I've developed a web application and I've added some security features. Now i want to create a page for managing users and user access in my web application.Can anyone suggest some tutorial for managing users and access because i'm new to asp.net.
View 1 RepliesCan anyone point me to a sample admin page for managing users and roles (forms authentication). Something like the security section of the WSAT, but for a finished site.
View 3 RepliesInitially, in my solution I had one project, and had set up all that is required for asp.net security, and that includes users and roles and access rules, etc. All of that was and still is working fine.
Now I added another project to my solution, and my first project points to pages in the second project.
The problem is that it seems like the users and roles are not being transferred accross projects. Not sure if I am explaining my problem correctly...if not, feel free to ask...
Its my first time trying to manage users and roles accross projects within a solution.
I've been using the CreateUserWizard to create my users as well as to assign them roles/permissions. My problem is that, once created, I have no idea how to edit or delete their details without using the Asp.net Website Administration Tool. Where can I get some extensive but easy to understand literature on the subject?
View 4 RepliesI have created a new asp.net website ( 3 pages of c# ) I need now to apply security on those pages. each page has a couple of buttons to run specific process . How would I apply security in the following senarios
I have 3 people who have access to all three pages, however, each person has the right to click specific buttons on the pages. What is the best way to apply security.
This is what I thought and need someone to confirm it. I have created a table like this
id
controlName
RoleId
1
btnCreateCustomer
101
[Code]....
Allow Admin Users to Access Basic Users Accounts?
View 4 RepliesI've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
I've put my site online and I'm looking to add/change user membership. From Visual Studio, I can access the Website Administration Tool WSAT and it's great if you just want to add users manually. Is there a similar way to change users once the site is hosted on a remote server?For the moment, I change the user information through the WSAT and re-FTP the mdf file; it's pretty painful.
View 1 RepliesI restored a database from another server, and everything looks good except the users.
I'm managing all this from SQL Server 2008 Management Studio as SA.
The users are present in the [u]databaseName > security > users[/u] section, and they exist in [u]databaseServer > Security > Logins[/u]. However I can't change anything in the [u]databaseName > security > users[/u] section, because when I try and make a change, and then I hit OK to apply, it says "[i]login name must be specified[b][/b][/i]". But the login name field is grayed out and I can't modify it(even though I'm logged into the machine as Administrator and SQL as SA).
Also, in the user mapping section, when I try to map one of the users to a database, it says '[i]create failed user already exists[b][/b][/i]'...but I don't want to create the user, I just want to map that user to the appropriate databases...
I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.
Example:
Username: ricky
Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's
Username: diana
Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's
I'm using membership provider for the user authentication.
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp).
I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
In my application i have 4 screens such as page1.aspx, page2.aspx, page3.aspx, Page4.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting.
View 1 RepliesCurrently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
.NET 4.0
I wonder if it's possible to use .NET to get access to users in Active Directory:
- Methods that returns a collection of users belonging to a specific AD group
- Get access to AD propterties beloning to the user account, want to check if the user account is disabled or not
In my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
View 5 RepliesI have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 Repliesi used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 RepliesIn this case I have a system where a user logs in, they get a dashboard and they can see all their related projects. The user can click on the project and open it. (ie /View/79) The problem the user can also just type /View/68 which they are not supposed to be able to view.
Obviously I am aware of how to filter my data, but this application has many many lists of data and it all needs to be scoped to data that user has been allowed to see. I can insert a plethora of joins and wheres in all my queries but.. it's a lot of work and a bit convoluted.So I was wondering what strategies other had used for filtering data based on the user scope.One approach I was thinking of was to extend my user-role-permission model so "permissions" could be assigned to various entitites (like projects). This way, rather than doing a series of joins etc to see confirm a user has been assigned to a project, my join is just onto the EntityPermission table to confirm the user has PermissionX (like: CanView) on that entity. I could either maintain a seperate M2M table for each entity i need to restrict or something a bit more general (but without referential integrity).
I recently added Forms Authentication to a project and set it up by right-clicking on a Login control at design-time, selecting "Administer Web Site," and setting up all the users, roles, etc.
how is this to be done after the site is deployed? Would the webmaster have access to this tool? Is there some other tool available?
I have created a forgot password page with a PasswordRecovery control in it.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em" Height="210px"
onsendingmail="PasswordRecovery1_SendingMail" Width="491px">
I want to redirect the user back to the login.aspx page once the user clicks the Forgot Password button.
I am using ASP.Net Forms Authentication. My Web.config looks like this.
[code]....
So currently every aspx page requires authentication.
I want to allow access to even unauthenticated users to a specific page named special.aspx. How can I do this?