Security :: Display Error Page 403 When Person Types An URL?
Jul 15, 2010
I try to create a webbased application with vb 2010 and asp.net 4.
I have a main loginpage, from there users are redirected based on their roles, I have 2 subdirectories and a admin page. User are being redirect so that is not the problem, but when for example, I am on subdirectory 2 and type in the addressbar the mainpage of subdirectory 1, I am redirected to the loginpage and still being loggedin (I see the login page but also my username in the upper right corner). What suppose to happen, is when a user types an unauthorised url, they should get a 403 access denied page (because it should not be possible to go directly to an other sub folder) and return to their previous page.
In every subdirectory folder I have a web.config with authorization on allow and deny access.
I have a page which can only be seen by the members...no guest can Access tht page ...m using asp.net wid c# can i get an basic idea how do i redirect tht person to login page if they r not logged...and wid a condition tht if they r loggin already thn no need to show the loggin page they can directly access to the private page
When the page loads I am able to click the add button and it moves the selected person from one dataset to the next. If I then try to move another person I get the error message 'Cannot find table 0'. I have changed the text to bold where the error occurs.
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
All the examples and websites i have looked at redirect a user to the error.aspx page when an error occurs. How do you just display a friendly error message on the page the user is viewing saying something like "Sorry unable to do whatever" I've tried using a try catch block on my class that executes a stored procedure and put another try catch on the controller, but this does not work and i still get the default error message (System.InvalidOperationException was unhandled by user code) My code is below:
[Code]....
So how can i just return ViewData["SqlError"] message in page.
I am trying to handle the unhandled exceptions in my project.I tried with this following code in my web.config filebut it is not at all redirecting to an error page which i have created instead of that it is throwing an exception in my code itselef. How to print the error description over therein my custom error page.
System.Data.SqlClient is not filling DataTable named "Person" Go to [URL] Webpage message reads: Exception Details: System.Data.SqlClient.SqlException: Invalid object name 'Person'. Source Error:
I've read some articles about how to customize the look and feel of CreateUserWizard but none of them showed me if I can display my error messages somewhere else in the layout. Currently, they appear right above the register button. I'd like to display them next to the table so that there's plenty of space.
I have an application that allows admins to add types such as document types and training types that are in seperate tables with a foreign key in a transaction table.
When structuring my class I decided to go with an abstract-like pattern (without the factory methods though). So I have a Type abstract class that defines my Save, Delete, and GetList methods. I have a training type class that inherits this class. The thing is all types have 3 main properties - defined in the abstract base - but have different source tables and thus different store procedures in my DbCommand object. So basically I repeat setting up the same parameters on all the derived classes. I would like to implement the common stuff in the base but I am getting thrown off by the difference in data sources.
i have a datagrid control which displays users created using sqlMembership..it has a row deleting event which is only accessed by administrators here is the code..
[Code]....
my problem here is to catch the securityexception and display in label
I am doing a graduation project ..... it suppose to be with google maps asp.net first i used ur code to show multiple markers and i did the code that get the location by ur ip address but when i mergine these codes together none of them work..i just need when i open my website the map centered on my location and and showing the markers in that area this is the code that i found for location by ip address
<script type="text/javascript"> if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(success); } else { alert("Geo Location is not supported on your current browser!");
[code]...
and another thing how to change the marker i wanna put any image but every marker has his own image according to table is db marker type = 1 then the image is..... . png ETC.
select SUM(PETTYAMOUNT) AS tot FROM FINPETTY WHERE PETTYAMOUNT IS NOT NULL AND CENTER = '1' if (drReadera.HasRows) { double totamta = Convert.ToDouble(drReadera["TOTALSUMA"]); Label2.Text = String.Format("{0:N2}", totamta); }
note: some of the pettyamount is null that's why i've got an error in page.
Say for my ASP.NET application, I have implemented my custom RoleProvider by using my existing Users table on my Oracle 11g database. Then, for my Membership Provider, can I still use the AspNetSqlMembershipProvider that comes with the .NET framework and uses SQL Server?
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.I also thought about checking against MIME Type using PostedFile.ContentType.I still don't know if this is adding any further functionality than checking against file extensions alone, and if an attacker have and ability to change this information easily.This is basically for a course management system for students to upload assignments and teachers to download and view them.
In my asp.net gridview i want to count how much peoples are qualified in MCA and display the value in a lbel in same page. The qualifications are in COURSE field in my table anme persadata
What do you think about an ability of having multiple logins and login types to be attached to the same user? Let me explain this by showing how database schema can be re-factored to support this model:
Remove [Password], [PasswordSalt] columns from [Users] database tableAdd [Logins] table with one-to-many relationship between [Users] and [Logins] tables.This will allow one user to have multiple credentials attached to his or her account of different types such as Username&Password, Windows Live ID, Open ID from different providers
You will be able to restrict allowed login types and OpenID providers in web.config
So.. do you think it is a good idea to add support of this model into ASP.NET 4.5/5.0 membership service?
I want to add mime type in web.config to make downloading files for users.but after adding mime tag, website starts showing internal error 500 and removing this, it runs fine but when user click on files to download then it show error that file not found. So I need to add proper mimetype for my uploaded files. So pls tell me the proper way to add it to web.config file.
So admitingly I am fairly new at .NET...I have been a PHP guy for rather long time...
Heres my code:
[code]....
Essentially what I am trying to do is query the SQL database by the username. This above code is a method within the user respository for fetching a user by their username. The variable "username" is passed in as a string.
When the method is called a recieve the following error:
The data types text and varchar are incompatible in the equal to operator.
This to me is rather confusing since the field in the database, user_username, is a text and the variable passed in, as said, is a string. They should be synonomous for all practical purposes.
