Security :: Admin And User Security Folder Setup

Mar 11, 2011

I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.

Here are the relevant sections of my web.config file.

<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>

Can someone point me to articles or provide assistance with the proper configuration?

View 3 Replies


Similar Messages:

Security :: Create Admin Folder And Pages To Add User ,content ,authentication

Jan 13, 2011

i need some lessons in how to create admin folder and pages to add user ,content ,authentication, etc

View 2 Replies

Security :: Custom NEW User Setup Which Build To Allow System Administrators To Setup Users?

Sep 21, 2010

I'm having trouble setting up a custom NEW User Screen. Here is my situation, I have a Request for Access Screen that uses the CreateNewUser Wizard Control. I want to leave the Question and Answer for this, however I also want a custom NEW User Setup which I build myself to allow the system administrators to setup users, but for this setup I don't want the administrators to have to pick the question and answer for the NEW user, so I would like to bypass this for this setup. However, my Membership.CreateUser keeps asking for it. How can I accomplish this? I've included a copy of my current web.config file. You will notice a AspNetAdminMemberhip which I use to allow the System Administrators to reset passwords.

<?
<
<
<
<
<
<
<
<
</
</
</
</
<
<
<
<
</
<
<
<
<

xml
version="1.0"?><configuration>configSections>sectionGroup
name="system.web.extensions"
type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">sectionGroup
name="scripting"
type="System.Web.Configuration.ScriptingSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="scriptResourceHandler"
type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup
name="webServices"
type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="jsonSerialization"
type="System.Web.Configuration.ScriptingJsonSerializationSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="Everywhere"/>section
name="profileService"
type="System.Web.Configuration.ScriptingProfileServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>section
name="authenticationService"
type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup>sectionGroup>sectionGroup>configSections>connectionStrings>add
name="LBX_ChangeControlConnectionString"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>remove
name="LocalSqlServer"/>add
name="LocalSqlServer"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>connectionStrings>system.web>membership>providers>add
name="AspNetAdminMembership"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="/"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
enablePasswordRetrieval="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
/>
</
</
<
<
<
<
<
<
<
<
providers>membership>roleManager
enabled="true"/>authentication
mode="Forms"/>profile
enabled="true">properties>add
name="FirstName"
type="string"/>add
name="LastName"
type="string"/>add
name="Gender"
type="string"/>add
name="ProfileImageID"
type="string"/>add
name="Department"
type="string"/>add
name="PhoneNumber"
type="string"/>properties>profile>pages>controls>add
tagPrefix="asp"
namespace="System.Web.UI"
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>controls>pages>
Set compilation debug="true" to insert debugging

symbols into the compiled page. Because this affects performance, set this value to true only during development.

<
<
<
<
<
<
</
<
<

-->compilation
debug="true">assemblies>add
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
assembly="System.Design,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>add
assembly="System.Web.Extensions.Design,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>add
assembly="System.Windows.Forms,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/><add
assembly="CrystalDecisions.CrystalReports.Engine,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportSource,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Shared,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Web,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportAppServer.ClientDoc,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.Framework,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.InfoStore,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies>compilation>httpHandlers>remove
verb="*"
path="*.asmx"/>add
verb="*"
path="*.asmx"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="*"
path="*_AppService.axd"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
validate="false"/>add
verb="GET"
path="CrystalImageHandler.aspx"
type="CrystalDecisions.Web.CrystalImageHandler,
CrystalDecisions.Web, Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></httpHandlers>httpModules>add
name="ScriptModule"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>httpModules>system.web>system.webServer>validation
validateIntegratedModeConfiguration="false"/>modules>add
name="ScriptModule"
preCondition="integratedMode"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>modules>handlers>remove
name="WebServiceHandlerFactory-Integrated"/>add
name="ScriptHandlerFactory"
verb="*"
path="*.asmx"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptHandlerFactoryAppServices"
verb="*"
path="*_AppService.axd"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptResource"
preCondition="integratedMode"
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>handlers>system.webServer>location
allowOverride="true"
inheritInChildApplications="true">appSettings>add
key="CrystalImageCleaner-AutoStart"
value="true"
/>add
key="CrystalImageCleaner-Sleep"
value="60000"
/>add
key="CrystalImageCleaner-Age"
value="120000"
/>appSettings>location>system.net>mailSettings>smtp
from="Lockbox@tdbanknorth.com">network
host="ME6AWMAIL01.bkng.net"
password=""
userName=""
/>smtp>mailSettings>system.net>configuration>

View 1 Replies

Security :: URL Routing Doesn't Work For Files In Admin Folder

Jun 24, 2010

I am using URL routing in asp.net application (not MVC) . I have Admin folder in my aaplication which has admin related aspx pages with seperate web.config. I have seperate login form for admin users which is placed in admin folder itself. My issue is whenever I hit [URL] (which I want to go to login form for admin)- it tries to authenticate and goes to login url mentioned in web.config of root folder.

Note: Admin folder has anonymous access in root config file. Also I have set default document in config of Admin folder. I have added following line in global.asax so that routing doesnt work for files in admin folder;

routes.Add(new
Route("admin/{*resource}",
new
StopRoutingHandler()));

I am really confused what is the issue? What I am missing?

View 6 Replies

Security :: Difference Between Admin User And Others?

Dec 22, 2010

have table for users have a some attribute one of them admin attribute have a bit data type when the user is admin it is true and i have ligin page and control panal page i want throw login page check for the user to redirect him to control panal if the user is admin the control panal will be displayed with moreoptions any one how can i doing this with select statement

View 2 Replies

Security :: Checking To See If The User Is An Admin?

Mar 17, 2010

i am currently checking to see if the logged in person is an admin, by putting a check in the page_load function. (same thing to see if the person is logged in at all)

is there a better way to do this? or should i just go ahead and put my check on every single page?

View 1 Replies

Security :: See All Online User In Admin Panel?

Aug 4, 2010

I am using SQL membership authentication and SQL Database for my ASP.NET Website and its using for my Organization (has multiple Branches in different cities).How I can get all user list which are recently online/Login in my system (WebSite) in my Admin Panel?

View 4 Replies

Security :: Two Roles (admin, User) And Two Folders?

Nov 15, 2010

In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.

The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).

View 6 Replies

Security :: Redirecting User To Admin Page With Username

Mar 4, 2010

I have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechanism to admin like siteroot/username/admin I can redirect to page admin but it gives security error, it should redirect to login page instead of if user did not sign in.

View 5 Replies

Security :: How To Create A User Login Control Without The Use Of Web Admin Tool

Apr 17, 2010

I'm looking for a way to create a login control without the use of web admin tool

Here are my system requirements

Windows 7 Visual Studio 2008 Professional Edition Microsoft SQL Server 2005 Express Edition ESET Anti-virus but SQL and Studio files excluded from being scanned. I have got a database. I've created the front end of the user login control manually not using the toolbox. Basically what I need is that once a user has registered. He then logs in. when he enters his username and password how do I code it so the database realises it's him/her and takes them to their LOGGED IN user

View 7 Replies

Security :: Setup Default User That Can't Be Modified?

Oct 20, 2010

We are using membership and roles.. is there anyway to setup a user that cannot be deleted? We need to setup a default admin account and dont want it displayed in list of user to modify, or if it has to be displayed, it cant be deleted or edited thru the pages that is, if they need to, they can do it thru the website admin section to manage it.

View 4 Replies

Security :: Want Site Admin To Manage Users/security Online, How Is This Done

Mar 22, 2011

Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?

View 4 Replies

Security :: Want To Log Into A Shared Folder On Another Server Using A Different User Name And Password?

Feb 22, 2010

I have an asp.net app written in c# and want to log into a shared folder on another server using a different user name and password.

How do I and can you give me some example code to allow me to connect to a shared folder on another server using a different user name and password.

Once connected, I wish to update a txt file

StreamWriter sw = File.AppendText(@\flcy_fluencyDNC_ListsTenantDNC.txt);
sw.WriteLine(tbTel1.Text);
sw.Close();

View 3 Replies

Security :: User Login And Admin Login On The Same Site?

Oct 21, 2010

I have a login page for my users. And I want my admin login to have its own page. Right now I have to login as an admin in the same page as the users.

How can I have 2 login on my site? I get an error if I have authentication forms on both my web.configs.

View 6 Replies

Security :: Which User Account Should Be Granted Access To App_Themes Folder

Apr 9, 2010

the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]

View 1 Replies

Security :: Impersonation Error / .NET User Account Has To Be Given Permissions To Access The Folder

Jun 18, 2010

I wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.

After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.

Here is the code I found:

[Code]....

(of course I filled in the username and password with the correct info)

When I went to use it again it threw this error:

System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.

View 3 Replies

Security :: Folder Security / How To Block Anonymous Users

Jan 12, 2010

I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.

How do I block anonymous users from being able to access the files in this folder?

View 4 Replies

Security :: How To Show A Warning Popup When User Is Not Authorized To Access A Specific Folder

Feb 16, 2011

I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.

When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?

View 8 Replies

Permission On Admin Folder, Only For Role=admin?

Jun 13, 2010

I have an Admin folder which contains 4-5 aspx pages. I want to that only user with role="admin" can view those files. What settings i need in web.config?

View 1 Replies

Security :: User Level Security - Enable And Disable Based On The User To Access Certain Form

Jun 26, 2010

i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.

View 1 Replies

Security :: Running Cmd With Admin Rights?

Dec 12, 2010

if I have this code:

How can I run the cmd using and admin rights? Is it possible to run the command using an admin name and password?

[Code]....

View 1 Replies

Security :: Reset Password By Admin?

Jul 31, 2010

I have a small requirement i.e if any user forgot the passwordhe would like to reset the password by contacting an admin or mailing. Now if the admin logged in he will check for the user name if the user name matches i would like to send a mail to that user by resetting the password

View 2 Replies

Security :: Looking For Membership Admin Module?

Jan 8, 2010

I'm looking for a tutorial or starter kit whereas I can build an admin page for my website that was built with VWD 08. I'm using the ASPNETdb for membership. My main focus is an admin page where I can reset passwords, email one or all users, search by username,etc. Does anyone know where to point me?

View 5 Replies

Security :: Membership And Folder Security?

Jul 22, 2010

I created a soultion and used membership for login and I have the site working fine you can log in and out and I can see that my roles are working. I created a folder called Admin and I created a webpage in there that I can edit my data table that I wanted to be able to edit when I am logged in as a user with Admin role thats working... well it works...

anyone can get to this webpage and edit my data. I have it set in the membership using the role managment to deny users * and allow users with Admin role however I can open up a new browser with out login into my site and type in the web information and it pops right up says Welcome:Guest [LOGIN] theres my data and I can edit it see do whatever and this page shouldn't be able to be seen.

What did I do wrong?

example www.domainname.com/admin/editmydata.aspx

View 3 Replies

Security :: Folder Security With Sessions?

Mar 18, 2011

Is it possible to add some security rules for files inside a folder with session value, as with impersonate settings in a config.web file? Right now i restrict my pages with sessions value, but can't obviously not do it for downloaded file like .zip, .doc, .ppx etc.

View 9 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved