Security :: How To Protect Web.config File From External Access
Jun 18, 2010How to protect our web.config file from external access.
I mean some sort of password protection.
How to protect our web.config file from external access.
I mean some sort of password protection.
how can i access 2 external config files from web.config file.
i have done it for one external file like this in webconfig:
<appSettings file="........">
Now how can i access the second external config file from same webconfig.
I have a website that is going on a public server so I want to password protect it, but for a while only myself and a couple of others will be using it. I will eventually get it together to do it right and have the users in a database etc, but for now, I just want to put a couple of users with their passwords in the web.config and have them authenticate on a login page.
View 2 Replies<system.net>
<mailSettings>
<smtp from="email@domain.com" deliveryMethod="Network">
<network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" email@domain.com " password="password" enableSsl="true" />
</smtp>
</mailSettings>
</system.net>
This is the case where I need encryption for my password. I searched and googled much on the web but I can't be able to encrypt anymore.
I have developed asp.net 2.0 website with crystal report now what my problem is whenever i go to crystal report page its by default going to login.aspx or default.aspx though i didt set any login to my asp.net page..
I talk with my hosting provider they said that the asp.net impersonate is enable..
I think in IIS 7 authentication if i set anonymous access enable, will it work fine?
so i need to know how to enable anonymous access from my webconfig ..
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 RepliesOur conn strs reside in an external file <connectionStrings onfigSource="ConfigurationConnectionStrings.config" />Is there a way to encrypt this external file either using aspnet_regiis or System.Configuration?
View 4 RepliesI have to duplicate some settings (like connection string) between a web.config file that a WCF host uses and a web.config file that a web client uses.
In the interest of not duplicating, can I have both the web.configs read from a separate xml file? The two web.configs can be entirely in different solutions/projects so I guess this is not possible, but wanted to get other's opinion.
PS: I do understand I can use a database to store all the config settings.
I need to preteect text file from vewing because it include usernam and password
View 1 RepliesI have this file saved in the server. I do not want anyone to download with out authentication. How do I do that?
View 3 RepliesI want to maintain different user authorization lists for different environments. I know that connectionstrings can be broken out in an external file with configSource, but how would I do this for the following?
<authorization>
<allow users="someuser1"/>
<allow users="someuser2"/>
<allow users="someuser3"/>
<deny users="*"/>
</authorization>
How can I put MembershipProvider, ProfileProvider and RoleProvider in one single external config file?
View 1 RepliesI have one doubt Can we access one web.config file to another web.config file in asp.net
View 6 RepliesWe are experiencing some strange behaviour on one of our ASP.NET web servers (Windows 2003 64-bit). After some activity, two third-party controls are unable to run correctly. One is log4net (it does not write error messages out) and the other is a menu control (it displays eval message instead of picking up its license). The one common thread is that both controls pick up their config from external config files (linked to from web.config).
Just wondering if anyone has any thoughts on this or experienced this in any way. Is it related to file/folder rights? The server has been running fine for a while and just started exhibiting this behaviour. Perhaps it occurs around the time the worker processes are recycled.
I have a website about to go live. I'm wondering what I should be doing about the connectionstring in the web.config. Do I obfuscate it and it so how?
View 3 RepliesMy website have several URL,i want to prohibit user access it by way : paste direct url in addressbar of web browser.
View 6 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 RepliesI have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
I know a user can use the following code to access the content of web.config
string connectionString = ConfigurationManager.ConnectionStrings["MyConnect"].ConnectionString;
If I set EnvironmentPermission, can I block user to access the content of web.config?
I have a problem with ASP.NET web configuration file. I want to deny some users or roles to accessing a specific PDF file. I am using ASP.NET membership and role management system. So I added this lines of codes to a Web.config file:
<location path="myfile.pdf">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
and put it to the directory witch the file is included in it. Now when I run the project in local system I can not access the PDF file wile I login with "admin" role. But when I publish the project on the web server I can not brows the folder but I can view the PDF file when I browse complete path to the PDF file. So:
I can not access : [URL]
but I can view : [URL]
I have implemented Membership and Role Provider in my web site. Membership and Role information is stored in database created from aspnet_regsql option.
I want to store the access rights given to the pages in ASP.NET Configuation option in Database inspite of web.config file and want to give page wise add, edit, view and delete rights that should also be stored in database.
Is there any inbuit class like Membership and Role to add page access rights?
Im writing unit tests for an asp.net mvc project, I have a config file that I use in my tests, for some reason , the config file has to be in in the bin folder in order to be found , Is there another way to do this as I dont feel it is best practice having config files in bin
View 1 RepliesIs that possible to add two connectionstrings in web.config and Can I call those two web.config in my aspx.cs file?
View 3 RepliesI have a ASP.NET page called admin.aspx that needs to be protected from direct access.
I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008,how to do it.