Security :: Allowing Access To Default.aspx With Default Document Enabled?
Jan 19, 2011
I am trying to secure very mixed content that is located in an ASP.NET directory. For purposes of this question, it can be ~/MyApp/.
I want all of the content in the directory and its subdirectories restricted to authenticated users. The default.aspx page, though, should be accessible to everyone. This is the web.config in that directory:
[Code]....
Now if you are an unauthenticated user, everything works fine if you request [code]....
The problem occurs in that visitors do not always request "Default.aspx". We have a default document configured so that they get Default.aspx even if they just request "/MyApp". An authenticated user works fine, but an unauthenticated user is directed to the login page.
Now I know that essentially this happens because even though the request for "/MyApp/" will actually end up serving up "/MyApp/Default.aspx", the security system is only checking for "/MyApp/" since that is what I requested. That is then getting the default security for the directory.
How can you configure an exception to allow access when no particular file is requested in the directory??
Is there some dependency between DefaultDocumentModule and UrlAuthorizationModule? In this environment, the UrlAuthorizationModule has been removed and re-added in order to make sure it fires for non-managed requests. I would not expect that to change the order of execution, though, since UrlAuthorizationModule usually goes after DefaultDocument.
A workaround could be to set up the opposite security with the directory being open, and then trying to secure individual files. Because of the (changing) number of files, and extensions, etc, and the fact that you cannot use wildcards in a <location>, this is not really a workable solution for me.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
In my default.aspx there's a label, then I am using an iframe which src="page1.aspx". When I click on the page1.aspx, I want the label text to change according to some click events on the page1.
I have some ajax fucntions on my default.aspx that I use for saving data to my db. I have the form on my web control. When I try calling the function from my button which resides on the web control. I get an error.
I need to call that function from my registerform.ascx. How do I do that from within the registerform code behind?
Here is my scenario.In default.aspx page user selects the country, state, city from drop down list, and store them in cache for further use. but when other user open the web site from other computer it shows the same country, state, and city selected by user 1. Is there any problem related to cache? I have stored data as following.
cache["ctryID"] = ctryID;
cache["stateID"]= stateID;
cache["cityID"]= cityID;
I want to show default country, state , city at page load of default.aspx
I know this post is the same than other around but I can't get it to work the way I want, the thing is that the Login.aspx page have it in a folder not in the root of the directory, also the page that I want to redirect the user to is in the same folder, so far I got this in my web.config file
[Code]....
All pages contained in the Admin folder want it to be protected, the administrator needs to authenticate first, so my question is what I am doing wrong? need to take the Login.aspx and the admin.aspx out of the admin folder?
I have the following pages structure in my asp.net 3.5 website. i want if anybody directly access any page of my site as [URL] then it will automatically redirected to [URL] How to do this using vb.net, asp.net
I am using the personal website template. The login button is no longer work (do not thing when push the button) from the default.aspx page after I added following code:
In order to make the button's click event fire when the text box is highlighted, we have to have a second text box be a part of the form. Make it invisible so that the user never knows it's there. From what research I did, this appears to be an IE-specific problem. Nevertheless, this was the only "solution" I found.
I want to redirect my Javascript and CSS URLs to Homepage(Default.aspx) by web.config or via anyother way in ASP.Net. I tried to try it but I can't able to do this thing. I have already checkout ASP.Net professional book but I can't get any reference for it anywhere.
How can i set different default document for each folder in my asp.net project.I have set a default document from IIS, but that doesn't show up for every folder browsed.I have already added HTMLs to the collection but they are not showing up, instead stander ed Forbidden error page shows up.
I've got an Asp.net site set up on GoDaddy which is using UrlRewriter.net (not to be confused with UrlRewriting.net) to enable url rewriting which seems to be working ok, though I had to set IIS to run in IIS6 mode, rather than IIS7. The problem I have is that my default document is 'virtual' so while it's possible to browse to mydomain.com/default.aspx just going to mydomain.com/ doesn't work - I presume this is because IIS is expecting default.aspx to actually exist within the root directory of the website. Is there any way around this problem?EditAs requested, here is the rewrite rule from my web.config file.
IIS6, ASP.NET 2.0, No Forms Authentication I'm calling Response.Redirect("~/foo.aspx"), but the default document ("Default.aspx") for my site is appearing. To make matters worse, it only happens intermittently. Sometimes the redirect displays the right page.
I've checked session state, and I don't see any values in the web.config (that is, I'm assuming I'm using the 20-minute defaults).
There's foo.aspx and foo2.aspx (and the default document, Default.aspx). All pages extend from BasePage, which extends Page.
BasePage has a property named ReturnPage:
protected string ReturnPage { get { if (Session["ReturnPage"] == null) { Session["ReturnPage"] = ""; } return Session["ReturnPage"].ToString(); } set { Session["ReturnPage"] = value; } }
Users click on a LinkButton on foo.aspx, and the click event handler ends with two lines of code:
The Page_Load of foo2.aspx has problems, and its error handling calls Response.Redirect(ReturnPage).
