Security :: Access Level / Ensure That A User From A Particular Group Is Redirected To His/her Summary Page?
Apr 1, 2010
I have a summary page that has an Add New Record button, andEdit Record butto and a Delete Record button.Every user has ReadOnly access.However, only users with administrators Access Level can add, edit, delete, view.Users with Staffers Access Level can only Add records but cannot delete or edit.So, basically, 2 access Levels, Administrators, Staffers.Administrators can view, add, delete, update records.The rest, Staffers, can only view and Add records.I am struggling to figure this out.I have done this a ton of times using Classic ASP, something like:
If AccessLevel <> "Administrator" Then
Response.Redirect"login.asp" 'so if user has admin password, s/he ccan log in with that.
End if
[code]...
4 different groups will be using the system, each will be redirected to their own summary page based on their groupNumber.All I just want now is to ensure that a user from a particular group is redirected to his/her summary page, then that user is checked again against AccessLevel (view, edit, delete, update).
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
I have written custom code for login and logout...When use clicks on logout button the current session is closed and user is redirected to a login.aspx page...The problem is that when a user click a back button on internet explorer it the previous page he was navigating is shown to him...(altough he cant perform any operation as session is null and their is condition in page load that if session is null user should be redirected to login page)May i have to clear cache of client ??
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
I have a page containing a form which can be accessed from two pages. I want to set a button on this page depending on the page from which I redirect.
For eg., if I redirect from page 1, the button should be back to page 1 and I redirect from page 2, the button should be back to page 2. I don't want it to be a back button by the way.
How can I set this condition? Url.Action redirects to a page but how can I get the page from which I have redirected?
Also the form which when submitted should redirect back to the page from which the form page has been accessed.
I keep redirected to a "401 Unauthorized" page, which is the Login page. It first loads a 302 Found (Failed to load source for: http://localhost:4558) page then
I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only .
Requirement(1): When any person is on the network, they can access this site EXCEPT one AD Group (Example: AD_Sales group).
Requirement(2): Also like for example if a person that has the access passes a url (Ex: http://mysite/Home/Index/Product/Letter) to a sales group person, he still should NOT access and need to display a custom message saying "You are not authorised to view this page".
If the scenario is like to issue the access to one AD Group and deny access for all others, it is fairly is. It can done from IIS. I am Wondering how to do this.
I need to create individual account for a big group of people (around 200) from an Excel spreadsheet. What is the best practice? It will take too much time to create account using web form. I think there must be a way to do it. I tried to use Stored procedures created by ASP.NET.
I'm using a linq group by query (with two grouping parameters) and would like to use the resulting data in a nested repeater.
var dateGroups = from row in data.AsEnumerable() group row by new { StartDate = row["StartDate"], EndDate = row["EndDate"] }; "data" is a DataTable from an SqlDataAdapter-filled DataSet. "dateGroups" is used in the parent repeater, and I can access the group keys using Eval("key.StartDate") and Eval("key.EndDate").
Since dateGroups actually contains all the data rows grouped neatly by Start/End date, I'd like to access those rows to display the data in a child repeater. To what would I set the child repeater's DataSource? I have tried every expression in markup I could think of; I think the problem is that I'm trying to access an anonymous member (and I don't know how.) In case it doesn't turn out to be obvious, what would be the expression to access the elements in each iteration of the child repeater? Is there an expression that would let me set the DataSource in the markup, or will it have to be in the codebehind on some event in the parent repeater?
I would like to control the menu display (show/hide menu items) in my ASP.NET 3.5 website based on the user's AD group and also control the functionality within a page using user's active directory group membership. how to do this? menu is stored in an xml file and bound to a control. all the examples I see on the web are related to forms authentication. this is an intranet website with integrated windows authentication and both authentication and authorization should be controlled using user's active directory groups.
I have to handle error related to web application. I am not sure how its works. I am thinking that I will add an error page (error.aspx) and in global.asax ,application_onError, I will redirecting the user to error page and that should be enough ! i mean it will handle error automatically.
For a testproject I use two Login pages. I order to do that I use a dispatcher page:
Dispatcher:
[Code]....
I then just redirect in the dispatcher to the real login-page according to the ReturnUrl. So far so good. The only problem I have is that I don't get redirected to the ReturnUrl once I'm logged in... Of course I add the ReturnUrl to the forwarded Login-Page (/Admin/Login.aspx?ReturnUrl=...).
I am using one datalist control for uploading multiple images.I hv used one Asp:FileUplaod Control and one button in one itemtemplate.I am using reqired field validator and regular expression validator for file upload cntrl I am assigning validation group for both of them on ItemDataBound event of my datalist so that each upload cntrl hv same validaton group as required field and regular expression validator.Now what i want to do is - i want to show my error message in validation summary which is right at the top of the page.I want one know how to write javascript that will assign validation group of my control in datalist on which i click ?
Now when the guest user tries to access this he is redirected to the Login page. I want the user to either sho a popup that user cannot access it or just stay on the same page with some error message in a label on that page... Here is more code in webconfig
I have a standard createuserwizard control, which adds a new member to my membership database. All fine, except I need to ensure that the user checks the terms and conditions checkbox before the member is created in the code-behind page. I need this to be server-side, rather than client-side, so a javascript-reliant solution isn't a solution :)
The code-behind is like this:
[Code]....
The aspx code is like this:
[Code]....
how to add validation to the 'Terms' checkbox? I've tried a normal validator and custom validators but just can't get them to work at all.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder. So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I'm working with the AJAXControlToolkit in an ASP.NET 3.5 application. I've got a textbox on the page to take the person's social security number, and I've put an masked edit extender and an masked edit validator, force the user to enter the whole SSN, but it doesn't work. I'm not sure what I'm doing wrong, or have left out. Here's the relevant code: