Security :: Restricting Access To Folders And Pages?
Nov 16, 2010
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.
I have an application where in the User Authentication is from the AD useing Directory services.
If i type in the address of a valid page from the application into the Address Bar, it throws me to the Login Page.
However if i am logged in and i type in the address of a valid webpage, the application takes me to the page. Is there any way that this can be restricted.
If i type in the URL into the address bar the application should throw me to the Home page of the application.
I have a folder that cannot be accessed by anyone except the management role of my web site. But, I added a folder to this and it can be accessed by anyone.
Of course, I can explcitly set the access to only a specific role(s) but I would like to know if I can tell set it so that even folders nested inside a restricted folder can take on the same permissions settings as the folder in which it is nested.
I have seen an existing post which explains how you can restrict access to an ASPX page using:
[Code]....
This works as in it keeps those who are not a member of Administrators AD Group from being able to view the webform but for some reason when I implement the above it locks even the Administrator user out which is not what I wanted at all.My web.config is as:
[Code]....
As you can see I have tried to restict it also through the web.config file but neither approach has worked.
I'm trying to restrict access to one page on my website. However, the code I'm using doesn't seem to work for this purpose. I can get the code to work by removing the following out of the web.config.
This works fine by preventing access to the page unless a password is entered. However, I've realised that if I type the page name into the browser this will by-pass the login page and allow access to the page I want to lock down.
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
I'm wondering what would be the best solution for hidding a folder like for example "AdminFolder", and also .aspx pages inside this folder.
I have several pages inside "AdminFolder" which I (as "Administrator" :) ) plan to use for some background work on daily basis! I am using Membership shema and no one except me can not / or should not acces this area, but I'am afraid if web crawlers like google find and expose this part of my page in searching results!
I also need to create a second folder for PDF files which I also would like to hide (incl. PDF Files inside it) from web crawlers!
I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.
Example:
Username: ricky Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's
Username: diana Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's
I'm using membership provider for the user authentication.
I have a few computers (with Vista Business OS) connected in a private network. A C#.NET application running on one computer is currently able to access the network shared folders without problems. However, I am trying to get an ASP.NET application on that computer to access the same folders but I am getting "Access denied" errors. I added NETWORK SERVICE to all the shared folders' security (with full control) but it still gives the same errors.
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
I only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
In my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
I want to grant access to some ressources located on server only for specified web pages, how could I do this?
For example I have an image www.mysite.com/images/image.jpg and something like <img src="www.mysite.com/images/image.jpg" /> should only work on site asp.net.
Is it possible with web.config or maybe with some C# code?
I have a page that derives from a master page. The page has a theme defined and displays properly. If I move the page to a sub folder in the web, the theme is no longer used. I see the following generated in the tag:
I want code in VB.NET to create javascript arrays of the folder contents that can then be used on the client end. I only need arrays for all folders contained in folders starting with ad_ and an array for all the base folders . like so:
var folders=["ad_folder","ad_code","ad_prep","ad_bin"]; var ad_folder=["folderA","folderB","folderC","anotherFolder","etcfolder"]; var ad_code=["folderA","folderB"]; var ad_prep=["folderA","etcfolder"]; var ad_bin=["etcfolder"];
note that I do not know the number of or the names of the folders, they can be different in different cases, I only have the root path.
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
[URL] (goes to the it's local default.aspx page, not default.aspx of at the root) [URL](goes to the it's local default.aspx page, not default.aspx of at the root) [URL] (goes to the root's default.aspx page) I hope i could tell my question understandable.
well i know how to apply master pages to webforms white reside in folders. but the problem is, since the master page is linked to a css file, and so when the style (background url) is applied to html element in the page which is in the folder, it doesn't work obviously since the link starts from the folder, the page is in, and not the website root.
css code:
[Code]....
normally i would expect the url to be [URL] but when i view the url from the page which is in the folder it shows [URL]