access the page on public section of the website from the admin section,while logged in?Or i am causing a security hole,jumping like this?all admin section pages have role based authorization and can not be accessed unless authenticated.Public of course is accessible to anyone.
View 6 Repliesi have a website which has 3 modules admin part,employee part and customer part . so when the admin login he has to see the number of customers logged in and the duration etc excluding employee and admin
View 4 RepliesI have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
View 11 RepliesI have designed a navigation structure that is customisable from within my application and linked to the users role.
So I can restrict what menu items a user gets based on their role.
I have managed to do this quite well using SQL Tables and an ASP.Net Menu.
I can get it to only show the menuitems that are marked active and I have created an Stored procedure to get the menu items for a particular role.
Where I am struggling is getting the Logged On Users Roleid to pass it to the Stored Procedure.
I can get it using a regular aspx page but my menu is on my masterpage and I do not want to have to code it in each and every page.
I even tried to do it with a user-control but same happens. It seems that the User class is just not available when in a masterpage.
how I can pass the roleid from a Class or something or from the page to the masterpage?
I have user control in the master page. user control code behind page having public property called SetValue.
Now I want to set the value from content page .
I'm embarrassed to ask this here because it's clearly been duplicated several times already on StackOverflow. I've read a lot of stuff including:
[URL]
I think I've done exactly what those article say, but it's not working for me.
Here's the top of my master page, named "MasterNoNews.master":
[code]....
In the first case, VS is telling me System.Web.Ui.MasterPage does not contain a definition for urrentUser. In the second case, VS says the type or namespace 'MasterNoNews' could not be found.
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 RepliesI am currently designing an ASP.Net web site where does not required any user login on the page. However, I do need to put an Admin page up along with this web page for my client use to manage the content on the page (e.g.: Change Pictures, Updating News). For security reason, I do not want to include a separate page sit reside in the site, so nobody can even try access to the page [URL]
View 6 RepliesI have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechanism to admin like siteroot/username/admin I can redirect to page admin but it gives security error, it should redirect to login page instead of if user did not sign in.
View 5 RepliesIn my web site I have a admin login page to edit the contents. Is it necessary that the default page has to be the login page..............Because in web.config file , under Authentication of Forms am using loginurl="MyLoginPage.aspx"......So is it compulsory that the Default.aspx =MyLoginPage.aspx.i mean to ask i should not change the name of default page or what?
View 5 RepliesI have a folder called <mysite>/Pages. This folder is PUBLICIn this folder I have a aspx page called : MySecure.aspx I have on the default.aspx page a hyperlink to the "~/Pages/MySecure.aspx page".I want to limit access to the MySecure page to only those in a Admin role (so no members no guests or www users can see it. I dont want to move MySecure.aspx into a secure folder.This is what I did in the wedconfig
<location path="Pages/MySecure.aspx">
<system.web>
<authorization>
[code]...
I have a simple online store where there are products that can be put into a cart and purchased. There is a admin page that can be logged into so that new products can be added or existing products can be removed or edited. To get to the admin area I need to put a /admin/index after the main page loads up. If I want to give my friends (from any location) the ability to add new products should I create a link to the admin area on the main page (like at the bottom) of the main page or should I just tell them to type in /admin/index after they go to the webpage?
View 3 RepliesI've set up a login control on a Login.aspx web page, which is authenticated using xml.
How do I stop people visiting my admin.aspx page when they are not logged in?
i want a simpe login systemm using webconfig file and one login.aspx page.
View 3 RepliesCan anyone point me to a sample admin page for managing users and roles (forms authentication). Something like the security section of the WSAT, but for a finished site.
View 3 RepliesIs it possible to allow an administrator to write to a readonly profile property by redefining the profile property in a web.config file used for administrators pages?
I have a unique account number which must be assigned to each new user (using the default asp.net membership provider). After reading a couple of articles it seemed it would just be easier to define it as a profile property instead of creating a custom membership provider. When the user makes changes to their profile on a profile page I create, I want the value to be readonly. When an admin views the profile I actually want them to assign the value to the property in their page.
When the user logs out of the page and does not close Internet Explorer, and again try to access the page either through favorite link or by entering URL, they are automatically logged into the page again.We want this NOT to happen. We want the user to always have to re-enter all Login data on the main login.aspxI have validated session correctly, even though this problem continueonly my system. Other system workingcorrectly. I think something browser settings problem.
View 3 RepliesI've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
Recently upgraded my site to 4.0 and now having major log in issues
1) not staying logged in when moving from page to page
2) not logging it at all, just refreshing the page when log in button is clicked
3) not staying logged in after browser is closed
<authentication mode="Forms">
<forms timeout="120160" cookieless="UseCookies"></forms>
</authentication>
nothing fancy there, and it worked perfectly before the upgrade.
I created asp.net application on alumni information database.After logged in it redirects to page i wish but the problem is the page i am redirected is not holding the user logged information. it just simply showing as annonymus user.
View 5 RepliesI have a Login.aspx in my application.
After users logged in, if they press "back" in the browser, it goes to the Login.aspx page.
But I don't want to show users the Login.aspx page when they are logged in. how to restrict users to see the login.aspx page if they are logged in??
I am using sql role based membership provider and standard login control provided by Visual web developer 2008.
this is basically to show a welcome message [welcome user]on the index page after login in as a registered user of my site. i can achieve this with session but i really want to see this work. i read it in a book. it is not working as i want instead it is displaying my pc's name, instead of showing welcome for the current loggrd in user. put into consideraton that i programmatically created my login controls, my database on sqlserver myself, without asp.net custom login controls.
//this is the label that shows the welcome text
{welcomeLbl.Text = "you are welcome, ";
//user.identity.name+"."; this is suppose to display the name of the current logged in user
welcomeLbl.Text += User.Identity.Name + ".";}
How do declare a public variable .aspx web page that can be used in all the pages within my web application? And/or create a Public Sub?
View 3 RepliesI've got a web site that has a master page and that master page (mpMaster that has a user control ucControl1) which has a sub user control (ucControl2), this user control has a property which accepts a value. Now, I have a page that uses the master page
and on this page I have another user control (ucPageControl), I need to find a way of setting the value in ucControl2 from ucPageControl. Is this possible at all?
In the web.config file i have put some code in so that when users log in they will be re-directed to another part of the website which only registered users can access. for the admin part only the admin can log in and it takes him to the admin section and that works fine. it is only this that is causing me problems.
the code i inserted for which the user needs to be diverted to is:
<location path ="UserLoggedInFindUs.aspx">
<system.web>
<authorization>
<deny users ="?"/>
[Code]....