Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
I have a web app developed using role & membership provider...
this is my web.config file
<authentication mode="Forms">
<forms loginUrl="Forms/LogIn.aspx" name=".ASPXFORMSAUTH" defaultUrl="Forms/main.aspx" timeout="30"></forms>
</authentication>[code]....
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
I need to restrict access to pages based on permission given to roles based user .Roles created dynamically so that i can't restrict thru the WEB config file .i am using the custom sitemap so menu is showns correctly based on roles , but if we enter direct url in address bar we can access that page although its not permitted for the user .is there any other way to redirect to common access restrict page .
View 3 RepliesI have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 RepliesHere is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.
It loads the Mp3's in by javascript...example below:
AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });
This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.
Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.
I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 RepliesI have a question about security. If I put the ip address and full path for my swf file which is embedded within my asp.net application I can access it. I do want anyone to access that file. The file should only be viewed upon logging in to the asp.net webportal which displays it as an embedded flash animation.
View 1 Replieshow to redirect to particular page after login. I have login,EDetails,home page..
1.If the user login very first time(suppose he does not have any personal details) he should be directed to EDetails.aspx
2.User who submitted the personal details already should be redirected home.aspx page.
I have 2 tables later i will add more,1.login table,2.employee detailed table.I am using Login control for login page
I am using Version ASP.Net3.5 with MySql database, Code where i am redirecting in login page
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
If YourValidationFunction(Login1.UserName, Login1.Password) Then
Login1.Visible = False
Session("UserName") = Login1.UserName
Response.Redirect("EDetails.aspx", True)
Else
e.Authenticated = False
End If
End Sub
I'm working on a website where I need to prevent the direct linking to a few pdf files. I'm using ASP.net 2.0. Is there an easy way in code to do this? or some simple IIS setting?
Right now i'm just using a standard anchor tag to link to the files. i can validate the user on the page containing the anchor tag but that still doesn't stop the user from nabbing the url and passing it on to someone else.
How can I achieve in an ASP.NET application, that a set of URLs/ASPX pages (parts of the application) cannot be called directly from the user in the Browser? These urls/pages may only be referenced in the application itself.
View 2 RepliesIn the web.config file i have put some code in so that when users log in they will be re-directed to another part of the website which only registered users can access. for the admin part only the admin can log in and it takes him to the admin section and that works fine. it is only this that is causing me problems.
the code i inserted for which the user needs to be diverted to is:
<location path ="UserLoggedInFindUs.aspx">
<system.web>
<authorization>
<deny users ="?"/>
[Code]....
suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
I have a ASP.NET page called admin.aspx that needs to be protected from direct access.
I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008,how to do it.
I have a webpage errors.aspx that needs to be protected from direct access. I want it to be accessed only when redirected to by another web page.
View 3 RepliesMy ASP.NET application logs transactions (both inside AND outside of databases), and therefore needs read/write access to text files within various directories within the root of the website - in ADDITION to the normal database access.
In this scenario, how can I safely allow my ASP.NET application to write data to the web folders? I have a thread-safe DLL that performs the actual work, so I don't believe I need to worry about multiple sessions writing to the log files at the exact same time - assuming my DLL will only be running in a single instance/process that will be shared between numerous ASP.NET instances/processes/threads.
But I'm more concerned about file access permissions. I've heard that ASP.NET applications generally aren't allowed access to the webserver's local file system, and that this may even restrict my DLL from getting the correct file access. Can I grant my application file-access to the web-driectories?
I am an experienced developer but I am new to web application development. Now I am in charge of developing a new web application and I could really use some input from experienced web developers out there.
I'd like to understand exactly what experienced web developers do in the code-behind pages. At first I thought it was best to have a rule that all the database access and business logic should be performed in classes external to the code-behind pages. My thought was that only logic necessary for the web form would be performed in the code-behind. I still think that all the business logic should be performed in other classes but I'm beginning to think it would be alright if the code-behind had access to the database to query it directly rather than having to call other classes to receive a dataset or collection back.
I am using IIS7's URLRewrite feature to hide the .aspx extension in my ASP.NET WebForms application's URLs.
I'm using the following configuration:
[code]....
I can now browse to:
[URL]
and this is rewritten to:
[URL]
This preserves the "pretty" url in the browser address bar. I have also updated all my links on the site to use the extensionless URLs.
The problem is that the underlying .aspx pages can still be accessed directly and I'd like to prevent this.
If a user browses to [URL] I'd like it to either redirect/rewrite to [URL], or at the very least just return a "Page not found".
Update:
I managed to get this working by redirecting all .aspx pages to the home directory. This isn't ideal as I'd prefer to send them to the non-.aspx version, but it will do for now.
<rule name="Block .aspx" stopProcessing="true">
<match url=".aspx" />
<action type="Redirect" url="/" />
</rule>`
How do I rewrite and redirect URLs that directly address .aspx pages to my friendly URL format?
How to Direct Users to specific Page By roles?
View 10 RepliesI am trying to put SSL on my website.
My problem is that my site dynamically loads different images and CSS from other URL's. These URL's are also hosted on my dedicated server.
To avoid the popup on the sicure site (ssl) that there are some not sicure elements on the page, I would like to make a direct path to the images (d:inetpubanothersite.comwwwrootimagesmyimage.jpg) instead of <img src = "http://www.anothersite.com"
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
Is it possible to either access the properties, such as 'url', of a embedded media player object server side to change them? Or possibly dynamically create a new media player object with a different 'url' each time?
I am trying to change the property based off of a selectedindexchanging event of a gridview object.
I'm not sure if this is the best category for this one... Might be more appropriate in the navigation section.I am curious as to the standard for redirecting users to a entry page on first accessing a website. In my case, I am working on an adults only website that requires a warning for users that the content is only appropriate for users over 18yo, as well as containing the scripts to activate several different monitor systems to prevent children from accessing the site.
I know I can use session_start to redirect and check for a cookie... but that seems heavy. Is there a better way? Something in IIS or... something I have not thought of yet?
I want to integrate paypal inside my shopping cart. For that it requires a html form to be embeded inside .aspx page with the action to paypal and method is post. Inside that form there are some hidden input filed. I want to assign one of those hidden field's value from server side code so i need to access that filed from server side. But how? Here is my form:
<form action="[URL] method="post" id="PaypalForm">
<input type="hidden" name="cmd" value="_cart"/>
<input type="hidden" name="upload" value="1"/>
<input type="hidden" name="business" value="[URL]
<input type="hidden" name="item_name_1" value="Item Name 1" />
<input type="hidden" name="amount_1"/>
<input type="submit" value="PayPal" />
</form>
I want to access amount_1 filed.
Got this question, probably simple to most people but I only just started using visual studio 2008 with c#
Create a 'contact us' web page (form) for your photocopier repair company that links dynamically depending on the current time. The linked pages should give details of support engineer contacts for different regions, during normal working hours and when the offices are closed.
You should use the HyperLink control to link to different pages (depending on the time of day.) At or after 5:00 p.m., the HyperLink control links to a page named AfterHoursHelp.aspx and before 5:00 p.m., it links to OfficeHoursHelp.aspx.