Security :: Login Page Must Show Specific Queries Only?
Jan 24, 2011
At work, I'm currently doing an ASP.NET project, where I have to connect an MS Access file to ASP.NET.
This has been done successfully. Next, I had to create a login page, this has been succeeded as well.
Now I have make sure everyone sees unique queries from the database. Example: There are 12 queries in the database; one person has to see another query than the other person can see. But there are some products, which everyone has to see as well.
How do I do that without creating server errours (I get them a lot with one little change).
We have created a windows application which is distributed amongst our clients. The application uses SQL Server 2008 as the back end and each client uses their own database on their own server. The databases are all exactly the same but each clients data is specific only to them.
We would like to offer our clients the ability to log-in to our website which would then login to their own database so that when they are out in the field they can perform similar tasks to what they can do with the windows app.Each of the clients databases has a user table containing their login details, permissions etc.
Our server is running on IIS and has SQL Server 2008 installed but it only contains our data and nothing of the clients.How should we go about this?
What I mean is do we need to make each client have an additional login to our main server which would then hold each clients individual connection strings etc which would then be used to connect to there specific database and then they would need to login again?? Seems like a nightmare for the user.
When user logout, we redirect him to the login page. I show a message "You have successfully logged out." on login page using query string. But when user refresh the login page the message still appears. How can I make sure during subsequent refresh, the login page should not show logout message. Here is the code:
I installed my asp.net application on server (Windows Server 2003, Standard Edition, SP2)
I already set:
1. In ASP.NET Configuration Setting: I set Authentication to None.
2. Check Enable anonymmous access.
3. Uncheck Integrated Windows Authentication.
But the brower always show Authentication Required Dialog.
If I ignore this.
It show this error:
Access is denied.
Description:
An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
in my project admin will create user and insert users data into database user can just view it by his login id.only logedin iser related data will be displayed on his page.
here admin has to fill fields as below for each user and create uid and password for that user and wen user will log in only data related to him will be displayed.
id,name,address,city,salary
userview
name ,address,city,salary of his own not othr persons.
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.
In my web application, I need to run a lot of sql queries for a specific operation. For example, first I run a select command , get results. If they fulfill my requirement, I insert some values by insert command, else I update and insert...and so on. I need to execute 8-10 commands for each specific operation. For this , I have created a <asp:Sqldatasource> in aspx page and I run queries by SqlDataSource1.Select, SqlDataSource1.InsertCommand etc. I dont think , its a right approach . Further, I need to preserve data consistency. Say my 5 commands executes successfully and then sql or something else, throws an error and 5 commands left untouched. Then, it will create me a problem. And my current logic will fail, as it works on step by step basis.
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
want to use ligh box effect like i have login control and i want to show login control in ligh box effect so its like if i open on login link login control wil show and same time we can control click anywhere in page ??
I am using Visual Studio 2008 Express and created a login page using the ASP.net web site Adminstration tool security to generate users and passwords.
After login, a new page appears. I have a button to go back to the login page to allow a user to relogin. When I try loging in again as a different user or the same, I get an error saying the resource that I am looing for was not available.
I have a button on the page after login (one this one page will occur) and I am using on on click event to do the following:
After clicking on this button, the Login page appears again. How can I release everyting to allow it to work like when I first open the application.
This is the error message I get:
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /MyFirstSite/default.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.3615; ASP.NET Version:2.0.50727.3618
i doing on a 3 tier project a that required a login page, Im not sure how the flow go for the 3 tier...This is my BLL
[Code]....
This is my DAL
[Code]....
And lastly here is the aspx page
[Code]....
When i try to insert my NRIC and password, it's like not passing through the statement, it just say login sucessfully eventhough i put the wrong NRIC/Password/Not valid..
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?
A Login.aspx has been created to enforce security on several forms of a web site.How can it be best called by each form at page load and return to that form after succesful login? How could that requirement be declared in web.config?
This is my Controller Action which takes a Page entity from database and shows it in the Show.aspx view using the "Site.Master" master page:
[Code]....
This is the "Show" view rendering "Page.Title" in the "MainContent" content placeholder:
[Code]....
And this is the "Site.Master"
[Code]....
Using this approach i can show "Page.Title" in Show.aspx using any master page that has a "MainContent" placeholder, but my real goal is if i can when i choose the MasterPage for that particular Page to also see a list of available ContentPlaceHolders and when i choose one to then render "Page.Title" in that particular ContentPlaceHolder.
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
This is my third site that I use role management, but the first time this happens. I have two roles: Member and Admin. If Admin user login, Admin node on sitemap shows. It works very well on my local machine in Visual Studio Express 2008 and in Visual Studio Team 2008. But once I deploy files to live site, even admin login, the Admin node doesn't show. I have a Member management page from which I may see member's role, and I can see that user name is in the role Admin. What could be wrong?
I used ASP.Net Configuration manager to create roles, users, and access roles. Here is the code:
I have built an asp.net web site with .net framework 3.5 and I am trying to avoid sending unncessary queries to my database in order not to have high server load. I have a login view in my master pages and it contains templates for anonymous users and members. To lighten my server load, I am using Sql Data Profiler and Database Tuning Advisor. I noticed that every page load triggers a stored procedure to get user role using dbo.aspnet_UsersInRoles_GetRolesForUser stored procedure.
My question is that if it is necessary to check for every page load or I can store it somewhere and check later. is it Login View or Login Control sending queries? is it about access rules to member's pages? or is it because I used the login controls in my master page?
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
I'm trying to develop a simple web application where I need to redirect to main.aspx after successful login attempt in login.aspx page.However,it is redirecting the page to defualt.aspx... Is there a way to redirect my application to main.aspx??
