Security :: Configuring Web.config For A Folder That Requires Logging In?
Jun 13, 2010
I have a problem configuring web.config file. In root directory I have a web site that doesn't require logging in to be viewed (public section of the web site) and I also have a folder ("Administration") that needs logging in to get access to it. Login.aspx is located in folder "Administration".
The question is how to properly set up the web.config to connect Administration/Login.aspx with Administration/Default.aspx. I tried editing web.config in root directory by adding the following lines, but it only shows me Login.aspx and it redirects me to the public section:
[Code]....
Do I also have to add web.config in "Administration" folder and with which parameters?
There are some folders in my application that are only accessible by users in certain roles.In order to protect the contents of these folders, I placed web.config files in them which look like so:
[Code...]
Also,in the main web.config file, I have this configured:
[Code...]
However,when I try to access a folder that I'm not authorized to access, I'm not being redirected to unauthorized.aspx page as indicated in the main web.config. Instead,I'm getting sent to the login page.Any idea what I'm doing wrong? Here's the authentication section from the main web.config:
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
I think my subject line explains my problem in a nutshell.. I have a login page, I login like I should and everything works.I logout and when I type/paste the address to the page, in the address field, I still reach it just like if I was still logged in..The page I type in the address field is in a subfolder, only suppose to be able to be reached by logged in users and in this folder,ith it's own web.config-file:
I've a solution which consists of a web project and a class library project. The web project solution directly references a wcf service. There is a 2nd wcf service, but it is the class library project which directly references it. I'm adding the class library (output) as reference to my web project.
Hence in my web project's web.config I now have two scf services configured. This process was easy since I had manually copied the app.config (system.serviceModel part) directly to the web.config, and then configured the web project to talk directly with another wcf service (directly, not through any dlls).
My web project needs to talk to a 3rd web service (asmx). Again I plan to bring this as a class library and include the dll into my web project. (This is a separate solution). When I took a look at this particular class lib project's app.config, I thought i just copy those necessary sections and merge it correspondingly with my current web.config.
So for the 3rd class lib project (which references the asmx service) I happened to notice that it had, under the bindings node, a node called basicHttpBinding, and next, a customBinding. Then further under the client node, there were two endpoint nodes which had the service attributes. (I don't understand why there should be two end points here first of all).
So I copied what came under the bindings node (from the 3rd class lib prj app.config) and appended it to the bindings node (in the web.config). I did a similar process for copying the end points too. But now when I try run the web site I get an exception which halts at the time of initializing the soap client (asmx service): it says something like its not able to determine the endpoint for this contract.
The web.config before I add the asmx web service looks like this:
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count)); ... }
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
Im learning how to use the SqlMembershipProvider. I want to use my google mail account to send the automatic mail message like for example to recover passwords.
I am in the begininng stages of designing (or redisigning) a site. I am using VWD Express 2010 and the project is configured for .net 4.0. I am designing it offline so its currently just on my laptop, which is also running sql server express 2008 R2.
When I ran the ASP.Net Configuration tool, it automatically created a database called aspnetdb in the app_data folder where it stores all the user and roll info. How can I use a different database that has the same schema as well as some additional tables of my own. I want to point it to mylocally running sql server.
I tried creating a login page as ASP.NET web application. Then as we have to configure the page to connect to the database to retrieve user details, i clicked on the ASP.NET configuration under Website control.. I was taken to the configuration page with three tabs.. Security was the tab that i was supposed to configure.. But i am not able to go through to the security tab. I get the following error message.
"There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem: Unable to connect to SQL Server database."
since installing VS2010 I have problems with configuring membership. Using a online sql database what I prepared with the aspnet_regsql tool tables are there connection string is ok! when I open the ASP net config tool, I do not manage to select the membership provider. Underneath my web config file. can sombody tell me what is wrong??
I have finally designed the school portal. I am having another challenge now. I have created the recover password page. But when it comes to clicking submit I recive error. How do code this so that the password will be sent to my members email.
I am new to developing asp.net. I have a Microsoft Access database file (.mdb) I am including as a data source on a form. This populates a drop down list on the page. When I run the page in a browser it immediately asks for authentication. If I put in my windows username and password the page pulls up fine, and the drop down is populated with the data. If I don't, it just give me a 403 error and says I'm not authorized. I cannot figure out how to make this page stop requiring authentication. I have only tried one thing. In the web.config file there is an attribute called authentication. It was set to "Windows" I tried setting it to "None" but that did not appear to have any effect. It still asked for my username and password. How can I make an asp web page using a Microsoft Access data source not reqire user authentication to view the web page?
I have created a login page which uses the Login control. If the user is not already registered they a redirected to another page to register. My client wants them to be logged in from when they register, and taken to the main page of the application.
How do I log a user in manually, without using the Login control? Am using forms authentication, and have the dbo.aspnet table and stored procedures already created.
Im building a web application that charges for access on a per user basis. Ive used standard roles and membership for setting up accounts and logging in. I want to ensure that a client cant use the same user details to login more than once
ie if user abc1 is already logged in, someone else cannot login again using the same credentials
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); After doing this, the user is logged in with the txtUser.text
But the question now is, how do i retrieve that user name from Authentication or whatever on other pages? is it possible or not?
Because i know that person stays logged in untill he logs out with this code: FormsAuthentication.SignOut();
And one more question i dont know is this one good for this or not how do i better check if the person is typed in correct name and pasword or not, with executescalar or executereader?
I'm very new to asp.net and c#, I understand the basics but don't understand how to create a login system using C# to connect and login using a Microsoft Access Database.
I Am using the basic ASP.Net controls. This worked yesterday and I don't believe I changed anything but when I came back today I could not login due to an error "Invalid postback or callback argument" which really confused me because like i said, it worked yesterday. I researched and found a solution to fix that was to set
[Code]....
I did that and now can login again however can no longer logout. The controls are all on the masterpage as posted below
I have a folder with png images that are not shared or public (the folder is outside my application folder). Now I want my users to be able to view thoose images only if they are logged in (different users, different images). All images have a name that correspond to the users id. My idea is to stream thoose images into the asp:Image control, is that possible? How do I do that? Other (better) solutions?
I have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
The db connection seems to work. I can create new users with the new user wizard control. And they show up in the databaser. But i cant log in. I use the log in control and just get "wrong password". I am sure i type the correct password as i made it very easy. here are my webconfig settings.
There is one thing i have no clue how to configure. The APPLICATION NAME. What is it? And what should i set it to?
Is there something here messing up my login functionality? I can't log in. Before when I was logged in, I couldn't log out. It seems to have started when I clicked on "Remember me". Could there be something conflicting with web.config and the aspnetdb profile provider service setting that was initially set regarding profiles/roles/access?
I have a requirement to log all/most forms authentication transactions that take place within my page. For example, if someone is kicked out because of forms authentication, I'd like to get their username, time when kicked off, and where this happened. Is there a good way to do this. Better yet, has anyone done this already and is willing to share some code or post a link?
