I have a folder that cannot be accessed by anyone except the management role of my web site. But, I added a folder to this and it can be accessed by anyone.
Of course, I can explcitly set the access to only a specific role(s) but I would like to know if I can tell set it so that even folders nested inside a restricted folder can take on the same permissions settings as the folder in which it is nested.
i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.
View 5 RepliesI have an application where in the User Authentication is from the AD useing Directory services.
If i type in the address of a valid page from the application into the Address Bar, it throws me to the Login Page.
However if i am logged in and i type in the address of a valid webpage, the application takes me to the page. Is there any way that this can be restricted.
If i type in the URL into the address bar the application should throw me to the Home page of the application.
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
I have seen an existing post which explains how you can restrict access to an ASPX page using:
[Code]....
This works as in it keeps those who are not a member of Administrators AD Group from being able to view the webform but for some reason when I implement the above it locks even the Administrator user out which is not what I wanted at all.My web.config is as:
[Code]....
As you can see I have tried to restict it also through the web.config file but neither approach has worked.
I'm trying to restrict access to one page on my website. However, the code I'm using doesn't seem to work for this purpose. I can get the code to work by removing the following out of the web.config.
<authorization>
<deny users="?" />
</authorization>
This works fine by preventing access to the page unless a password is entered. However, I've realised that if I type the page name into the browser this will by-pass the login page and allow access to the page I want to lock down.
[Code]....
I have simple structure:
root
root/Admin
I would like to add form authentication only on Admin folder.
when I add this into Admin/web.config
[Code]....
I'm getting this error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
How to add form authentication on nested folder?
I am trying to access a shared folder which is located on a different server rather than on the asp.net server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
[Code]....
Trying to restrict access to folder but can't?
how can we set grant or dynie access or permissions to folder by programming c# in asp.net?
View 5 RepliesAt first I got an error that the user did not have permission to read the config file (web.config).
So I gave NETWORK SERVICE and IIS_IUSRS read on the website folders.
But now vistors can not access images and other static content from the Content folder without logging in. Aspx and .ashx content works however static content is redirected to the login page.
I have to allow only single user to access the site. We should not allow the same to user to access from another browser.
View 2 RepliesI wrote a web service sometime back, and uploaded to one of our network Server's IIS. The webservice needs to access a network folder, which was working perfectly fine till a month ago. Now, when we use the webservice in our .Net application, it fails with the exception message "Access to the path '\<networkMachine ><Folder >' was denied" (may be some group policies changed). But when I run the webservice from my local machine's Visual Studio debugger, it can access that folder. What could be different on the server's IIS w.r.t. my service? Why was it able to access the network folder before but not now? Please note that I can manually access that shared network folder from my machine, and also when I remote desktop to that <networkMachine> from windows explorer.
I saw in the task manager on the server that the IIS process w3wp.exe is running under 'NETWORK SERVICE' account. Though the network folder is not shared specifically with this account, but that has given read & execute access to 'Everyone'. Then what is the problem that it cannot access the folder. By accessing I mean creating a 'DirectoryInfo' object of the path '\<networkMachine ><Folder >' and reading all the subfolders -
just read.
I have a folder with username and password over it.I wanna make a page where i can access files under that folders in .net and be able to download them.How to code that in VB.net?
View 2 RepliesMy restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
[Code]....
Do I need to configure security for that folder separately?
the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]
View 1 RepliesI have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
[Code]....
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
I have a problem in my asp application. In my application I have an own authentication mechanism so in the web.config file I have <authentication mode="None"/>
Inside the application users can upload files to the folder I've created (App_Files). I would like to give access to the folder only once they are logged in (Session["Login"] is no null).
I dont want not logged in users to be able to access the files over a url address in the browser (like http://<server>/App_Files/Filename.pdf)
I am working on asp.net , I want to restrict a user to login in his acount from multiple locations or machines.
If one user is already login , I want to restrict it and display message that you are already login somewhere.
I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the asp.net page or java script to access this secured folder with username and password without pop up the login form. find the method for asp.net page accessing the secured folder automatically.
View 2 RepliesI wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 RepliesI am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />
[Code] ....