Security :: Get The Number Of User Which Access To The Site?
Oct 31, 2010i want to know the number of users wich access to my site and show it
View 4 Replies
Similar Messages:
Security :: Transfer User From One Web Site Site To Another Web Site On A Different Server With User?
Jan 26, 2011I have a requirement where I have to transfer a user from Web Site 1 on Server A to web Site 2 on Server B.
On Web Site 1, I have to provide controls to enter user id and password and which have to be validated on Web Site 2 on server B, after validating them I have to redirect the user to Web site 2.
what is best way fo doing it. code examples are greatly appreciated.
Note: On Web Site 2, user login functionality is already existing and it is provided by ASP.Net login control, am not sure how to handle the user login process from two different places.
or is it the best way to move Web Site 2 from Server B to Server A so that, the same login controls will be shown using Iframe on Web Site A.
Security :: User Level Security - Enable And Disable Based On The User To Access Certain Form
Jun 26, 2010i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 RepliesSecurity :: How To Allow Users Out Of The Domain To Access Site
Jun 29, 2010Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
Site Security/Access Management For Mvc Application
Mar 25, 2010I am trying to find a good pattern to use for user access validation.
Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent.
When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately.
However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages.
I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly.
Security :: Site Needs To Access File Across A Workgroup?
Oct 21, 2010I have an ASP.net 2.0 website that sits on a Windows XP SP3 box on IIS 5.1. The website needs to go across a UNC path to another server to grab an image file. Both boxes are in the same workgroup but no domain is setup. I have created the same user on both boxes with the same password and the website is using anonymous access using that account. The account is an admin on both boxes(i know security risk but this is for testing). File.Exists() just keeps returning false but the file is there. I suspect it has something to do with the ASPNET account but i'm at a loss. I've tried aspnet impersonation using that account as well with no luck.
View 4 RepliesSecurity :: Restrict Access To Site From Outside Office?
Nov 9, 2010I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.
How To Implement Security For MVC Site To Deny Access To A Particular Group
Dec 8, 2010I have an internal corporate ASP.NET MVC website.
Requirement(1): When any person is on the network, they can access this site EXCEPT one AD Group (Example: AD_Sales group).
Requirement(2): Also like for example if a person that has the access passes a url (Ex: http://mysite/Home/Index/Product/Letter) to a sales group person, he still should NOT access and need to display a custom message saying "You are not authorised to view this page".
If the scenario is like to issue the access to one AD Group and deny access for all others, it is fairly is. It can done from IIS. I am Wondering how to do this.
Security :: How To Control The Number Of Authenticated User
Dec 16, 2010I got only one ideas to control with the session. When user log into the master page, I insert the current login user and session ID and active status to the SQL table. if user logout manually or close the browser or session expired, I want to change the inactive status. So I can check how many active user are there and the system can prompt the required info to the user. But now, I can't find the soultion to change the inactive
status in above condition.
That doesn't seem right to me. I m sure I 'm making incorrect assumption about this matter.
Security :: Some Users Are Unable To Access My Internet Site With Windows Authentication?
Oct 15, 2010I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 RepliesSecurity :: Why Access Files Inside A Forms Authenticated Part Of Site
Aug 18, 2010Why can I still access files inside a forms authenticated part of my site? Any webpages say that you need to login to view them, but people can still access images by typing in the address bar. I am using forms authentication with my own database, so none of the aspnetdb services like membership roles etc. Is this a bad way to do things because I'm pretty deep into it now and it would be very difficult to change.
View 16 RepliesSecurity :: Login Form Using Either User Id Or Email Or Phone Number?
Apr 20, 2010I have to make a login form using vb.net. The login form should either accept
Username ID or
Email ID or
Phone number
---- either of one ,and match it with the password of the corresponding record in the user table.
The user table has following column:- U_ID(varchar),mail(varchar),Phone(Number),Password(Varchar)
The form has two textfields - 1. Username
2.Password
And a submit button. If combination is correct I should be redirected to the Index page.
But I don't have to scan through all the columns of the user table to match the password.
(a)If the user enters user_id say- ID 10012 then we should be able to search only the record in the user_id column as it has alphanumeric or varchar data type and match with corresponding password.
(b)If the user enters Email id we should be able to search through the email id column as email id contains "@ and ." sign.
(c)If the user enters phone number then we should search only the phone column as it has numeric datatype.
