Security :: How To Show A Warning Popup When User Is Not Authorized To Access A Specific Folder
Feb 16, 2011
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
I have the following scenario and I'm not sure how to implement/tackle it.
I have a login control and roles for different users. When a user logs in I need to display a javascript alert only if the user fullfill special criteria (so not for everyone).
I have tapped into the x_Authenticate and x_LoggedIn events.
In x_Authenticate I do the MembershipProvider verification that the user exists as well as some custom verification. At this point I know that the user has successfully logged in and I can verify if they match the popup criteria.
In x_LoggedIn depending on the user type I redirect to different pages.
Ideally the x_Authenticate event would be the best place to show the popup, however the page isn't rendered then. Instead right after x_Authenticate the x_LoggedIn method gets executed and redirects to the needed page.
the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]
I wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
I am working with a textbox in ASP.NET and I added a JavaScript that pop up Calendar control on "OnClick" event (I am using window.open() to open the popup). Is there any way I could show the popup right under the textbox?
I have an "Admin" folder in my application that will include pages that I would not like to have anonymous access to. When a user attempts to load a page that resides in this folder, I would like to redirect them to a login page. Here is what I have in my config so far.
How is configure my both web configs to solve my issue. currently i am getting following error
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
my root web config has default settings and my Admin directory has following settings
I have LOGIN PANEL for student, and I want to disable it in different page. And only the admin can enable and disable it. I dont know the logic behind here.
I have an acess db which has primal key ID - Customer, and personal data of the customer .
In another db OR the same, to have the username and login of the customers.
I want to make a login form so if u/n & pass of a customer is correct, to have access to modify (insert, delete, update) his data of the db - his ID's only.
I have a new server(windows server 2008) and Installed ASP.NET and IIS(7.5) successfully.
After that I create a virtual directory of my web site.
when I ran the site following error message comes on the screen
I searched internet and find that there should be a user ASPNET added the user list, I searched that but didn't find, and try to locate but it has no such user.
I have read about Ajax Control Toolkit that should solve pop-up window requirements, but I need a solution that doesn't involve me downloading this. I have an editable FormView from where I want to pop a "warning window" whenever the user clicks a button that closes the Form. This "warning window" should have the following controls:
Label: "Do you want to save changes?" btnPopSave: "Yes" >> triggers databinding of FormView fields to datasource, then closes warning window and the FormView btnPopClose: "No" >> closes warning window, and FormView without databinding
If this is not possible (or too complicated), I think I can settle for just a warning window with:
Label: "Make sure you've saved changes." and no other controls
btnPopClose: "OK" >> closes warning window, and FormView
At work, I'm currently doing an ASP.NET project, where I have to connect an MS Access file to ASP.NET. This has been done successfully. Next, I had to create a login page, this has been succeeded as well.
Now I have make sure everyone sees unique queries from the database. Example: There are 12 queries in the database; one person has to see another query than the other person can see. But there are some products, which everyone has to see as well.
How do I do that without creating server errours (I get them a lot with one little change).
in my project admin will create user and insert users data into database user can just view it by his login id.only logedin iser related data will be displayed on his page.
here admin has to fill fields as below for each user and create uid and password for that user and wen user will log in only data related to him will be displayed.
id,name,address,city,salary
userview
name ,address,city,salary of his own not othr persons.
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
I'm building a website that just allow each person in my office to access the page from their own PC placed at the office only. It looks like I need to identify a client from within the codes on the ASP.net web server. How can I do this?
I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?
i have a web application which can be accessed via intenet the application is running on iis and configured using a router..i m looking for a good solution where i can give access to only authorized computers rest of the computers cannot access the applcation for eg:- if i have a users in office1 in sales dept. and he access the application from his office, so i want to deny the same user or any other user, that he cannot access the same application from home or antwhere else.
I am attempting to convert an online game i have written in ASP into ASP.NET,, but I am failing at a very early and probably a very amateurish stage.
I am using a Sample ASPX project. There is an ASPNETDB database included, when i register my username is added to the DB along with a userID and various other fields. This is stored in a table called aspnet_Users.
I have created a new table called tblClubs, which stores information such as ClubName, StadiumCapacity etc I added a field called 'Owner' and this is directly related to the UserName field in the aspnet_Users table
What I am trying to solve is to show user specific information from the database, based on their LoginID.
i.e
My username is Laclerque and my club is called Racing Mongoose, the stadium capacity is 9500.. the information for each User needs to be different and just show the information that is relevant to them.
obviously in the longer term, there is going to be 100's of these associations required for the full game, but not until i can get my head around the basics of how to set this information. I tend to work better when i can see a working sample, and then adapt things to suit my needs.
I am trying to access a shared folder which is located on a different server rather than on the asp.net server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.