Security :: Can't Access ForgotPassword.aspx Unless Logged In?
Apr 20, 2010
There is a "Forgot password?" link on my login page which brings users to a page with a PasswordRecovery control. All of the sudden, I can't access it. It just posts back to the login page and adds the following query string to the URL when I click the hyperlink:?ReturnUrl=%2fSTARS-dev-source%2fForgotPassword.aspxI'm not doing anything in the Page_Load of ForgotPassword.aspx. Additionally, and most perplexing, in debug I put a break in the Page_Load of the Login, ForgotPassword, and Master pages as well as every method in my Global.asax file. It only breaks on the Login Page_Load. Effectively, all it does it post back to the login page when I click the hyperlink.The only time it will work is if I successfully login, then click the BACK button, then click the "Forgot Password?" link. It's like it requires you to be logged in to load the page, but I don't know why that would be. It never hits any Page_Loads.
View 2 Replies
Similar Messages:
Nov 28, 2010
First of all, thank you for the attention.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
View 3 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Jan 7, 2011
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
View 2 Replies
Dec 11, 2010
I have seen an existing post which explains how you can restrict access to an ASPX page using:
[Code]....
This works as in it keeps those who are not a member of Administrators AD Group from being able to view the webform but for some reason when I implement the above it locks even the Administrator user out which is not what I wanted at all.My web.config is as:
[Code]....
As you can see I have tried to restict it also through the web.config file but neither approach has worked.
View 3 Replies
Nov 19, 2010
I have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
View 3 Replies
May 3, 2010
suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
View 6 Replies
Apr 9, 2010
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 Replies
May 24, 2010
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 Replies
Aug 10, 2010
All my app's mail is currently sent through Postmark, except for the basic ASP.NET membership controls.
how to get the emails generated from those controls to pass onward to my Postmark acct?
View 1 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Dec 16, 2010
I have set up user accounts on my project. I don't want users to be able to go to their shopping cart (ViewCart.aspx) page unless they are logged in. How do I accomplish this?
View 1 Replies
Jan 19, 2011
I am trying to secure very mixed content that is located in an ASP.NET directory. For purposes of this question, it can be ~/MyApp/.
I want all of the content in the directory and its subdirectories restricted to authenticated users. The default.aspx page, though, should be accessible to everyone. This is the web.config in that directory:
[Code]....
Now if you are an unauthenticated user, everything works fine if you request [code]....
The problem occurs in that visitors do not always request "Default.aspx". We have a default document configured so that they get Default.aspx even if they just request "/MyApp". An authenticated user works fine, but an unauthenticated user is directed to the login page.
Now I know that essentially this happens because even though the request for "/MyApp/" will actually end up serving up "/MyApp/Default.aspx", the security system is only checking for "/MyApp/" since that is what I requested. That is then getting the default security for the directory.
How can you configure an exception to allow access when no particular file is requested in the directory??
Is there some dependency between DefaultDocumentModule and UrlAuthorizationModule? In this environment, the UrlAuthorizationModule has been removed and re-added in order to make sure it fires for non-managed requests. I would not expect that to change the order of execution, though, since UrlAuthorizationModule usually goes after DefaultDocument.
A workaround could be to set up the opposite security with the directory being open, and then trying to secure individual files. Because of the (changing) number of files, and extensions, etc, and the fact that you cannot use wildcards in a <location>, this is not really a workable solution for me.
View 1 Replies
Jul 5, 2010
to build the functionality whereby if a user supplies login information to facebook within an asp.net membership site that I can query their friends list?This is to make it easier for the user to connect to friends and to send a link to them (e.g. almost like a bookmark). Needs to be secure and not open to abuse e.g. spamming...!
View 2 Replies
Feb 14, 2011
Is it possible to see who is currently logged on?
View 5 Replies
Dec 9, 2010
Hi, I want to show the sequence number for the exception (from sequence number column in ELMAH_Error table) , not the GUID to the user whenever an error occurs. is this possible? I found this post Problem passing ELMAH log id to Custom Error page in ASP.NET, but it gives the GUID, I would like to know how I can access the sequence number in Logged event of ELMAH component?
View 2 Replies
Mar 24, 2010
I've set up a page where create logins with createuserwizard. I can login with created account but I get logged out after like 20min if I dont do anything (reload etc). How can I remove this timeframe? I dont want a timeframe at all, i want to stay logged in until i close the browser.
View 3 Replies
Sep 1, 2010
Our users are only only allowed to log into our site from one location at a time. If they attempt to login from a second location, how do I log them out of the first location?
View 1 Replies
Mar 27, 2011
I created my own register system with my own register form together with the asp.net login control
the user register and the data is sent to my custom table and I used a method that check if the user exists in my table and the asp.net login control display the correct result "if exists or not"
everything appears to work correctly but I cannot access pages that deny anonymous users with the configuration file.
View 3 Replies
Jul 2, 2010
I put common code in the app_code directory. I access classes in the code all the time from aspx.cs files by "using" the name space from the C# file in app_code and then referencing the class. Now I want to access a class from an app_code file a aspx file. How do I do this?
View 8 Replies
Jan 26, 2010
I need to set my logged in time in web.config but I do not know how? I get logged out after a while if I do no do anything in the website but I wanna be logged in for 120 minutes.
View 3 Replies
Feb 10, 2011
I know how to identify the current user during a specific browsing session and can thus control the data, etc, made visible to that individual user. I also know how to find out how many users logged in within the recent past, using:
Membership.GetNumberOfUsersOnline()
.... which I believe calculates the number of users who have logged in within the past 15 minutes. However, I would like to know if there is any way to identify all the users who are logged in at a point in time. Is this possible?
View 9 Replies
Mar 8, 2011
I am using ASP.Net Forms based security with the login control. On my site a user will make a number of selections that will be written to a database. Is their a unique user id that I can get from the AspNetSqlProvider that I can use to id users in my database? When a user logs back in after being away I want to be able to retireve the users information using this id.
View 7 Replies
Jun 9, 2010
I have been creating a website using the SQLMembershipProvider. I have been using an administration account to create the back-end system for generating the users fine for about 2 weeks. I now have more users created and I can log in fine. However, when I log in as the newly created users, they can get to the page they are after, but if they refresh the page or redirect to another page, they get redirected to the login page. I have checked permissions, iis recycler, session state and security setting in my web.config (posted below) but nothing has fixed it. It cannot be IIS because it does it on my development machine as well as on the actual webserver and it works fine for the admin user.
Ttype="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
[code]...
View 4 Replies