I've read the tutorials about Forms authentication and one question still remains:
How to declare a page as one which needs authorization for viewing it ?
I can think of two methods -
1. Checking in that page itself and then redirecting to login.aspx
2. Declaring it in web.config somehow
I have a master page and its been working but I introduced roles and created a roll that so only admin's have rights to the admin folder. I then created a page using the master page in the admin folder I have my content there. All is well. However the links now that came from the masters static content isn't working. like HOME, LOGIN, ABOUTthey now try to go to /ADMIN/home.aspx inside the master i have /home.aspxWhats the trick here to get the master links to stay at the root or there orginal location after I click on the secured page.
View 5 RepliesI'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<%
Response.Buffer = True
If (Request.ServerVariables("HTTPS") = "off") Then
sQ = Request.ServerVariables("QUERY_STRING")
sURL = "https" & Right(sQ, (Len(sQ)-8))
sURL = Replace(sURL, ":80", "")
Response.redirect(sURL)
End if
%>
My restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
[Code]....
Do I need to configure security for that folder separately?
I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the asp.net page or java script to access this secured folder with username and password without pop up the login form. find the method for asp.net page accessing the secured folder automatically.
View 2 RepliesI have a WCF service returning JSON to jQuery ajax calls and presenting the results on an ASPX page. When the page is NOT under SSL, the ajax calls work perfectly. When the page IS under SSL, the calls fail. I understand that this behavior must be due to the Same Origin Policy (SOP).
So, how do I setup my WCF service to accept calls from an SSL-secured page? Does the WCF service also need to be secured? If so, how do I do this?
know "How to create a secured ASP.Net page which uses the https method".Note:
View 2 RepliesI am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
I have an ENUM shown below that I would like to be able to use on multiple aspx pages. I would like to put it in a class (.vb) file in App_Code
I was not sure of how to declare it in the class file and then how to refer to it on the aspx pages.
Public Enum Slots
NotDefined = 0
Host = 1
Admin = 2
Seller1 = 3
Seller2 = 4
SellersAgent = 5
SellersAtty = 6
End Enum
I've began working with asp.net mvc very recently and I've ran into a problem.I've got an aspx page which renders a few ascx pages. What I'd like to do is declare a global var at the aspx page so it is visible to all its childs. I tried <% var i = 0; %> but it wasn't visible at the child pages. What could I do?
View 4 RepliesI am trying to declare a public property and access it from another page. I can't seem to be able to declare it. I'be tried putting in the code behind but it gives me errors.
View 2 Repliesi want to declare a variable in page load{} as global so that i can monitor it so that it is not recreated each time
View 4 Replieshow to declare global variable in master page and use it in all pages
View 1 RepliesWe have a web site in the domain, let's name: http://website.com. It is necessary to implement same look-and-feel on another web site (https://custom.website.com). As we can see, the 2nd is in the sub-domain of the 1st one, but it is secured (it uses https).To achieve same look-and-feel same DLLs are used in both web sites. These DLLs contain functionality for menus, JavaScripts, etc). But the 2nd web-site uses images and some css files from the 1st one. For example, in order to display "Logo.png" instead of usual "~/Images/Logo.png" the following path to file is rendered into HTML: "http://website.com/Images/Logo.png"
View 4 RepliesI was using a web service like this
1 - Included a web reference named "wsProxy";
2 - in default.aspx.cs
using wsProxy;
wsProxy.Service wSp = new wsProxy.Service();
TextBox1.Text = wSp.HelloWorld();
it was working like a charm but now this web service is secured.
as i'm new to .net, i deleted the web referece and include it again just bcoz i dont know where to place the username, password
now my web.config is
[code]....
Getting Error
The request failed with HTTP status 401: Unauthorized
i have to build a small webapp for a company to maintain their business data... Only those within the company will be using it, but we are planning to host it in public domain, so that the employees can connect to app from various locations. (Till now I have built web apps that are hosted internally only)
I'm wondering whether I need to use a secured connection (https) or just the forms authentication is enough.
What should I do to prepare my website for https. (Do I need to alter the code / Config) Is SSL and https one and the same... Do I need to apply with someone to get some license or something. Do I need to make all my pages secured or only the login page...
We have to use iframes in our site to open a secured third party page within it. If we run our site thru HTTP , the page shows up in iframes.
But if i run my site as secured(HTTPS) it doesn't dispaly the third party secured page in iframe. We have src tag in the iframe.
How do declare a public variable .aspx web page that can be used in all the pages within my web application? And/or create a Public Sub?
View 3 RepliesI have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. Am I missing something important? It seems like it could be a really big security issue.
View 3 RepliesI've created a custom membership provider and I am trying to use it to secure my WCF service. But, I am getting this error:
The service certificate is not provided. Specify a service certificate in ServiceCredentials.
I don't want to use an x509 certificate. How can I get this working?
Here is my service config:
<?xml version="1.0"?>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding1" maxBufferPoolSize="2147483647" [code]...
UPDATE.This blog post, enter link description here, says:[When] you opt in for the UserName client credential type, WCF insists that your service must also reference a service certificate that contains a private key.
I am going to host my service in IIS and plan to use SSL certificate in the web site for encrypting communication. Can I make WCF not insist that I reference a service certificate?
I have an asp.net site. It has an order form which is accessible at https://secure.example.com/order.aspx. The links on the site do not include the domain name. So for example the home page is 'default.aspx'.The issue is that if I click on a link like the home page from the secure page, the url becomes https://secure.example.com/default.aspx instead of http://www.example.com/default.aspx.What's a good way to handle this? The scheme should automatically work using any domain name based on where it's launched from. So if the site is launched from 'localhost', moving away from the secured page, the url's should be http://localhost/...
View 1 Repliesi have create web application for school management system...bt when i run my webside...(my welcome page is defaul.aspx bt if i want to acces studentdetail.aspx then i only enter url and i get studentdetail.aspx)
View 1 RepliesHow do I protect a webservice if it is called from ajax ?
Update: I realize that my question didn't reflect what I intended to ask. I don't want user to be able to do the request by pointing to it with its webbrowser but only in the context of my app.
I've got an asp.net application (written in vb.net). I have a results page that spits out some calculations. Ineed to write out that output to MS Word. The catch is, this happens within a folder that is secured (only users that are logged in can generate
the word document).
Here's what I'm using to gen the document. This works ok when running it locally, but not when loaded to GoDaddy hosting.
[Code]....
My code seems works fine locally. However, after loading it to GoDaddy it only works on a non-secured (not subject to ASP Membership), but when trying to use it in a secured folder the page clocks and eventually closes out.
Ours is a Asp.net web application. Database is Oracle. Its an Internet Application.
Database will be in one location and Web application in another. Data from Oracle to Web application will be passed over Internet.
We are using EnterpriseLibrary. And provider is System.Data.OracleClient.
We need a provider which encrypts the data while passing data over internet.
Do we need to go for some third party Providers or ODBC ?