Security :: Building An Application That Has Some Pages Public And Others Password Protect?
Jun 16, 2010
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
I have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
I have a website that is going on a public server so I want to password protect it, but for a while only myself and a couple of others will be using it. I will eventually get it together to do it right and have the users in a database etc, but for now, I just want to put a couple of users with their passwords in the web.config and have them authenticate on a login page.
I've got SL application where i should implement file managment subsystem. I've got hierarchical structure of filesfolders(just description). Also each filefolder has its own permissions to usersgroups. I would like implement that one user who has permission to download file couldn't give it to another user, who hasn't this permission. So if user has download permission he get link [URL] and download it. But he could give this link to another person without permission.
I have a site in development with several web services (ASMX) that post important data to my database. When I navigate to the ASMX file in my browser, I can fill in the form with the parameters and post to the DB. If someone finds the URL to my WS, they can severely alter my database. I want to prevent people from being able to post to my WS publicly. So far, I've thought of two things that may but I'd like to know if there are any other ways:
Check to see if the HTTP Referrer to the WS method is the domain the WS is on Add an additional parameter called Key to all important WS methods and have this be an encrypted "password." Then encrypt my stored password on the WS side and compare if the keys match.
I have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
Code: Sub btnLogin_OnClick(Src As Object, E As EventArgs) Dim myConnection As OleDbConnection Dim myCommand As OleDbCommand [code]....
I found this code for user authentication. How secure is this? Can this be bypassed? Can I protect a MySQL database with a password? Can people see a MySQL database's data if it's not protected?
I have a ASP.NET page called admin.aspx that needs to be protected from direct access.
I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008,how to do it.
I have a site where most of my pages are arranged in business area folders, e.g. Activations, Outdoors, Branding. Each folder has a small web.config that protects the contents against access by people without a role for that business area.
However, basic admin for most business areas is done via Dynamic Data pages. These are only basically protected by not appearing in the menu unless the user has the correct role, but they are still accessible directly via URL, because of the {table}/{Action} routing used by Dynamic Data. What can I do to protect these pages against direct access?
I need to send a password from a windows application to the web (asp.net) in order to automatically login the user on the web (e.g.: opening hotmail from windows live messenger).
I thought about hash code, but the problem is: the value will be stored on user browser history (querystring).
how to pass a one-time valid key (a key that is valid for only one use) using querystring?
I want to show the admin pages only after logging in a form with username and password and also want to logout from the admin pages, if in the browser history select a admin page after logout it should not be shown
Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
I'm going to publish an asp.net pre-compiled web site on shared hosting account but I don't want my code to be copied and able to run on another domain. I need to check domain and if not example.com or www.example.com redirect to error page or show error as response.
EDIT: Here is my solution based on given answers
void Application_BeginRequest(object sender, EventArgs e) { string[] safeDomains = new string[] { "localhost", "example.com", "www.example.com" }; if (!((IList)safeDomains).Contains(Request.ServerVariables["SERVER_NAME"])) { Response.Write("Domain not allowed!"); Response.End(); } }
I have a requirement for building an instant messenger application for the selected user.
I have googled for the solution but without any sucess.My requirement is once a user initiates a chat with another user,the another user needs to get a popup of the chat window,where the two users can start chatting.
In my development environment everything works as I expect. I can access all the pages and as soon as I get to a secured page I check the Request.IsAuthenticated and redirect to the login page if needed. The problems starts when I deploy the project under IIS7. When I access the site I'm being redirected to the login page (as defined in the web.config) although it suppose to be a public page... If I disable the Form Authentication in the admin console Request.IsAuthenticated always return true.So
How can I make IIS behaves like my ASP.NET development server?
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
User downloads a document from a specified site, saves to the local disk and fills in confidential details. When other users logs on to this computer and if they try to access the file, the document should not be accessible. Also consider that the document can be saved to a common server too, in which case, no one else other than the person who downloaded and filled the document should be able to open the document.