 3 controls? and how to format them like this
<TR>
<TD width =33%>
checkbox ANN
</TD>
<TD width =33%>
checkbox LISA
</TD>
<TD width =33%>
checkbox JOAN
</TD>
</TR>
<TR>
<TD width =33%>
checkbox JACK
</TD>
</TD>
View 7 Replies
Jun 5, 2010
In my code behind (c#) I dynamically created some RadioButtonLists with more RadioButtons in each of them. I put all controls to a specific Panel.What I need to know is how to access those controls later as they are not created in .aspx file (with drag and drop from toolbox)?
I tried this:
foreach (Control child in panel.Controls)
{
Response.Write("test1");
[code]....
"test1" and "test2" dont show up in my page. That means something is wrong with this logic.
View 3 Replies
Nov 18, 2010
I know this question has been asked thousands of times, and I've struggled with it before, but for some reason, I can't accomplish what I want to accomplish... I have a dynamically added LinkButton that when clicked will dynamically add a control (in this example, a textbox) to the same panel. The intent is to continuously add on as many controls as times the LinkButton was clicked (i.e. I click it once, one box, then another click will give me 2 boxes, another click adds a 3rd). In the code below, I use the current date and time serialized to create a unique ID for each textbox control.
When I execute the code, clicking "Add Filter" will generate a new textbox, but once clicked again will create a new one, and dispose of the one before it. Instead, I want to persist the previous textbox as well as any data submitted within it.In the aspx:
<asp:Panel ID="pnlFilter" runat="server">
</asp:Panel>
In the aspx.cs:
protected void Page_Init(object sender, EventArgs e)
{
LinkButton lb = new LinkButton(); [code]....
View 4 Replies
