Security :: Restricting Access To Folders And Pages?
Nov 16, 2010
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
View 2 Replies
Similar Messages:
Nov 11, 2010
i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.
View 5 Replies
Mar 9, 2010
I have an application where in the User Authentication is from the AD useing Directory services.
If i type in the address of a valid page from the application into the Address Bar, it throws me to the Login Page.
However if i am logged in and i type in the address of a valid webpage, the application takes me to the page. Is there any way that this can be restricted.
If i type in the URL into the address bar the application should throw me to the Home page of the application.
View 1 Replies
Jan 28, 2010
I have a folder that cannot be accessed by anyone except the management role of my web site. But, I added a folder to this and it can be accessed by anyone.
Of course, I can explcitly set the access to only a specific role(s) but I would like to know if I can tell set it so that even folders nested inside a restricted folder can take on the same permissions settings as the folder in which it is nested.
View 3 Replies
Dec 11, 2010
I have seen an existing post which explains how you can restrict access to an ASPX page using:
[Code]....
This works as in it keeps those who are not a member of Administrators AD Group from being able to view the webform but for some reason when I implement the above it locks even the Administrator user out which is not what I wanted at all.My web.config is as:
[Code]....
As you can see I have tried to restict it also through the web.config file but neither approach has worked.
View 3 Replies
Jan 29, 2011
I'm trying to restrict access to one page on my website. However, the code I'm using doesn't seem to work for this purpose. I can get the code to work by removing the following out of the web.config.
<authorization>
<deny users="?" />
</authorization>
This works fine by preventing access to the page unless a password is entered. However, I've realised that if I type the page name into the browser this will by-pass the login page and allow access to the page I want to lock down.
[Code]....
View 1 Replies
Jul 12, 2011
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />
[Code] ....
View 7 Replies
Feb 12, 2011
I'm wondering what would be the best solution for hidding a folder like for example "AdminFolder", and also .aspx pages inside this folder.
I have several pages inside "AdminFolder" which I (as "Administrator" :) ) plan to use for some background work on daily basis! I am using Membership shema and no one except me can not / or should not acces this area, but I'am afraid if web crawlers like google find and expose this part of my page in searching results!
I also need to create a second folder for PDF files which I also would like to hide (incl. PDF Files inside it) from web crawlers!
View 3 Replies
Sep 26, 2010
I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.
Example:
Username: ricky
Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's
Username: diana
Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's
I'm using membership provider for the user authentication.
View 9 Replies
Oct 26, 2010
I have a few computers (with Vista Business OS) connected in a private network. A C#.NET application running on one computer is currently able to access the network shared folders without problems. However, I am trying to get an ASP.NET application on that computer to access the same folders but I am getting "Access denied" errors. I added NETWORK SERVICE to all the shared folders' security (with full control) but it still gives the same errors.
View 4 Replies
Jul 1, 2010
I was following the tutorials from this two sites:
http://www.15seconds.com/issue/070104.htm
http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
View 4 Replies
Feb 14, 2011
I have to allow only single user to access the site. We should not allow the same to user to access from another browser.
View 2 Replies
Dec 28, 2010
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
View 1 Replies
Mar 17, 2010
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 Replies
Oct 3, 2010
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 Replies
Nov 9, 2010
I only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
View 1 Replies
May 12, 2010
I am working on asp.net , I want to restrict a user to login in his acount from multiple locations or machines.
If one user is already login , I want to restrict it and display message that you are already login somewhere.
View 3 Replies
Mar 22, 2010
In my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
View 5 Replies
May 21, 2010
I want to grant access to some ressources located on server only for specified web pages, how could I do this?
For example I have an image www.mysite.com/images/image.jpg and something like <img src="www.mysite.com/images/image.jpg" /> should only work on site asp.net.
Is it possible with web.config or maybe with some C# code?
View 4 Replies
Mar 7, 2011
I have a page that derives from a master page. The page has a theme defined and displays properly. If I move the page to a sub folder in the web, the theme is no longer used. I see the following generated in the tag:
<link href="http://localhost:50815/MyWeb/../App_Themes/GreenBlue/StyleSheet.css" rel="stylesheet" type="text/css"/>
So the problem is the /../ Why is this being generated? How do I fix it?
One more thing, the href above is being generated by setting the page's Theme in the markup:
<%@ Page Title="" Language="C#" MasterPageFile="~/DashboardMaster.master" AutoEventWireup="true"
CodeFile="DataSourceSetup.aspx.cs" Inherits="DataSourceSetup" Theme="GreenBlue" %>
I'm not manually adding the <link href=... It is being gnerated, and incorrectly at that.
View 1 Replies
Jun 21, 2010
Listing folders in folders then creating arrays in JS for each of the folders?
Directory Structure:
I have a directory structure as follows;
ad_folder
--folderA
--folderB
--folderC
--anotherFolder
--etcfolder
--afile.aspx
--anotherfile.gif
ad_code
--folderA
--folderB
--afile.aspx
--anotherfile.gif
ad_prep
--folderA
--etcfolder
--afile.aspx
--anotherfile.gif
ad_bin
--etcfolder
--afile.aspx
--anotherfile.gif
other Folder
files folder
assetsfolder
index.aspx
web.config
image.gif
Task at hand:
I want code in VB.NET to create javascript arrays of the folder contents that can then be used on the client end. I only need arrays for all folders contained in folders starting with ad_ and an array for all the base folders . like so:
var folders=["ad_folder","ad_code","ad_prep","ad_bin"];
var ad_folder=["folderA","folderB","folderC","anotherFolder","etcfolder"];
var ad_code=["folderA","folderB"];
var ad_prep=["folderA","etcfolder"];
var ad_bin=["etcfolder"];
note that I do not know the number of or the names of the folders, they can be different in different cases, I only have the root path.
[code]...
View 3 Replies
Apr 9, 2010
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 Replies
May 24, 2010
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 Replies
Mar 3, 2011
I would like to create different folders in my .net project with following scheme;
+ students
- default.aspx
- query.aspx
+ teachers
- default.aspx
- pictures.aspx
- groupname.aspx
- default.aspx
- login.aspx
- getresult.aspx
and i would like to let it be reached as
[URL] (goes to the it's local default.aspx page, not default.aspx of at the root) [URL](goes to the it's local default.aspx page, not default.aspx of at the root) [URL] (goes to the root's default.aspx page) I hope i could tell my question understandable.
View 4 Replies
Dec 20, 2010
well i know how to apply master pages to webforms white reside in folders. but the problem is, since the master page is linked to a css file, and so when the style (background url) is applied to html element in the page which is in the folder, it doesn't work obviously since the link starts from the folder, the page is in, and not the website root.
css code:
[Code]....
normally i would expect the url to be [URL] but when i view the url from the page which is in the folder it shows [URL]
View 17 Replies