Security :: Roles Broke Master On The Secured Page?
Jul 21, 2010
I have a master page and its been working but I introduced roles and created a roll that so only admin's have rights to the admin folder. I then created a page using the master page in the admin folder I have my content there. All is well. However the links now that came from the masters static content isn't working. like HOME, LOGIN, ABOUTthey now try to go to /ADMIN/home.aspx inside the master i have /home.aspxWhats the trick here to get the master links to stay at the root or there orginal location after I click on the secured page.
View 5 Replies
Similar Messages:
Mar 8, 2011
I've read the tutorials about Forms authentication and one question still remains:
How to declare a page as one which needs authorization for viewing it ?
I can think of two methods -
1. Checking in that page itself and then redirecting to login.aspx
2. Declaring it in web.config somehow
View 2 Replies
Jul 16, 2010
I'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<%
Response.Buffer = True
If (Request.ServerVariables("HTTPS") = "off") Then
sQ = Request.ServerVariables("QUERY_STRING")
sURL = "https" & Right(sQ, (Len(sQ)-8))
sURL = Replace(sURL, ":80", "")
Response.redirect(sURL)
End if
%>
View 1 Replies
Feb 1, 2010
I have following situation: A web with a defaults.aspx & login.aspx 2 folders ADMIN & MASTER, in the ADMIN folder is a content page admin.aspx who's master is in the master folder.when I place, following web.config in the ADMIN folder he still is showing the admin.aspx for all users, when I place a new standalone aspx file in that directory the access is denied.Why is de content file not secured ? Must I secure the master file so do i need a new masterfile for each rol, user then...
in that directory<system.web>
<authorization>
<allow
[code]....
View 4 Replies
Mar 7, 2011
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
View 2 Replies
Mar 26, 2010
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false)
Server.Transfer("AccessDenied.aspx");
View 6 Replies
Oct 26, 2010
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
View 1 Replies
Mar 7, 2011
My restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
[Code]....
Do I need to configure security for that folder separately?
View 1 Replies
Sep 12, 2010
I am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e)
{
TextBox uname = Login1.FindControl("UserName") as TextBox;
TextBox pass = Login1.FindControl("Password") as TextBox;
CheckBox rm = Login1.FindControl("RememberMe") as CheckBox;
Literal fail = Login1.FindControl("Literal1") as Literal;
if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
View 6 Replies
Nov 11, 2010
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 Replies
Nov 9, 2010
Can anyone point me to a sample admin page for managing users and roles (forms authentication). Something like the security section of the WSAT, but for a finished site.
View 3 Replies
Jun 11, 2010
I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the asp.net page or java script to access this secured folder with username and password without pop up the login form. find the method for asp.net page accessing the secured folder automatically.
View 2 Replies
May 17, 2010
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies
Jun 6, 2010
I have a WCF service returning JSON to jQuery ajax calls and presenting the results on an ASPX page. When the page is NOT under SSL, the ajax calls work perfectly. When the page IS under SSL, the calls fail. I understand that this behavior must be due to the Same Origin Policy (SOP).
So, how do I setup my WCF service to accept calls from an SSL-secured page? Does the WCF service also need to be secured? If so, how do I do this?
View 3 Replies
Aug 30, 2010
know "How to create a secured ASP.Net page which uses the https method".Note:
View 2 Replies
Apr 1, 2011
I have searched hours but fail to solve my problem. I have got the following issue,
I have created a login page on my web based application, which works fine, I want if user manually types different page or bypass the login page then it should redirect to the login page.
The problem is I have use Master Page and when I do the following code; it went into the loop, because when page load the session value is null.
How I can exclude my login.aspx and Error.aspx pages from this Check.
[Code]....
View 2 Replies
Mar 24, 2011
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
View 4 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Jan 20, 2011
I'm planning to make a page that has about 10 different pages for varying use, for example, stats, data entry, reports, logistics, audit, sales, promo, etc etc. I'm anticipating there will be many combinations as to what pages a user may have access to, for each page, a user ought to be authorized to either enter new data, edit data, print and/or just view.
My questions are :
1. can membership & roles be used, once user is logged in, to display links to all the areas of the web app he is allowed access to?
[code]....
2. besides having access to a particular page, a user should, as mentioned before, be authorized to either enter new, edit, print and/or just view data.
3. Is there a preferred/better method to handle this besides using membership & roles?
View 3 Replies
Apr 16, 2010
this simple cause the problem is simpleA CCDD puling back 788 items works in .net 3.5 site, EXACT same site with just the build framework changed in Property pages to .net4, well it givies Method 500 error.Reducing the num of items to 698 works in .net 4.Played around with the maxJsonLength (5000000 999999999 etc) setting in webconfig for a day. Made no difference.Data saved as a csv is 23kb or 3000 characters acording to word.
<asp:CascadingDropDown ID="CascadingDropDown2" runat="server" ParentControlID="DDListManufacturer"
TargetControlID="DDAppliance" Category="Appliance" LoadingText="[Loading appliances...]"
PromptText="Select an appliance" ServicePath="UtilityService.asmx" ServiceMethod="GetAppsForManuBD" >
[code]...
View 1 Replies
Apr 6, 2010
We recently added a URL rewrite rule for a domain to run off of a share(actual name) directory. Well the domain share.site.com references the actual virtual for www.site.com/share as far as the url rewrite goes, because the menu and images must come from www.site.com/images and such. We were fine by adding in a base tag of <base href="www.site.com" />, but we started adding in modal popup and update panels then a bunch of javascript errors started bombarding the site. Is there a reason why the URL Rewrite doesn't use the virtual directory when the URL rewrite happens? I thought they fixed this.
Message: ASP.NET Ajax client-side framework failed to load.
Line: 755
Char: 34
Code: 0
Message: Syntax error
Line: 2
Char: 1
Code: 0
Message: 'Sys' is undefined
Line: 767
Char: 1
Code: 0
Message: 'WebForm_SaveScrollPositionSubmit' is undefined
Line: 930
Char: 1
Code: 0
<rule name="share.site.com" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^share.site.com" />
<add input="{PATH_INFO}" pattern="^/share/" negate="true" />
</conditions>
<action type="Rewrite" url="share{R:0}" />
</rule>
<rule name="sharesite.groupsite.com" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^sharesite.groupsite.com" />
<add input="{PATH_INFO}" pattern="^/share/" negate="true" />
</conditions>
<action type="Rewrite" url="share{R:0}" />
</rule>
View 1 Replies
Oct 11, 2010
I am using .net membership and have a page that takes userid and display profile information. I also want to set the username as page title but keep getting object initialise error. I am using master page.
[Code]....
View 4 Replies
Jan 23, 2011
I am facing one problem while putting below code on master page load event.
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
View 5 Replies
May 25, 2010
I have a strange problem on a website with security user & roles active on it, the thing that happens is that if a user hit's the site defaults page he is auto logged in as another user? I have made my site structure like this : On my master page
A loginview with a loggedin & anonymous template on it, when I user is logged in he gets his name & logout button, otherwise a username login textbox and button. A menu that is build from a database depending on the rolde of the auth. user Site structure ROOT
default.aspx
account.aspx
/Level A dir (only for A role users)
/Level B dir (only for B role users)
/Public dir (everyone)
[Code]....
View 5 Replies
Sep 14, 2010
I don't have any sub catalogs for the .aspx files and this is my web.config file:
[Code]....
It's as if the Login.aspx won't grab the Site.Master if I add this authorization.
I get directed to the Login.aspx if I try to enter any other page, but without seeing the master page.
Is this enough info to solve this or do you need to know how the other pages looks like?
View 2 Replies
