Security :: Membership As A Security/administration Model For Upload/download Of Documents?
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
since installing VS2010 I have problems with configuring membership. Using a online sql database what I prepared with the aspnet_regsql tool tables are there connection string is ok! when I open the ASP net config tool, I do not manage to select the membership provider. Underneath my web config file. can sombody tell me what is wrong??
im trying to build upload/download website ... a simple website but i have some questions about security .the websites is only for users so basicaly :login/register - > then u can access the website and download or upload + html commentsonce new user register they can create a folder ( Directory.createDirectory ) so the link is like that :www.|website|.com/USERNAMEso is it ok to create user folder in the main web folder (root) ?if its risky .. how can i do it in more appropriate way ?another question is about the comments ... im using ajax html text editor from [URL] so is it safe or i have to add some lines ?finally , is it good idea to store the comments in xml file ? im usng C# ... and im using simple codes from everywhere :)
I have a database of users that we used to have on a different system. The users already have their username and passwords associated with.
Now we are switching the entire system to .Net , and we will be using the membership to authenticate the users and start creating the new users with the wizard.
My question is : how could we import the users from a different database (mysql) , to the membership database on MS SQL ?
And also the passwords on the mysql database are in clear text , when we import them to the membership database on ms sql , is it going to apply the hash on them ?
I am using Visual Studio 2008 Pro SP1. Every time I try to access the security tab in Web Application Administration Tools I get this message:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may in diagnosing the problem: Unable to connect to SQL Server database.
I need some fresh input on how to structure a control panel that I'm building. Here's a little background:
The purpose of the system is to allow the submission of online forms. The forms are stored and processed in a database. Currently there are 3 departments that each have their own set of forms, and each department processes their forms a little differently. The staff should log in and process forms for their respective department (so each department only sees their submissions).
Almost all forms go through a workflow of sorts: 'new submission'-->'in progress'-->'completed', although this may vary.
Right now I've got it mapped out to have a page for each dept. that displays the new submissions, completed forms, etc. (new.aspx, inProgress.aspx, completed.aspx). Here's the question--should I have only one completed.aspx page and use it for all departments (hiding and showing forms based on the employee/department that is logged in), or should I set up three different control panels with three different completed.aspx pages--one for each department?
I'm trying to use the Membership.CreateUser method without passing a security question and answer. I set them to string.empty, but no go. I have my provider set to not require a question in my web.config. What am I doing wrong?
login control portion of Murach's web dev w/ c# book. According to the books instructions, you create a Login.aspx page, add the login control to the page, and create the users and roles for the directories within the asp.net web site configuration tool. I still do not get prompted for user name and passord to access the pages I want to be secured. Why is this? Isn't the asp.net configuration tool supposed to edit the web.config file? I'm trying to follow the book to the letter and ensure that I am following correctly before posting for answers online. According to the book you do not have to edit anything or write code withing login.aspx page.
I get the following error while running ASP.Net Web site administration tool: ASP.Net Web site administration tool I am using visual web developer 2008 express edition and windows XP pro version 2002 service pack 3. I am following Microsoft Visual web developer 2008 express edition by Eric Griffin and in chapter 4 I need to use the administrator tool to set up passwords.
I have just installed Visual Studio 2010 trial. Previously I have been using Visual Studio Web Developer 2010 Express. Now every time I try to invoke the ASP.net Cofiguration tool either via the icon or through the Project File Menu item, I get the error message "An error was encountered. Please return to the previous page and try again." I am trying to develop a bog standard Silverlight Business Application. There are no other diagnostics. Is there anywhere I can look for more clues or anything else to do to alleviate the problem? or is this something peculiar to the trial version I am using?
I also think it might have something to do with the fact that I have created this Silverlight Business App on a directory on my D: drive and not the normal, default c: drive path and maybe the web sit admin tool is looking somewhere else. Could this have something to do with it? If so what is my remedy?
I get the following message while trying to access the Security tab in ASP.NET Web Site Administration:A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)I have configured my own data store following this guide. Which essentially tells you to run aspnet_regsql.exe to set up a data store in order to keep authentication data for a SharePoint site (which is what I want to do).This is what I've written in the web.config at the end of the tag <system.web> for the Visual Studio 2008 project initiated to deal with the Web Site Administration:
I have started to implement asp membership. I go the administration page and click provider. I have a database on a server on the local network that i want to install my members tables in. When i run the
aspnet_regsq.exe it doesn't ask me what SQL database i want to use and seems to default to my local SQL Server 2005 installation. How I change this to use my SQL Express database on a local server?
I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).
Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)
I am building a site and I want to use the default membership controls provided with asp.net like Login View Control etc. I don't want to use the ASP.Net Membership DB as I want to use my own Security structure and I don't want to inherit the ASP.Net membership class either. In my case how can I use these controls to aid me like how will a login view control detect if someone is authenticated or not.
I kept getting this using ASP.NET Administration Tool/Security tab: There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'.
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
I am building a web site and am trying to run the web site administration tool.
I have reinstalled SQL Server 2008 express and have run the command line administration utilites. When I try to run the administration tool, get the following error when I click on the security tab is
Failed to generate a user instance of SQL Server due to a failure in starting the process for the user instance. The connection will be closed.
I have ensured that I have user instances are enabled
When I click on Choose Data Store I get the following error
Could not establish a connection to the database.
If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
I am have problem getting the security selection to view properly. Instead of getting roles and so on I get this following error message:There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem:Unable to connect to SQL Server database.
Im using Visual Studio 2010. I'm new to asp.net. I'm trying to do a simple user login page but whenever I try to launch the Web Administration tool, I keep getting some exception error. The below images is the error I encountered.
I am using NeatUpload file upload control: but issue can be generic i am thinking .. that's why posting on asp.net site...
Code works fine on my DEV machine (both file system and localhost) but when i deploy the code on Staging or Prod (on web server)... upload feature works fine but when I try to access the uploaded documents from staging server or Prod server, it says Access denied and cannot open the PDF document??
tried all the options but could not solve this issue... is this related to control or settings on my IIS...
before using NeatUpload(single upload) we were using microsoft upload control and it works fine in accessing the documents....
again upload works perfectly fine... the issue is accessing the documents..
provide secure online access to documents and reports for their customers which entails creating a secure login for clients to access PDF documents to view and print. Aslo to display all reports available on web server.ould this be as simple as making sure username & password match an entry in a username table using select parameters(of course) theninstituting a Session("loginokay") = True along with something like Session.Timeout = ?
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