Security :: Access Denied For Logged User (anonymous User Is Fine)
Jan 7, 2011I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
Security :: How To Secure Site From Multiple Logins Of Same User Id
Apr 8, 2010Requirment is to stop more than one user to login at a time using same user id.I am storeing user id in session. I searched the internet and found some ways but somehow they do not work in these situations:If javascript in brower is turned off. If user do not click logout and directly close brower.
View 3 RepliesSecurity :: Retrieve User Profile For Any Site Member?
Sep 26, 2010I am new to asp.net's membership controls. I am trying to figure out how to make a public profile page that will display information about a site member to other users. I thought I would be able to use the profile class and just pass in a parameter such as user name. But I tried:
Profile.GetProfile("username")
'Where username = name of profile I want to retrieve
Response.Write(Profile.Title)
Response.Write(Profile.Company)
However, if the user is logged in this codee just brings back their details, not those of the username requested. What am I doing wrong?
Security :: Want To Encrypt The Password Of The User Who Register On My Site And Also Decrypt It To Enable Him In Login Again.2?
Mar 19, 2010am working on a new site and i want to do tothings for security1. I want to encrypt the password of the user who register on my site and also decrypt it to enable him in login again.2. I will make an online exams so I want to disable the user functions to hack the exams materials such as (print page, print screen , or even selecting data manual by mouse )I googled a lot about this matter I found java scripts to make this but what about the users who will disable scripts on their browsers. So I want to do this with C# Code.
View 4 RepliesSecurity :: Access User From App_code?
Feb 6, 2011I would like to access current authorized user from a cs file (class) in app_code. Is this possible?
I tried Membership function and HttpContect.Current.User but both return null.
Security :: User Details Access In Different Domain
Mar 9, 2010Im working on an application that has a login section that accepts a username and password. On successful login a userid is returned and encrypted with TripleDesKey. The user details are then stored in a session object. We already have a class library that performs encryption and decryption using a key in the web.config file. I basically want to be able to access the user details of the currently logged in user in a page accessed from the main site that may be in a different domain, but is effectively part of the same site, so I wont have access to the session object from the main site. so basically a user logs in, I have the user details stored in a session object, I also have access to the encrypted userid also in a session object. If a user then clicks a link to another page that is in a different domain, how do I persist the userID?
I suppose I could I tag the encrypted userid to the querystring, but security could be an issue here (even though the id is encrypted, someone could still modify it)
Security :: To Set EnvironmentPermission/ Block User To Access Web.config?
May 7, 2010I know a user can use the following code to access the content of web.config
string connectionString = ConfigurationManager.ConnectionStrings["MyConnect"].ConnectionString;
If I set EnvironmentPermission, can I block user to access the content of web.config?
Security :: Grant Access To User Outside Of Active Directory?
Jun 9, 2010I have a web app that uses AD to authenticate the user which works great. But i received a request where a user that is outside of the Ad needs access to the application.
Is there a way to add this user manually (Maybe in web.config) to allow them to access the application?
Security :: Access The Create User Wizard Controls?
Jul 12, 2010How to Access the controls exist in create user step template in a createuserwizard?
View 4 RepliesVisual Studio :: Trying To Setup A Site Where A User Can Create An Account, Log In And Have Access To Only Their "home Page"?
Nov 24, 2010Newer to ASP (not VB). Running VS 2010 Ult. Basically I just need pointed in the right direction for what I am trying to accomplish. I am trying to setup a site where a user can create an account, log in and have access to only their "home page". On that home page I want them to be able to have access to their data and their data only. I have created the web site and the login, create user, change password, ect. pages using the built in controls, problem is that about the extent of my ASP'ing.
I would just like pointed in the right direction to be able to code this. Not asking for someone else to do it for me, I want to learn this on my own. I just need pointed somewhere to get me started with member pages and what not.PS - This is what I am looking to doCreate account -> Automatically create user folder and home page within -> Restrict access to only the new user and the admin
Security :: Which User Account Should Be Granted Access To App_Themes Folder
Apr 9, 2010the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]
View 1 RepliesSecurity :: How To Limit User To Access Database And Web.config File
May 6, 2010I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 RepliesSecurity :: Impersonation Error / .NET User Account Has To Be Given Permissions To Access The Folder
Jun 18, 2010I wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
