Security :: Grant Access To Default Page For All Users - Authenticated & Non-Authenticated?
Aug 18, 2010
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
I'm setting up a new web forms app and want to use ASP.NET membership. All my users must be authenticated. What is the best way to implement this?I'd love to deny all unauthenticated users in the root folder of the app by setting this in web.config but then where would I put the login folder? I'd like the login folder to be a subfolder of my root folder so that the URL can be www.myapp.com/login/Another idea is not to put the restriction in the web.config but put the logic in Session_Start in global.asax but I really like the idea of controlling who can see what using web.config files.
we want to have a fronend to a custom databasince, since I do have experiance with HTML/CSS and have used VB.NET before, I'm the one that gets to make it.
problem is, the one thing I have not used before is the autentication system in ASP.NET, I want to use single-signon for the system.
and I do have this right now, the only problem I have is how do I check if a user is logged in, and change the page content for autenticated users.
the template does have this:
[Code]....
which does indeed change the login view, problem is, how do I change this to change the pages and menu.this:
[Code]....
has to be a longer menu that also gives options to insert data into the database and/or remove/update the data.
I am using the membership provider and am reasonably comfortable that all of my web pages are safe.Some of the pages contain hyperlinks to documents (pdf, xls, etc.) stored in a folder under the root of the web site. I have disabled the ability of users to anonymously list folder contents, but I don't see a way to keep anonymous users from accessing the documents if they know the specific URL for that document. Example; if the document contains a spreadsheet of current sales, I don't want an ex-employee (who captured the URL while working here) to be able to bring up the current document.asswording the documents isn't a good choice because there are hundreds and we'd like to avoid changing them all every time someone leaves, or weekly, or whenever...Is there a way to restrict access to all contents of a web folder to people who have been authenticated?
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
This causes even the authenticated users but unauthorized resource requested users to redirect to logon page. but i need only to redirect this page if user try to access unauthorized page and not already authenticated(logged on) and redirect to custom page.
Is there easy way to do this without writing custom action filter?
Why can I still access files inside a forms authenticated part of my site? Any webpages say that you need to login to view them, but people can still access images by typing in the address bar. I am using forms authentication with my own database, so none of the aspnetdb services like membership roles etc. Is this a bad way to do things because I'm pretty deep into it now and it would be very difficult to change.
I need to check if an authenticated user is authorized to access a directory. I have done this before with a base class library method, I just cannot remember what class it's part of or what it's name was. I think the method was a static method and the class may have had the word Utility in it's name, but I just can't remember or find it on the net. BUT I KNOW I HAVE USED IT! The method definition was something like:
Ok so I've created a login page that accesses my Active Directory and challenges against it. What I would like, is if a user is logged onto the computer within the intranet with Active Directory Credentials for them to bypass the login to the web page.
However if they are outside of the building on a random computer, they should be presented with a login box just like they are now.
I have a simple user-registration website where I keep records of registered users. I also have an admin page to upload videos, however videos are uploaded to a different server.
I want to show this video only to my registered users on my website, since the video is on second server, how can I protect it?
I thought I could build an application and install it on second server, this app will watch whether the requested url is for videos, if so then it'll redirect the user to my login page and here he'll be authenticated and again redirected to the same video url.
We have a series of Silverlight apps that use WCF services via SOAP for just about everything. As we migrate to AJAX we've been hoping to expose the same services via JSONP with little more than config changes on the server.Although the message "Cross domain javascript callback is not supported in authenticated services" seems pretty explicit, I'm hoping there might be a way to allow it. We have a need to expose user-centric data across domains, but we'll need to roll our own JSONP to make it happen if this is a hard "unsupported". It would be even better if there was a way for the server to validate the referrer against the client access policy we provide for Silverlight clients, but for now we just need the general requests to not fail if the user happens to have an auth cookie for our domain from a previous visit.f there's no way to allow this to just work, we're also considering the option of channeling the requests through an IFRAME, but we're definitely open to other recommendations.
As part of my new user setup, when they sign up for an account I create want to be able to create a directory under a Documents folder for them and then write a web.config file in that folder limiting access to it to the new account. However because they are still in the process they are an unauthenticated user at that point (Forms authentication), and I get an error that they don't have rights to that folder I want to create their sub-folder in. What do I need to set the folder security at to be able to create a folder and a file in that folder from code?
I have a login page. Once a user is authenticated they are redirected to another page, (called pg2). I don't want just anyone typing in the url and getting to pg2. If they are not authenticated I want them to redirect to login.aspx. To achieve this, I'm using this code below. But it's not working. I am using a nested master page and I don't know if this is causing the problem.
I have used the Forms Authentication for logging in and in that i have created the Forms Authentication Ticket and in that ticket i have passing the data with comma seperated values.how can i get the data which is in the ticket to access in the Authenticated user pages
I want to have my code fetch the authenticated user name that is running my code. There's a line or two of code that will accomplish this and I had it but I've misplaced it.
I have a web application on IIS that will authenticate using windows authentication (Active Directory). So when they access the application http://iisserver/webappname/ it ask for username pwd and domain. (currently working) How can I get information of the authenticated user in the web app through c#?
I got only one ideas to control with the session. When user log into the master page, I insert the current login user and session ID and active status to the SQL table. if user logout manually or close the browser or session expired, I want to change the inactive status. So I can check how many active user are there and the system can prompt the required info to the user. But now, I can't find the soultion to change the inactive
status in above condition.
That doesn't seem right to me. I m sure I 'm making incorrect assumption about this matter.
i have created a custom principal class, and a custom Identity.
named SystemIdentity and SystemPrincipal.
SystemIdentity class has some additional properties ( UserID, UserName, Age, ...)
in my Global.asax file I changed PostAuthenticateRequest event as bottom
[code]....
i wonder theese questions answer now:
1. where i can assign the additional properties of SystemIdentity ( UserID, UserName, Age, ...) 2. which Identity is Authenticated by FormsAuthentication.SetAuthCookie? is my custom Identity, or GenericIdentity?
Since I need user click a link from his/her email once they registered, currently after user registered, and click the "Continue" button (CreateUserWizard1_ContinueButtonClick) or CreateUserWizard1_UserCreatedSuccess, it will be authenticated, how do I prevent this until they click the active link from their email?
I currently have a ProfileCommon enabled on my site and would like to know where I would start to transfer this ProfileCommon's context to a user's profile after he/she has logged in. Here is a snippet of how I have defined this ProfileCommon:
In one website I am working on we're using a java applet in 2 places: the 1st one in a public area where it works just fine and one in a protected folder where it just doesn't work. The protection is performed with forms authentication. The error is shown below. Any clue ?
java.lang.ClassFormatError: Incompatible magic value 218774561 in class file activeup/activeupload/UploadApplet at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClassCond(Unknown Source) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Exception: java.lang.ClassFormatError: Incompatible magic value 218774561 in class file activeup/activeupload/UploadApplet
