Security :: Protected Image Accessible If Url Typed Directly In Address Bar?
May 6, 2010
I have a page which shows different set of images depending upon whether the user is logged in or not, all the images are stored in the same directory, i want to restrict un-registered users from accessing the images by directly typing the URL in the address bar.for this i cannot change the permission set in webconfig for this directory as it contains images for registered as well as un-registered users,Is there a DOTNET setting which i can change to solve this problem or do i need to change something at IIS level (i am using a shared hosting with GO-DADDY so have limited access to IIS settings.)
View 1 Replies
Similar Messages:
Feb 25, 2010
I am using master page, and there is an image on top
<div
id="header"><a
href="http://www.google.com"><img
src="image.jpg"
alt="abc"
style
="border :0px; height :80px;"
/></a></div>
There is content page where I have grid, when I click on it, I am displaying modal popup. Everything works fine. The only problem is: I have close button on top of the modal popup window. If modal displays on top of the image, and if I click on close button, then close button event will not fire, insted it redirect to google.com. All other controls besides image are not accessible. If image is not behind of modal (if I scroll down the page), then close button event works fine.
View 2 Replies
Jan 29, 2010
When I link to a file in a web folder which is user/password protected on the host, I get a panel requiring me to enter the correct user id and password.
I would like to create a link in my form that provides the id and password without exposing it to the user. How can I do this?
View 2 Replies
Jun 9, 2010
There are some folders in my application that are only accessible by users in certain roles.In order to protect the contents of these folders, I placed web.config files in them which look like so:
[Code...]
Also,in the main web.config file, I have this configured:
[Code...]
However,when I try to access a folder that I'm not authorized to access, I'm not being redirected to unauthorized.aspx page as indicated in the main web.config. Instead,I'm getting sent to the login page.Any idea what I'm doing wrong? Here's the authentication section from the main web.config:
[Code...]
View 6 Replies
Sep 15, 2010
now i need to develope the application to display the images when ever the files are scanning in the scanner machine. i want to display the images directly from the scanner.
is there any way to do this?
View 1 Replies
Jun 2, 2010
I have a requirement where i need to upload image files and display them as thumbnails on webpage. when clicked on thumbnial image the orginal uploaded image must display.iam in great confusion whether to make thumbnails dinamically on the fly when retrieving the orginal image or make thumbnails and save them to saperatefolder when uploading and save orginal image to another folder.
View 5 Replies
May 24, 2010
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 Replies
Mar 25, 2010
i just want simple mechanism to make images update at my website copyright protected, so i want to protect them witht the password. any of the techinque will do , i just want the iamges to be password protected so that i can dignose whether the uploaded image is not from my site.
View 3 Replies
Feb 23, 2010
So my question is more in relation to what people consider to be the best practice and why:
I've been dropping literals into pages and repeaters and binding them in code behind for a while. Is this considered bad practice?
ie:
ASPX Page:
<asp: Literal id="litTextToInsert" runat="Server" />
Code Behind:
litTextToInsert.Text = objData.MyText;
OR (repeater):
[code]....
I personally dont like doing this as i find it makes it harder for me to know if someone changed the field name, or mis typed it during development - the other way you won't know until the page loads.
With the strongly typed version if something changes in your DAL etc the build will break - letting me know I've messed up.
Why do so many people appear to use weakly typed code in ASP.Net (in examples, MVC, etc)?
Am i missing something?
View 2 Replies
Nov 25, 2010
Given the benefits of using strongly typed views to eliminate typed errors and the use of lambda expressions why would one use a dynamically typed view? When I use them I don't feel as safe as with strongly typed views. Am I missing something? Is there a special use for them?
View 2 Replies
Apr 27, 2010
In my Membership.aspx, I added a LoginView control. Then on the LoggedInTemplate, I typed "You are Logged in. Welcome," and a LoginName control. After testing from ASP.NET Development server and IIS server, now my LoggedInTemplate showed "You are Logged in. Welcome," several times before displayed only one LoginName/UserName. Why? Something wrong when testing in the ASP.NET Development environment or IIS server configuration?
View 3 Replies
Jan 15, 2011
So as the title suggested, I'm currently trying to compare the hashed answer in my database against the answer typed in the textfield by the user in the form.
I thought of hashing the answer in the textfield typed by the user first, and after that compare this newly hashed answer to the one in the database (which is already hashed). But when I typed in the SAME answer (before hashing) and hashed it to get the hashed value, by right the 2 hashes (in web form and database) should match? Somehow, it didn't. And I can't seem to get security answer right anymore (even though I typed the SAME security answer).
This is the code behind the button:
[Code]....
I tried in another way too, but still the same thing.
[Code]....
