I have directories in my website which require authentication.
But when i type the url with the directory name it lets me see the files but doesnt allow access as users need to login.
How can i stop users viewing files if they manually type directory name in?
I have a directory that holds some images for my site. I have noticed that if i put in the my web sites address followed by "/directoryname/imagename.jpg"
it displays the image i have in that directory. Is there anyway to disable this or stop this from happening? so that the images can not be displayed like this
I wrote a chat client 1-1 but I need a way to be able to detect if the user is typing and display "UserA is typing message..." just like MSN messenger or yahoo messenger.. how can I detect that?
View 2 RepliesI am making a small file hosting website, and each user can upload multiple files, and will have access to just his files and can't access others files, for example by guessing the URL. Is there a way to secure files to have access by just the owner and no body else "may be website administrator also will have access"
View 3 RepliesI wonder if there is anyway to deny users from beeing able to view or acces speciall folders in the application...for instance.. lets say that we have an application with teh folder "dir",then by default the user whould be able to type [URL] and actually access this folder and see all its content..or if we have an image file for example in the "dir" folder called "img.jpg" then the user whould be able to type [URL] and the image file whould be shown...but what if I dont want the user to be able to see this file,or any of the dir-folders subfolders and files?..how whould I do that?
View 6 RepliesI have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
[code]...
I am implementing strightforward membership provider. I do not want new users to be able to login without being approved.
I have tried the setting on the registration wizard called DisableCreatedUser="True" and this does not work.
I also set LoginCreatedUser to False, and the user still gets logged in.
If I look in the SQL membership table, 'IsApproved' is set to 0 for the account, but they can still login.
suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
I have a web site with an administrative section. All administrative pages are stored in a directory called "db/administration". There is only one user that I want to have access to the pages in this directory. That user's username is "system". Currently, I am using the following approach in my web.config file:
[Code]....
When I logged in as another user, I was still able to access pages under db/administration when I navigated to them through the browser's address bar. What am I doing wrong?
.NET 4.0
I wonder if it's possible to use .NET to get access to users in Active Directory:
- Methods that returns a collection of users belonging to a specific AD group
- Get access to AD propterties beloning to the user account, want to check if the user account is disabled or not
OK ... I want to make album ... I try to make it using buttons( next & pre ) using imageButton control and variable (i)
So ... each next (++i) & pre ( --i) to show allimages in directory ("photo")
Here my code in C# ::
[Code]....
Now ... It's working ... but the problem that I used server control (ImageButton) so all clients can affect in value of (i)
so (i) will be change in server ... what is the solution ?
I try to use the html control but i found it (difficult) ..
I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.
I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?
From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?
I want to know how to do Active Directory Authentication in my intranet web application,
So far I created a simple login page and I am using the login control. my questions are how do I configure the application, how do I interface the login control so it will take the user to next page once they input their usual active directory username and password.
I have some code that returns my LastPasswordSet date when I use my administrator account on my development machine using localhost but when I deploy to me test server and I get an exception "Object reference not set to an instance of an object"
[Code]....
[Code]....
Any ideas?
My testers have discovered that if you type free text into a file upload input then none of the buttons on the page work until that text is removed (so the page cannot be submitted).
I am able to replicate this with the following ASPX code (with no code behind):
<%@ Page Language="C#" AutoEventWireup="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<form id="form1" runat="server">
<div>
<asp:FileUpload ID="fuTest" runat="server" />
<asp:Button ID="btnSubmit" runat="server" Text="Submit" />
</div>
</form>
</body>
</html>
(Note that I haven't bound any handlers to the page; despite this, the page is submitted when the submit button is clicked only if no text is entered into the upload text box)
Is there any way to prevent users from typing free text into a file upload control? It seems that this is only possible in IE - Firefox and Chrome natively prevent text from being entered into upload input fields.
I've seen solutions elsewhere which suggest hiding input and replacing it with a label / button combo, but this seems like it might cause more problems and work inconsistently across browsers.
I am trying to hide the admin files from normal users, however I get the following error:
Error 11 Unrecognized configuration section siteMap.C:projectsFamilyPhotoAlbum_VS_2010web.config 137
Below is the web.config:
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
WindowsMicrosoft.NetFrameworkv2.xConfig
[Code]....
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 RepliesWe have a whole bunch of WML pages that are served out using ASHX files and we've had no problems with them. However, someone has just got a Windows 7 Phone and when they browse to one of these pages they get:
Can't download file! Windows Phone doesn't support .ashx files Is there some IIS configuration that we need to do to make this work?
I m writing a web page to display user name and his contact number.
I m giving user a choice to enter user name once he enter the name i should be able to search in active directory and return all user starting with (inputed name).
DirectorySearcher deSearch = new DirectorySearcher(de);
//set the search filter
deSearch.SearchRoot = de;[CODE]....
Above code needs exact login name like adamjo which is not the purpose.i should be able to display all possible possibilities for example if user enters adam i should give him choice to select whether he want to see adam josef or adam john e.t.c.Is there any property to find first name from active directory?
I am writing an online interface that will allow a site owner to modify files and directories on the server.
I have gotten inconsistent performance out of System.IO.Directory.Delete(PathToDelete, true);. Sometimes it works great, sometimes it throws an error. My controller looks like this:
[code]....
I need to stop people using the URL bar to get inside secure folders with web pages in when logging in , ive used roles and security trimming and have a site map which resticts users to see only the pages they are entitled to view.
View 1 RepliesThe majority of files in the Temporary ASP.NET File folder for a given application get deleted by ASP.NET following compilation -- .DLL and .PDB files amongst others remain.
Our compiler produces proprietary debug information files which are amongst those that get deleted.
Marking the files read-only prevents this but are there other options available?
we can download other site css like right clikc their websites and we can see the css src / js src, then if we providee that filename in the address bar then it'll download, how to avoid this?
View 2 RepliesI've developed a file browser that will browser a different server shared folder. In order to get this working I'm using the unc path (\ServerSharedFolder) to return the files/folders. I've also added the following to my webconfig to get around the security <identity impersonate="true" userName="domainadmin"
password="password" />
It's simply a file browser, no create or delete functions will occur. The solution works and what I want to know is that this the safest way to do this? or the best way? I did try to use a virtual directory instead of unc path but asp.net would support this.
In asp.net c# , i want to implement auto website browsing i.e. when the user enters his user id and password on login page, the login button should be clicked automatically and a new browser should open and then the page should be redirected to desired page and then on the new page another linkbutton gets clicked and again redirect and so on.
View 1 Replies