I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 Replies
I know a user can use the following code to access the content of web.config
string connectionString = ConfigurationManager.ConnectionStrings["MyConnect"].ConnectionString;
If I set EnvironmentPermission, can I block user to access the content of web.config?
I have developed asp.net 2.0 website with crystal report now what my problem is whenever i go to crystal report page its by default going to login.aspx or default.aspx though i didt set any login to my asp.net page..
I talk with my hosting provider they said that the asp.net impersonate is enable..
I think in IIS 7 authentication if i set anonymous access enable, will it work fine?
so i need to know how to enable anonymous access from my webconfig ..
How to protect our web.config file from external access.
I mean some sort of password protection.
I have implemented Membership and Role Provider in my web site. Membership and Role information is stored in database created from aspnet_regsql option.
I want to store the access rights given to the pages in ASP.NET Configuation option in Database inspite of web.config file and want to give page wise add, edit, view and delete rights that should also be stored in database.
Is there any inbuit class like Membership and Role to add page access rights?
I am trying to access Mysql database from aspx.pages using a web config file.
My web.config connection string is:
<configuration>
<connectionStrings>
<add connectionString="server-10.xxx.x.xx;uid=xxxxx;pwd=1234;database=Mydb"
providerName="MySql.Data.MySqlClient" />
</connectionStrings>
</configuration>
[Code]...
I created a website and i restrired the website such a way that i can be acessed from a IP i configured.I did this as shown in below steps which i got from:
http://support.microsoft.com/kb/324274
Under IP Address and Domain Name Restrictions, click Edit.
Do one of the following:To deny access, click Granted Access, and then click Add. In the Deny Access On dialog box that appears, specify the option that you want, and then click OK.The computer, group of computers, or domain that you specified is added to the list.
To grant access, click Denied Access, and then click Add. In the Grant Access On dialog box that appears, select the option that you want, and then click OK.
The computer, group of computers, or domain that you selected is added to the list. Click OK.
But its not working . I am able to browse from other machine which have a different ohter IP. Do i have to configure somewhere else ?
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?
I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.
This is basically for a course management system for students to upload assignments and teachers to download and view them.
I have one doubt Can we access one web.config file to another web.config file in asp.net
View 6 Repliesi am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 RepliesI have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
I have a problem with ASP.NET web configuration file. I want to deny some users or roles to accessing a specific PDF file. I am using ASP.NET membership and role management system. So I added this lines of codes to a Web.config file:
<location path="myfile.pdf">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
and put it to the directory witch the file is included in it. Now when I run the project in local system I can not access the PDF file wile I login with "admin" role. But when I publish the project on the web server I can not brows the folder but I can view the PDF file when I browse complete path to the PDF file. So:
I can not access : [URL]
but I can view : [URL]
Im writing unit tests for an asp.net mvc project, I have a config file that I use in my tests, for some reason , the config file has to be in in the bin folder in order to be found , Is there another way to do this as I dont feel it is best practice having config files in bin
View 1 RepliesIs that possible to add two connectionstrings in web.config and Can I call those two web.config in my aspx.cs file?
View 3 Replieshow can i access 2 external config files from web.config file.
i have done it for one external file like this in webconfig:
<appSettings file="........">
Now how can i access the second external config file from same webconfig.
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
I have few settings which I could place in a separate XML file and have them accessed in the Web app. Then I thought (thinking of one additional file to deploy), why not have them in the web.config itself. However, just because I need to have custom nodes, I can not have the settings under . So, I am thinking of creating a custom config handler following this. Would that be better than having a separate XML file? Is It going to be an overkill or performance wise? Is there a better way to go?
View 1 RepliesI have a project that has 4 pages and from each page have several link buttons to go each of the other pages. I would like to declare these url in the web.config file and give them a name and access from vb.net code behind.
View 3 RepliesUsing visual studio 2010.
Dragged and dropped a login control onto a blank content page. Set up my web.config (i'll include the code for that at the end). It seems to want to use a sql database to store the info. I just want to use the web.config since it's just a single user and a simple site. I thought I could just drag and drop the login control to a page and that would be the end of it (besides setting up the web.config).
Here's what i have in the config file
[Code]....
I have a database on Go Daddy and my VS2008 app can not access it via web.config connection string. Of course runs great locally in development. I copy/pasted the connection string information from Go Daddy exactly into my web.config file. Web site runs fine on the web but when I try to Login at my login page, i get :The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.
I used VS2008 to create the .sql script files and uploaded them to Go Daddy and the Go Daddy people say everything works as they and I can both Login to the database from within GoDaddy.The database i am trying to access consists of the a ASPNETDB.mdf and another Database.mdf together as one in the Go Daddy database.
here is what i used: <connectionStrings><add
name="superskin"
connectionString="Data
[code]...
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I have a web.config file which is quite large in my current solution running on IIS7.
It's working perfect on my dev server however I encounter the error 0x80070032 "Config Error Cannot read configuration file because it exceeds the maximum file size"
My current solution uses a very large web.config file. The architecture of my CMS application requires a large number of configuration settings.
Is there some way to extend this size limit or can I split the web.config file down into smaller files?
Does somebody knows how to access applicationSettings-Keys in web.config (NOT appSettings) from aspx.file like "<%? applicationSettings:Keyname %>? This seems to work only with the old "appSettings".
From code I can it access it with "Properties.Settings.Default.Keyname", thats clear.
