How can i prevent users from getting the list of files that exist in my website?
For example when users type on the address bar the WebsiteAddress+/DirectoryToSearch/ they get the list of files in that directory, without getting any permission denied error
Is there any setting in asp.net that am i missing?
when i would like to restrict files to access only on my Test page , here i am retriving my files in iframe in Test page, problem occurs when a user authenticated themselves then they will be redirected on welcome page and he can access my files through welcome page on Browser by knowing my Folder Name. but i do'nt want to give permissions to access on welcome page using IBrowser i only want to give my files(.mht files) that should be accessed on iframe.
this code as shown below doing pretty well in Visual studio "Debug mode but when i deploy this on iis 7.0 then it is not restricting my .mht files so please help , if you have any othe idea to protect then please give me .
[code]....
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then
'If authentication ticket incorrect then
`Response.Redirect("~/notallowed_admin.aspx")`
End If
And not, I cannot use my web.config for this particular issue.
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.
This is my current situation:
Im trying to execute a website that access to some files in my hardisk.Im into a network of a company with an ip. I have IIS 5.1.
This is the problem that im having:
When i try with localhost, there isnt any problem, but when i try with the ip of my network computer, i get "file not found", and the path is correct. asp.net uses different users to access resources depending if the url is localhost or ip of the network?
I've inherited a VB.NET website and it won't compile because the class1 in the file class1.vb refers to class2 in a file called class2.vb. I get the following error when trying to compile: Type Class2 is not defined.
When I look in the object browser the classes are listed separately (i.e. not all grouped under the same namespace) and appear as:
Public Class Class
Inherits System.Object
Member of C:...mywebsite [code]....
folders in my website root are
a
b
c
I have subdomain "s1" which points to "a" folder. I want to know how could I access to files stored in "b" folder form subdomain "s1". My issue is that files I have some html content which saved in DB Records and their path are base on webroot i.e. "<img src="/b/movie1.avi" /> .Could any one tell me how I could show these files via subdomain "s1"
i am building a member management site for a sports club, i have all the usual feilds
lastName, firstName, address1, address2, address3 ....
but they also want a photo
when i first made the DB i used access 2010 which uses the 2007 file type which supports attachments, however asp.net doesnt support the 2007 format. and the 2003 file type doesnt support attachments, i assume i use the OLE object data type but i have no idea how i get my aspx page "new.aspx" to upload an attachment. plus i want to restrict the file type to *.jpg
i am using file upload, i wanted to restrict the files showing in the dialog box to images only. That is 'Files of Type' in the dialog box should be .jpg,.jpeg,.gif,.bmp,.png
View 4 RepliesWhat is the best way to restrict a file upload control to only accept video files only ?
View 3 RepliesI have an asp.net application. There is a folder in the project that users upload images and files to that folder.
I want to restrict users, that each user sees only his files. How can I do this?
Because files are uploaded in folder, users may access them by browsing file urls.
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 RepliesI created a website using VS2010. When I run the website using built-in web server, everything works fine. The website recognizes javascript and aurigma uploader. When I publish the website to local folder and tried to access using IIS 5.1 on local pc,
the java scipt files did not work. I was getting yellow triangle sign at the bottom of the page indicating the object is expected. I tried to look online but i could not find any answer. I have included jquery and javascript file in the header section of master
How can I Restrict Access to an specific folder, for example I have a folder that Authenticated users upload different files in it. the problem is that every user can access the files via URL in the browser.I don't use asp.net login controls for authenticating and role memberships, I have written login page and roles my self via code behind.
View 1 RepliesI want to be able to restrict page access in a web application deployed in IIS 6.0. Say my web applications has these pages:
a.aspx
b.aspx
c.aspx
d.aspx
The proper way to access is [URL]" From a.aspx the other aspx pages could be loaded. What I want to be prevent is someone typing in: [URL]
[Code]....
Trying to restrict access to folder but can't?
I need a reliable method to switch off users' access to SSRS dynamically. If you care about the reason, users are not allowed to access SSRS from home, but they are allowed access from within the factory walls.
I can generate a token or event when they arrive at work or leave, no problem, such is the sophistication of our security system.
So I can create a little .net app that pokes SSRS in some way and tells SSRS to allow that username to access reports. When the users leaves the premises, the .net app will prod SSRS to deny that username access.
I considered dynamically adding and removing usernames from the authentication section of web.config in the SSRS root dir, as in <deny=usernamelist />. But given the frequency of changes (dozens per hour at peak times), that seems too intrusive, as it probably causes the restart of the app.
I tried adding usernames to the ACL on the SSRS physical directory (Microsoft SQL ServerMSSQL.2Reporting ServicesReportServer) as deny reader, and for a few brief minutes I thought I had arrived at a solution, but for some reason SSRS decided to serve pages to denied users seemingly at random. Must be cached somewhere, although I can't for the life of me figure out why that would be happening seemingly at random.
I rather like the ACL idea from the perspective of ease of control, and if there's a simple thing i have overlooked in the way SSRS interacts with IIS and NTFS permissions, I hope someone can point it out so I can understand why the ACL seems to be mostly ignored.
I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.
[Code]....
How to restrict folder access in asp.net like i dun want any other to see my Uploads folder in browser by link http://www.myweb.com/Uploads
View 3 Repliesi have 4 pages of website 2 pages are authorized to used by USER and 2 pages are restricted for useradmin can authorized to go all 4 pagesi need coding for Login window from which Admin/User Login
View 1 RepliesI have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 RepliesI have this Internet web service page(webservice.asmx) being consumed jquery ajax call.
And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).
The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.
So users can't just type www.mysite.com/webservice.asmx to access my webservice.
this might not be asp.net exactly but i hope it's ok that i ask this here?i'm looking to restrict access in web browsers to a particular extension like .mp3 - really i'd like to know how to do it two ways if possible
1: how can i restrict it so that nobody may embed/play/download mp3's on my server on their outside sites? I used to do this on php with .htaccesss but am new to .net2: how can i completely revoke the extensions' ability to function at all, even on my site? IE: I would test with a link on my own site/server to a mp3 on that server, and it would fail. I tried removing the MIME type for mp3 and restarting IIS but thatdoesn't seem to have done it.I can still go to the mp3 file in my browser by putting it's URL in the browser.
I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.