Security :: Deny Access To Webapplication To Specific Computers?
Mar 2, 2011
i have a web application which can be accessed via intenet the application is running on iis and configured using a router..i m looking for a good solution where i can give access to only authorized computers rest of the computers cannot access the applcation for eg:- if i have a users in office1 in sales dept. and he access the application from his office, so i want to deny the same user or any other user, that he cannot access the same application from home or antwhere else.
i am using form authentication in my web application.
by default, form authentication allow 2 different users to log in from 2 different computer using same username and password. due to which i am facing some problem.
when user 1 clicks on menu i am maintaining the name of selected menu in a session. but if another user clicks on different menu then the session variable is set to the menu selected by user 2. due to which the 1st user is facing some problem as the value in session got changed.
How can i overcome this problem? is there any way, where once the user has logged in, no one can log in with same username and password from another computer?
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have a folder called <mysite>/Pages. This folder is PUBLICIn this folder I have a aspx page called : MySecure.aspx I have on the default.aspx page a hyperlink to the "~/Pages/MySecure.aspx page".I want to limit access to the MySecure page to only those in a Admin role (so no members no guests or www users can see it. I dont want to move MySecure.aspx into a secure folder.This is what I did in the wedconfig
Requirement(1): When any person is on the network, they can access this site EXCEPT one AD Group (Example: AD_Sales group).
Requirement(2): Also like for example if a person that has the access passes a url (Ex: http://mysite/Home/Index/Product/Letter) to a sales group person, he still should NOT access and need to display a custom message saying "You are not authorised to view this page".
If the scenario is like to issue the access to one AD Group and deny access for all others, it is fairly is. It can done from IIS. I am Wondering how to do this.
I have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
I have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
[Code]....
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
My web application need to list the network share information. The return code is '5' after I call NetShareEnum[Netapi32.dll] in windows integrated authentication.
I found that currently I am using Kerberos protocol to authenticate the access users and the token is grenerated with [TokenImpersonationLevel.Impersonation].
Who know how to resolve this problem? Is there any way to get a token with [TokenImpersonationLevel.Delegation] in Kerberos? BTW, I am sure about that the access user has the Access privilege to list the network share in target server.
I have published ASP.NET web site, using IIS7 on Win7. I can access this web site on my localhost, but it is inaccessable from other computers via internet. I have tried to disable firewall and anti-virus program, but with no success.
Does anyone know what may be causing this problem?
I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.
I have a problem with ASP.NET web configuration file. I want to deny some users or roles to accessing a specific PDF file. I am using ASP.NET membership and role management system. So I added this lines of codes to a Web.config file:
and put it to the directory witch the file is included in it. Now when I run the project in local system I can not access the PDF file wile I login with "admin" role. But when I publish the project on the web server I can not brows the folder but I can view the PDF file when I browse complete path to the PDF file. So:
I have a directory in my website called /MyFiction. It is an installed version of Wordpress for a particular blog and I would like to keep it to where you can only get to it if you're authenticated. I'm an old hat to ASP.NET but with MVC I'm still a newbie....
I have a web application that has a configuration folder that houses multiple XML files that are configuration settings for multiple "portals" as you will. I need IIS to have access to them so the "portal" loads (sql connection strings, master page paths) but I want to deny any outside access (url browsing). Here's an example below:
[URL]
I need to restrict access to this file if you're browsing to it but still allow the system access to it so it can parse the "portal" that it's loading.
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
I have set up a SQL Role and denied SELECT, INSERT, UPDATE, DELETE access to a number of tables.I noticed that a user in this role can create a stored procedure containing a SELECT, INSERT, UPDATE or DELETE statement on the table that I have denied access to.How could I stop the user in the role from being able to create/alter/execute stored procedure which use the tables than I have denied access to?Also, the user in the role needs to be able to execute stored procedure on the tables which they are not denied access to.
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
how I can prevent someone from viewing directory list (files) from url?
For example: [URL]... I don't want anyone to see directory list of files under the folder directory by just entering above. I have several project folders for my web app and in each folder, I have a web.config file <authorization><deny users="?" /></authorization> as well as <location> tags. They are working fine from preventing unauthorize access to the .aspx pages and redirecting to login page. But still want to prevent viewing the directory folder.
i have a website having a couple of pages,i'd like to allow all users to be able to browse some pages and deny them some web pages.I know it's something to do with creating an authorization tag and adding some allow or deny user,but i have no idea how to implement it.
i have 2 pages like login.aspx,default.aspx.in login.aspx page iam using the login contr ol.for this i created the users in the configuration manager.when enterting into default using these login id,password it's working fine.when iam copying the default page url from IE broswer and pasting in the another broswer it's entering into default.aspx page only not into login.aspx page(iam using the form authentication for this).
I need to read the data from the COM port in a web application, so I have written a Windows Service for reading data from serial ports. Now I need to access that data in a web application. Can anyone tell me how to access it? Is using threads the best way to do this or not? What other possible ways are there?
I have some pages that need user to sign in. If not, I need to redirect user to signin page. I know this can be done by using some code like"<system.web><authorization><deny users="?"/></authorization></system.web>" in web.config.
But can I just write some code to do the same function?
like in page load method, I can check whether user is sign in, if user is not signed in yet, how can I redirect user to the login page by using code? and how can I stop sending the content of the page to user?