Security :: Different Users In A Business .net Website?
Mar 31, 2011
Im not sure what it is called, but I need help with this. I need some tips on how to get started on an ASP.net site that will have different users. When each user logs in, they will be able to enter their own personal information such as address, hours worked, their own timesheet etc. I want to have it so each user will be able to only see their own data, not any other data entered by other users. I hope I am describing it ok. Please let me know what this process is called, or any good ways to get started on this.
asp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
i have a search box, many text boxes which taken various inputs and save it to database using primitive methods such as "insert into....." executenonquerry etc.have read something that " a textbox by itself can prevernt attacks known as sql injections" is that true?if sohow to enable it?does it need extra coding?
I have an asp.net web app that uses forms-based authentication, a SqlMembershipProvider (using an encrypted password format), and a SqlRoleProvider. I need to know if it's possible to administer the users (create new users, assign them to roles, etc.) from a windows application - the powers that be don't want any administrative functionality in the web app itself.
Here is the membership provider definition from web.config:
[code]....
So, obviously, I have a Sql Server database that contains the users and roles for the web app. I'd like to create a separate windows app that references the web app assembly, and use the configured MembershipProvider, RoleProvider, and machineKey to create users, assign users to roles, etc. If that's not possible, I can duplicate the configuration settings from web.config within the windows app. But I don't know how to do this either.
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
I built a website that tracks submissions online (SQL server express 08 edition). It has its own User table thats linked to other data tables specific to the business of the website. But I found out recently that I can save lot of time by integrating ASP.NET standard Login Controls that can automate lot of coding and make my life easier. Now since then, I added the login controls, integrated the work flow into my website (just user , role navigation so far) and noticed VS creates its own user tables , view, SPs etc. I am okay with that.I need all my submissions to be linked to a particular user that enters each sumission. Now since my user (userid) moved from my personal custom table to a standard ASPNETDB.mdf table... how do I link my original website database and tables to this Default User table / (ASPNETDB.mdf) created by VS.
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
i have a gridview that displays a number of columns, there is some rows that are to be confidential for some users "secret" records, i.e some users will see some of the rows as access denied in the cells and they won't be able to click the row to take them to detail page. other users will be able to see these rows data in the cells and able to click on the row header to take them to detail page.
how to display data/links in grid view cells selectibaly without changing the data in database?
I got a requirement from client that he wants to know distinct users information from sites and it sub sites those have access to site. There are separate groups for each subsite (contribute, approval and full access). From these all groups find distinct user information.
When I run my website through debug mode in visual studio everything looks great and all the images on the page show up fine. But once I deploy my website to an IIS7 web server (doubt that other versions would make any difference, but you never know) then users can't see the images on the site until they log in.The website is an asp.net MVC site and I'm new to MVC, though I do have lots of experience with asp.net forms. It seems that only authenticated users are allowed to access the images folder, and there is an authorization section in my web.config saying that only admins can access the site, so how do I make it so that all users, authenticated or otherwise can view the images?
I need to add the ability to register users in my web site. I'm sure that 1000's of programmers already did this, so why should I build from scratch? Does someone knows where can I find a module like this as well as other modules?
VWD 2010 Express. Windows 2003 Server. I decided to move my web site from the Inetpub folder on my C: drive to an Inetpub folder on my D: drive to free up space on C:. I moved three web sites. Two of the sites worked fine after the move (I went into IIS 6.0 and changed the home directory of all the sites). One site, which requires authentication using the Windows Active Directory (AD), did not work properly. I could access the site and login with any administrator login. But all other users, although they enter the correct credential, continue to be reprompted for their username and password. The site uses "basic authetication" to check users credentials against the AD. Can anyone think of a reason I would have this peculiar behaviour just because I move a web site's files from C:inetpub to D:Inetpub?
I am currently working on a project in which I am assigned to provide e-mail features to the users of our site. unlimited users can create there mail accounts dynamically with our servername say if the website address is www.xyz.com then the users of this site can create their mail boxes like user@xyz.com. My clients want to provide e-mail service like yahoo, gmail, aol, hotmail, rediffmail, zapakmail, etc...
I have a web application using Forms authentication provided by AD. I would like to know if it's possible to use EWS to send mail as the currently logged in user without having to supply credentials, or; would I be required to set up an account with impersonating access which will send mail on behalf of the currently logged in user?
I have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file)....
[ServiceContract(Namespace = "")] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class DispatchService [code]...
The idea is that the user logs into the website and is then authorised for all services. I do not want to have a login aspect to my Silverlight application to authenticate users.Therefore I dont want anyone to be able to call my service who is not authenticated.
Could I...Somehow determine this for each Operation Contract. I had a look inside the OperationContext object but couldnt find anthing that stood out as a way to determine who the user was.Somehow attribute the ServiceContract so that the method can only be used by authorised users?Put something in my web.config to stop unathorised users from being able to access the folder containing the services?
