suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
First of all, thank you for the attention.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
Allow Admin Users to Access Basic Users Accounts?
View 4 RepliesI have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
[code]...
I am implementing strightforward membership provider. I do not want new users to be able to login without being approved.
I have tried the setting on the registration wizard called DisableCreatedUser="True" and this does not work.
I also set LoginCreatedUser to False, and the user still gets logged in.
If I look in the SQL membership table, 'IsApproved' is set to 0 for the account, but they can still login.
I have directories in my website which require authentication.
But when i type the url with the directory name it lets me see the files but doesnt allow access as users need to login.
How can i stop users viewing files if they manually type directory name in?
I put common code in the app_code directory. I access classes in the code all the time from aspx.cs files by "using" the name space from the C# file in app_code and then referencing the class. Now I want to access a class from an app_code file a aspx file. How do I do this?
View 8 RepliesIm using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
I have a table for labels in SQL server, in this table i hold all the text for all the labels i use in my website. The reason i am doing this is because i creating a bilingual site, which will display two languages on one page at the same time. The other language being arabic.
So what this means is that whenever a page loads, it needs to go and fetch the text of the labels from the database to display them on the page.
the way i have done this is that i have created a class called labels, and in this class i have created two methods, one called GetEnglishLabel(ID) and the Other Called GetArabicLabel(ID). Both methods take an ID, which corresponds to the id in the sql server database. Each of these functions is using LinqToSql to get the text for the label for the given ID.
My problem is that for every label i need to call this function, so as you might imagine on one page i might have over a hundred calls to these functions on page_load.
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
View 4 RepliesI'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesI am in trouble in to remove malicious code from our so many site , develope in asp.net andn in asp.
Most of the time hacker inject the code in Body tag at onload evenet and also at the end of html tag using Java Scriprt.
how to prevent it by programing a code in asp.net or in java script or by other...
I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.
Example:
Username: ricky
Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's
Username: diana
Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's
I'm using membership provider for the user authentication.
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp).
I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
I am currently developing a solution in which the user logs in once and can work on multiple customers at the same time on my site.I've looked at all possible solutions involving sessionid having stored the customerid, to launching a new browser session so i could have multiple sessions for one users etc. I also looked at using cookieless sessions.But the all fail because it's not a simple solution and in my opinion a simple solution is most of the time a good and predictable solution.
Therefore i came up with the idea to use url rewriting(i've seen this used in other applications). When the user opens a customer, i would like to start his url as follows "~/Customers/xxxxxxx/*.aspx" where xxxxxx represents the customerid. and *.aspx represents a complete subset of pages of my site. This would allow me to use a simple technique to use multiple user sessions within a single asp.net session.
Now coming to my problem, I have never done some url rewriting, therefore my questions:
- Is this possible.
- Can i protect all the pages that need a customerid as input(come to think of it, if no customerid in the querystring, redirect to a selection screen would be sufficient).
- How do i adopt all urls used in a sitemap etc in a structured way.
In my application i have 4 screens such as page1.aspx, page2.aspx, page3.aspx, Page4.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting.
View 1 RepliesCurrently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
.NET 4.0
I wonder if it's possible to use .NET to get access to users in Active Directory:
- Methods that returns a collection of users belonging to a specific AD group
- Get access to AD propterties beloning to the user account, want to check if the user account is disabled or not
I have created a new asp.net website ( 3 pages of c# ) I need now to apply security on those pages. each page has a couple of buttons to run specific process . How would I apply security in the following senarios
I have 3 people who have access to all three pages, however, each person has the right to click specific buttons on the pages. What is the best way to apply security.
This is what I thought and need someone to confirm it. I have created a table like this
id
controlName
RoleId
1
btnCreateCustomer
101
[Code]....
I want to select all the customers from "customers" table from a specific country. I write the following query but it is not working. why?
select *
From customers
where country = @country;[code]....
How i prevent "inline code" in .aspx or .ascx file like sharepoint "Code blocks are not allowed in this file"
View 1 RepliesIn my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
View 5 RepliesI have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
I've developed a web application and I've added some security features. Now i want to create a page for managing users and user access in my web application.Can anyone suggest some tutorial for managing users and access because i'm new to asp.net.
View 1 Replies
