I want to grant access to some ressources located on server only for specified web pages, how could I do this?
For example I have an image www.mysite.com/images/image.jpg and something like <img src="www.mysite.com/images/image.jpg" /> should only work on site asp.net.
Is it possible with web.config or maybe with some C# code?
I have a web app that uses AD to authenticate the user which works great. But i received a request where a user that is outside of the Ad needs access to the application.
Is there a way to add this user manually (Maybe in web.config) to allow them to access the application?
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
Is there anything missing in IIS 6.0 that prevents me from (Insert into table) using MS-Access?
Explain: The application works fine under Visual Studio 2008 IDE the insert into table works fine with no error, Also I tested with hosting provider and works fine with no problem. but now I have published the same exact app in a dedicated server windows 2003 with
IIS 6.0 .NET framework 2.0 with latest service pack I gave IIS_WPG write/modify access to the folder where MS-Access database is located and database but at the time of insert an error pop-up. I need to install in the Server or settings in the IIS to recognize my MS-Access db is it some office runtime that I am missing. (BTW I am using OLEDB connection string in my C# )
Using System.Data.OleDb;
I can retrieve data off of it with no problem but when I try to insert is when it fails I thought the problem was Access Rights but I do not think is the case.
I have a database with tons of SP. Is there a way to grant a new user access to all SP so the user can execute then?If the SP inserts data in a table do I have to grant the the user that executes the SP so he/she is allowed to insert data
View 2 RepliesI have wav/mp3 files that I want to grant access to only users after signing into my webapp. I have the user credentials being checked through a mySQL db. I do not want the files to be able to be accessed by url. I have found that adding the mime type to the web.config section at
[Code]....
will disallow access to the files by url, but how can I allow access programmically to the files after signing in?? Currently using godaddy hosting.
I need to allow my asp.net application to read and write from and to a folder.
View 2 RepliesI have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
I'm developing a managed module for IIS7. Assembly with my code is placed in GAC and worked fine within 2.0 pipeline. But with .NET 4.0 pipeline (and Medium Trust Level chosen) there are no permissions to read registry and code is unable to read/write
"C:Program Files<Folder>MyAppConfig.file"
Is there any way to grant my assembly with proper permissions to do this?
If I want to retrieve part of an HTML from pages that is located in other domain using AJAX, how do i do it securely ?
View 1 RepliesI am getting this error on my web site and it is preventing the site from compiling. The site is in full trust and the web site files are on the local drive. Web searches show that the only two issues are full trust not enabled or the files on a UNC path that is not trusted and neither is the case here. This site is on an Win2008/IIS7 server. Anyone have any ideas as to why this is happening or where to look for other trust level or security settings to resolve this.
View 2 Repliestwo weeks ago I read a MSDN(?) article how to grant/revoke permission for some users/roles/groups on a specific page or holder temporarily or with condion. The article shows how to do it Form_Load() in c#. But I can't find the link with googling or in MSDN library.
Please let me know if you know the url?
What I want to do is:
There is a folder called employeePDFs.
The folder will have 1000s employees' sub folder ({lastname}{firstname}{employeeID}). Each folder will have very personal indivual PDF files which are manually uploaded.
If an employee logs on, then the logon employee can view a page which has a list of PDF files in his own folder only.
Those PDF files can be assessed only by the user.
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 RepliesI have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 RepliesI only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
View 1 RepliesIn my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
View 5 RepliesUsing VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 RepliesIn one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 RepliesI have used a lot, in my application, the code below in order to access a Panel located in MasterPage.
CType(Master, MasterPageName).Panel1()
But, right now I need to do the same command above, in a page located within an iFRAME. The parent page (that calls the iFrame) is normally using that MasterPage. But the iFrame isn't.
I have a silverlight client that i want to get and write data to a DB located on the server . now this is what i did :
1. created the silverlight projecte hosted in asp site project, with wcf enabled .
2. created a DB with some tables in it.
3. created linq to sql classes, and wcf service with operation to fetch data from the DB, added the project the referance .
result:
when i debug it locally on localhost, it workes perfectly, but when i upload all the content to the server i get an error, my guess is that the service is not finding the DB . after I uploaded the content, all i did was change the connection string in my web.config file to the one provided to me by the hosting server.
exception:
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Timestamp: Fri, 31 Dec 2010 12:11:43 UTC
Message: Unhandled Error in Silverlight Application An exception occurred during the operation, making the result invalid. Check InnerException for exception details. at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at MyProfile.ServiceReference1.GetMessagesCompletedEventArgs.get_Result()
at MyProfile.MainPage.webService_GetMessagesCompleted(Object sender, GetMessagesCompletedEventArgs e)
at MyProfile.ServiceReference1.ServiceClient.OnGetMessagesCompleted(Object state)
Line: 1
Char: 1
Code: 0
in its webconfig file i have
<identity impersonate="true" userName="webserverloginname" password="webserverpassword" />
sername1= username of the system
password1 = passowrd of the system
username2= username of the the database
password2 = passowrd of the database
client system which access the database server aswell as web server
I am trying to attach my database to Microsoft SQL Server Management... I right clicked on Database -> Add and then tried to look into the directory however I cannot expand the directory and when I use the exact hyperlink [...]httpdocsApp_DataurantitDB.mdf
I get an error message of Inetpubvhost[...]httpdocsApp_Dataurantit.mdf failed with the operating system error 5(Access is denied). (Microsoft SQL Server, Error: 5133)
I am running an exe file located at Server named Wget (Command line Web Crawler) using aps.net application.
When I run it from Visual Studio Development environment it run properly and gives required results.
But when I run it from the IIS Server its process run properly but terminated immediately and doesn't give required results and there is no any kind of exception.