Security :: How To Implement Roles On Live Website
Oct 8, 2010
I have an live website and I need to enable roles and add it to a folder. What's the best way to go about it? Do I add code to web.config? Do I add code to individual pages? Do I use the membership provider service with V W D and recopy the website?
i'm looking to implement a live helpdesk (chat) feature to an ASP website, something similar to LivePerson.
Would anyone be able to direct me towards firstly the required achitecture to help me understand what will be required to even develop such a feture and if at all possible some example code/solutions, if any exist ??
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I need to implement field level security based on the roles. I have a page Employee.aspx . In that i have ten controls. If i am enter as admin role i need to show all the controls. If i am enter as user have to show only five controls. How to design the appplication for control level security?
I tried googling this and have had no luck. I would like to implement membership roles without any reference to email accounts or smtp. Does anyone have information on this topic?
I have just put my first ASP.Net site live on the internet but im having problems with my login. When i try to login my sit is throwing an error.
The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.
I have run my script from visual studio so the profiles are there but i cant login?
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
In asp.net c# , i want to implement auto website browsing i.e. when the user enters his user id and password on login page, the login button should be clicked automatically and a new browser should open and then the page should be redirected to desired page and then on the new page another linkbutton gets clicked and again redirect and so on.
i implement user login in my website itself and i dont use membership of asp.net
any user in my website have the apportunity to website for 5 times .after 5 times if still user is not logged in website ,user can after 15 minutes to be able to try again.
I am able to get a token with Windows Live Delegate Authentication samples provided by Microsoft.
Now I want to access emails (New, Read, Unread etc) from live account. How can I achieve it with the help of Windows Live Delegate Authentication? Are there any examples for the same?
The Samples given by Microsoft are not related to emails.
I have two websites (one asp classic and the other asp.net) which we would like to implement some kind of security based on the client's hardware. We want something other than a password which could be shared. The purpose is to be sure access to information on the websites is not shared.
We were contrmplating storing hardware info in our database and validating against that upun website entry.
I have been looking into ActiveX (it would be acceptable to limit our users to IE), although we do have users who would like to use I-Phones. I have done no ActiveX development myself but have found a few articles on the web about ActiveX but that whole approach looks complicated. And also there seems to be a 64bit issue making it even more difficult.
So, I wonder if anybody has any advice as to what the best options might be for securing the website access in a way that would prevent sharing?
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
I need to audio and video streaming option on my website, like registered user can upload the video through browser option and other users can view that video on website like youtube.
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
I'm trying to implement live binding, purely imperatively . In my example , I have a master view , which is populated using json array. In the detail view ,I'm just setting the value of a prepopulated combo box . But , the moment the bind statement is executed, the combobox (select element) becomes null. This works perfectly when done declaratively. Below is the code for imperative binding. This function is triggered when an item in the masterview is selected.
function execCommand(sender, args) { // Create dataview for details section var detailsView = $create(Sys.UI.DataView, null, null, null, $get("div2")); $get("div2").className = "sys-template"; // bind the dataview to the selected data from the master var b = Sys.bind(detailsView, "data", sender, "selectedData"); // after the above line of code is executed, the select element with id "myselect" becomes null. //alert($get("myselect")); // bind the value attribute of the combo box to the "Description" property of the binded data var x = Sys.bind($get("myselect"), "sys:value", detailsView.get_data(), "Description"); //hence when the above line of code is executed , nothing happens :( ,i.e the value of the combo box doesn't get set // alert($get("myselect")); }
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="SysObserverSampe.aspx.cs" Inherits="SysObserverSampe" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">>....................................
i would like to implement one route for my Adminitration user - roles management (http://<domain>/Administration/ManageUserRoles/<userName>/<roleName>), where Administration is the Controller and ManageUserRoles is the action and another for managing everywhere in the site where there is an id / name combination ((http://<domain>/<controller>/<Action>/<id>/<name>)).
From what i have tried so far, the Administration route catches all the routing that has the format http://<controller>/<action>/<param1>/<param2> and as a result the id / name url parameters are displayed as query url parameters.
how to implement a custom role provider which has support for parent and child roles?
I have a requirement to have high level Role permissions as per the usual Role provider functionality. However, I also have a requirement to further breakdown permissions into sub roles. I toyed with the idea of having further role instances for sub permissions but I'd prefer to have a native solution which allows for sub roles.
In this scenario, the "Admin" role is actually 2 distinct roles, one for IT and one for Extranet scenarios. Ideally, there is no association between the 2 "Admin" roles because they are unique sub roles.
[Edit]: Following Igor's comment I feel I should clarify. The aspnetdb is already hosting multiple applications and therefore the use of the Application Name is not possible to segregate the sub roles as it is already being used to seperate the roles by application.
I have a large .NET based system running within the company intranet, which allows winforms users to see some live calculated numbers and a custom winforms control drawn live (but not real-time). The Forms users can also affect the operation of the system.
I would like to just show the live numbers on a website, along with the custom control. Nothing needs to come back from the web user, as the web app is meant to be just for monitoring. All the numbers can be calculated at the server. It's been a long time since I touched ASP.NET, and I need to know how to proceed. What are the steps in building and deploying such a website? Any caveats I need to look out for?