View 4 Replies
Jan 27, 2010
Am trying to open a .pps/.ppt file through my vb.net code.....due to secure reasons this file is password protected,
However i will not like the end user to put a password when accessing through my application.
Hence i want to pass a password as a parameter while open such a password protected file.
Here is my code.
Reference URL: http://support.microsoft.com/kb/303717/EN-US/
Dim oApp As Microsoft.Office.Interop.PowerPoint.Application
Dim oPres As Microsoft.Office.Interop.PowerPoint.Presentation
Dim objpresset As Microsoft.Office.Interop.PowerPoint.Presentations
oPres = objpresset.Open(filename, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue)
Where can i provide password while opening a ppt file...
View 2 Replies
Mar 19, 2013
I want to give a link in image buttons.. while am clicking the image button it goes to another website.. example, the image button contains the google logo if i clicked means it goes to google website.
View 1 Replies
May 7, 2010
i have an aspx page which on page load needs to populate a text box with the current users email address (user is in Active Directory), any body know how to retrieve the email address from Active Directory, i have read this article on the web but am a bit confused
string userName = Environment.UserName;
string domainName = Environment.UserDomainName;
//Set the correct format for the AD query and filter
string ldapQueryFormat = @"LDAP://{0}.com/DC={0},DC=com";
string queryFilterFormat = @"(&(samAccountName={0})(objectCategory=person)(objectClass=user))";
SearchResult result = null;
using(DirectoryEntry root = newDirectoryEntry(rootQuery))
{
using(DirectorySearcher searcher = new DirectorySearcher(root))
{
searcher.Filter = searchFilter;
SearchResultCollection results = searcher.FindAll();
result = (results.Count != 0) ? results[0] : null;
}
}
string primaryEmail = result.Properties["mail"][0] as string;
There is no defintion of rootQuery- so not sure what that is, or a definition for searchFilter
View 1 Replies
Apr 26, 2010
i have developed one website,
this website should be free of cost to india.
if any other abroad countries, it should not access without paying the money...
how can i do this concept...
View 4 Replies
Mar 9, 2010
I have an application where in the User Authentication is from the AD useing Directory services.
If i type in the address of a valid page from the application into the Address Bar, it throws me to the Login Page.
However if i am logged in and i type in the address of a valid webpage, the application takes me to the page. Is there any way that this can be restricted.
If i type in the URL into the address bar the application should throw me to the Home page of the application.
View 1 Replies
Sep 21, 2010
we have one e-commece website which combine one ip address and 4 domains, I want apply for one ssl certificate bind ip for this site, is it possible to be used for 4 domains? is it possible to apply for certificate for ip address?
View 1 Replies
Nov 19, 2010
I want to increase the security of my website, does creating http module that block certain ip address will increase security?
Since IP Address can be manipulated if I'm not mistaken, I'm not sure that creating HTTP Module will help.
View 1 Replies
Apr 28, 2010
Our site has a page for maintenance of existing members (e.g. adding / changing roles, etc.)This page currently uses a gridview to show a complete list of all members, based on GetMembers() method to populate it.However, as the number of users has grown to several hundred, it has become difficult to locate a particular user by paging through several pages.Is there a way to narrow down this list, maybe with a filtering textbox, so that as you start typing into that textbox, only members whose name contains the typed characters will show up in the gridview?
View 8 Replies
Sep 17, 2010
I would like to develop a web application in which I can track the details(IP address...etc) of my website visitors....using vb
to implement the above web application
View 1 Replies
Oct 7, 2010
In my update Membership account routine, I have the sub:
[Code]....
This sub runs successfully and everything is updated, including the membership question and answer, except the membership.getuser.email address which is not updated.
View 1 Replies
Mar 18, 2011
I have a create user wizard on my page. Requires Security question hasbeen set to false. Once a new user is registered they can log in fine. If they forget their password, i have written code so that the user can enter the email address they used to register and a replacement is sent. The problem is I have written an application that is accessed by different people. So if the user that registered the account leaves the company
View 1 Replies
Mar 19, 2010
I want to know how to get the unique address of PC over the internet, LAN,WAN,Without any network connection,Coz For Some Security Reason...
as well as i want to know about the following....
Windows IP Configuration:-
1. Host Name
Ethernet Adapter Local Area Connection:-
1.Physical Address (MAC Address)
2.IP Address
3.Default GateWay
4.DHCP Server
5. DNS Address
I want to know unique Address for PC which should not be the same address for other PC Around The World...
Coz MAC Address also can be change.. so how to know the unique address how is accesing my Website..
View 11 Replies
Oct 11, 2010
We are using Profile.FirstName and Profile.LastName to get current user's firstname/last name. How do we get current user's email address?
View 2 Replies