When I view the response headers of foo2.aspx, the 302 location is string.Empty (that is, there isn't one). That same response header has the same ASP.NET Session ID as the response of foo.aspx.
And remember -- this is intermittent. Sometimes, you can click on that LinkButton and go effortlessly to foo2.aspx, no problem. You can process the click with the exact same data once, and it will fail. You'll navigate from the default document (Default.aspx, where you were sent by the "bug") back to foo.aspx, click again with the same data (the same row in the grid/table -- the same LinkButton, essentially), and you'll be redirected to foo2.aspx without issue.
Is there a way to programmatically know when someone is using the Default Document feature of IIS to access my page (that is, the name of my .ASPX isn't in their URL anywhere)?
My login.aspx is in a Login folder of my website. I want this to be the default document of my website in IIS. is this possible? or should I create a home.aspx page that redirects to login.aspx?
I have an ASP.NET web site project, which I'm publishing to IIS on my Win2k8 R2 server. It has a default page called login.aspx. I set that up on the published web site.
Trouble is, every time I publish a new version of the web site, the login.aspx entry gets erased from the "Default Document" settings of the web site in IIS. This is very annoying. How can I publish my web site from Visual Studio without wiping out the default page every time?
I basically have quite a large site collection with various site and sub sites that all contain their own document libraries. I need to change the default view of each document library to include the following fields:
Checked out to.
Check in comments.
This is ok as I have written an app that will loop through all existing lists and do this however is there a way I can change the template for a document library so that any future lists that are created will automatically contain these two fields in the their default view?
I have spent a day and a half trying to resolve this issue. Bascially have an ASP.net website with Forms Authentication on IIS7 using Framework 4.0.
The Authorization stuff seems to be working perfectly for every scenario with the exception of hitting it with no document specifed (Should resolve to Default Doc).
For example [URL] works perfectly, this page should allow anon access as specified in the web.config.
but if I hit [URL] Directly it redirects to the login page with Return URL set to "/" or Login.aspx?ReturnUrl=%2f
Some things I have tried:
1) Set Authentication to None and then the Default document worked so thats not the issue.
2) Added DefaultDocument attribute to Web.config
3) Deleted all entries for in Default Document list in IIS except for Default.aspx
4) Added MachineKey entry in Config
5) Toggled from Integrated to Classic pipeline in IIS
I have two strange problems when I use routing in a web form application. Environment: IIS 7.5; .NET 4.0 and Windows 7 64 bit.
default document does not work if I use (http://www.)mydomain.com. The exception message is "The controller for path '/' was not found or does not implement IController". However, if I debug in VS 2010 (http://localhost:8080), this problem has never come out. Here mydomain.com and http://localhost:8080 hit the same code in the same folder of the same computer. I trapped the value of request.path. When local host is used, the value is "default.aspx" while "/" if mydomain.com is accessed. I can use one line (if "/" then redirect to default.aspx) to "fix" the problem but I believe it should have a better way. when I detect request.path, I got such a VERY strange request which I have never seen before: 192.168.1.11/StableWSDiscoveryEndpoint/schemas-xmlsoap-org_ws_2005_04_discovery! I have no idea where it is from. I do not use any web service in my code. The request is posted to the server, and the user agent is WSDAPI. I tried to debug the code from a different browsers other than IE. It looks like I do not get such a request. Edit: I just found the 192.168.1.11/StableWSDiscoveryEndpoint/schemas-xmlsoap-org_ws_2005_04_discovery request is sent from the domain control.
I have an ASP.NET website application, and there is a home page for my web site. I need to be able to change the default document of my website programmatically (C#) so that I can make another web page take priority above the one that already exists. I would then like to revert back to the previous default document order.
Example :
I have two home pages - Home1.aspx and Home2.aspx. In the IIS default document settings I have added the two pages and made Home1.aspx be the first default document then Home2.aspx the second. I need in some cases to be able to change the order of the two default documents so that Home2.aspx is the first default document then Home1.aspx the second.
I have one asp application. When i deploy this application in iis like www.xxxx.com , my index page is in the sub folder like root/home/index.asp , so when i set this as default document , browser will redirect to this url. But without redirection is this possible to load the default document in www.xxxx.com
I need my default document while browsing www.xxxx.com without redirecting to www.xxxx.com/home/index.asp
how to get the total row counts in a Gridview control with default paging enabled? My gridview control is bind to an ObjectDataSource control.
The problem I am having right now is that when I loop through the gridview control, it only contains the total row for the current page being displayed on the screen and not
the total row in the entire grid. I am using the the for each loop.
The problem is that i can't establish a Default Document to an non phyisical file. I want that the Default Page be : Home.aspx (which is a non phyisical file).
So when I go: [URL] I get an error: HTTP Error 403.14 - Forbidden The Web server is configured to not list the contents of this directory.
I do not want to make a REDIRECT.
Is there any way to accomplish this without having to create a index.html to redirect to Home.aspx?
