Security :: Prevent Unauthenticated Users From Seeing Non .Net Pages On Site?
Apr 9, 2010
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
How can we prevent non ahuthenticated users from like and dislike multiple times?one way : save Ip address in a cookiebut theres's two problem1. I heard Ip address isn't unique and changes frequently2. cookie can be deleted by userI'd .
i have create web application for school management system...bt when i run my webside...(my welcome page is defaul.aspx bt if i want to acces studentdetail.aspx then i only enter url and i get studentdetail.aspx)
When I run my website through debug mode in visual studio everything looks great and all the images on the page show up fine. But once I deploy my website to an IIS7 web server (doubt that other versions would make any difference, but you never know) then users can't see the images on the site until they log in.The website is an asp.net MVC site and I'm new to MVC, though I do have lots of experience with asp.net forms. It seems that only authenticated users are allowed to access the images folder, and there is an authorization section in my web.config saying that only admins can access the site, so how do I make it so that all users, authenticated or otherwise can view the images?
I have an issue with loginUrl parameter on Forms authentication. Forms Authentication always redirect unauthenticated users to ~/Account/Login ignoring the url configured into Web.Config.
This happend if i add reference to WebMatrix.WebData,WebMatrix.Data into main web.config file (system.web/compilation/assemblies). N.B.: Moving this reference to child web.config file (the one contained into View folder) error doesn't occour anymore
I have an application that uses the ASPNET role provider.My SQL Server crashed so I took a backup of the database and restored it to a new SQL Server and changed the db connection string to that server.The web site runs but no users can login to the site.Is there something that I should have done when the db was on the other server?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
I am having issue with Https when i host my site on https i got warning "Contains unauthenitcated contents".
And site is not looks like that it has been host on https secure server. whole site look normal while on same domain few pages don't have such problem they working fine.
When i cheched it i found that the page where i have asp.net validation control causing problem once i remove it page start working fine.
i have a website having a couple of pages,i'd like to allow all users to be able to browse some pages and deny them some web pages.I know it's something to do with creating an authorization tag and adding some allow or deny user,but i have no idea how to implement it.
Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
I'm at the point where I want to allow users to register at my site and then allow users to login, so I am trying to get a feel for how everyone is handling this use case.
In my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
I picked up a new-to-me client who had a site built in ASP.net (which I do not host).I converted the site to PHP, which worked fine.I want to set up redirects for all the pages he had in the old site (it was a small site, so there was only 8 pages).As an example, the ASP.net url for the Contact page was www.domain.com/Contact - it is now www.domain.com/Contact.php (and so on).
For 301 redirects from one PHP page to another I normally use the .htaccess file:
I've been using an asp 3.0 widget for this purpose , but it been broken for a while and rather than get it back up, I'd love o get a native asp.net solution, can any one point me in the right direction pleaseI once wrote some asp.net code to do this, but the permissions on the server, which I found to be common every where prevented asp.net native picture upload, perhaps i got it wrong, well now I wanna fix itI need the code to work in a shared hosting IIS 7 environment. I use vb.net, but can usually convert c# to vb.net
When i'm trying to debug or view pages of my site in browser asp.net dev server doesn't turns on pages automatically and when im trying to go by url it throws me an error See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text ************** System.ComponentModel.Win32Exception (0x80004005): Не удается найти указанный файл at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at Microsoft.VisualStudio.WebServer.WebServerForm_DAL.DoLaunch() at Microsoft.VisualStudio.WebServer.WebServerForm_DAL.OnLinkClickedHyperlinkLinkLabel(Object sender, LinkLabelLinkClickedEventArgs e) at System.Windows.Forms.LinkLabel.OnLinkClicked(LinkLabelLinkClickedEventArgs e) at System.Windows.Forms.LinkLabel.OnMouseUp(MouseEventArgs e) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m)............................
