i am using asp.net with vb
i have one page with registration.aspx.
i want that if any one wants to access that registration page he have to go through login.aspx page .
may be he write the page name (registration.aspx) in url, automatically it get redirect on login.aspx.
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in
www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
[Code]....
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
[Code]....
Here is the code for the handler:
[Code]....
Here is the code for the .js file:
[Code]....
Here is the code for the page:
[Code]....
I am working on a video streaming project, objective is to upload video to content provider's server and play it to the authenticated user only, it should not be accessible to unauthorized users, content provider provided APIs and Endpoints to pass security options but it seems not working when I pass those parameters to API along while uploading video streaming file, I need to know how I can do that, is there any other way that I can use rather than Content Provider's API Endpoints
View 1 RepliesI have images displayed in a website behind a username and password that is accessed by our customers. I have put in some simple measures to prevent users from copying these images. E.g placing an opaque image over the core image so that when users right click and save the image all they get is the opaque image.
I have concerns that customers could easily pass on their user credentials to competitors who can then freely view all the images.
Is there a way that a hacker or someone who wants to copy my software logic, can reverse engineer the business logic that I have in a webservice?
Is there a way to protect such information?
My development platform in .net asp.net and C#
I have an ASPNET Application (C#) that runs on my company intranet. This application allows the users to attach PDF files against records.
I am trying to get that PDF uploaded in such a way that whenever the user initially uploads (the uploaded PDF will always be unlocked PDF), the user name would be stamped on the PDF file and the files is locked by my application so that the user cannot change the PDF again, even when having a PDF Writer. Whenever required the application should allow the user to unlock the PDF and then allow the user to edit the PDF.
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
[URL]
I have an asp.net repeater control with a series of asp:hyperlink's
<asp:HyperLink runat="server" ID="name" NavigationUrl="~/Pages/display.aspx?fileid={0}&user={1}" />
and then on the OnItemDataBound method:
fullname.NavigationUrl=string.Format(name.NavigationUrl, user.fileid, user.userid);
So that gives me a series of URLs in the repeater:
[URL]
OK, so with a simple proxy tool someone can replace either of the parameters with some OTHER number to get access to what they shouldn't see.
server-side validation and authentication aside, is there a better method other than passing parameters when trying to create a dynamic URL within a repeater?
Does precompilation have any effect on XML files? i.e. can I obscure/protect xml files using precompilation? I assume that it has no effect as they aren't code.
If I use XML files as Embedded Resources, they appear in the DLL in a text editor as normal text. If the dll is edited and saved using a text editor, will it still work if it is unsigned?
I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place.
It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation.
I am working on an application that has several user controls (.ascx) of which I do not want to give away the code of. I have tried to search about it, but didn't get very far. I am using visual web developer 2010 express edition, so I cannot publish my website. Also, it doesn't have dotfuscator. What can I do?
View 11 RepliesI have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 RepliesI have a site map with a node and two inner nodes. The inner nodes have the same url but a different querystring parameter. I want the users with role "User" to see only the second of these links in their menu.
This is my siteMap:
[Code]....
This is the configuration of the web.config:
[Code]....
As a result, the users with role "User" can see only the second link (Search) which is fine, but they get an Access Denied when they navigate to it which is logic since they don't have access to that page, but it's not really fine for me.
I have created a forgot password page with a PasswordRecovery control in it.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em" Height="210px"
onsendingmail="PasswordRecovery1_SendingMail" Width="491px">
I want to redirect the user back to the login.aspx page once the user clicks the Forgot Password button.
When the user logs out of the page and does not close Internet Explorer, and again try to access the page either through favorite link or by entering URL, they are automatically logged into the page again.We want this NOT to happen. We want the user to always have to re-enter all Login data on the main login.aspxI have validated session correctly, even though this problem continueonly my system. Other system workingcorrectly. I think something browser settings problem.
View 3 RepliesI have searched hours but fail to solve my problem. I have got the following issue,
I have created a login page on my web based application, which works fine, I want if user manually types different page or bypass the login page then it should redirect to the login page.
The problem is I have use Master Page and when I do the following code; it went into the loop, because when page load the session value is null.
How I can exclude my login.aspx and Error.aspx pages from this Check.
[Code]....
I have design form layouts for signup and login pages
provide me the step by step code for sign up and login pages using c# with validation.
Recently upgraded my site to 4.0 and now having major log in issues
1) not staying logged in when moving from page to page
2) not logging it at all, just refreshing the page when log in button is clicked
3) not staying logged in after browser is closed
<authentication mode="Forms">
<forms timeout="120160" cookieless="UseCookies"></forms>
</authentication>
nothing fancy there, and it worked perfectly before the upgrade.
I'm doing a module in asp.net but existing was developed in asp.net i have to use the asp login page inorder to access the asp.net module.how do i pass session and cookies to my new module?
View 1 RepliesI already made a login page and other pages, but I need when I go to the other Page show me a login Page with the page I want to go to. So when I enter UserName and Password go to the page I focus on. For example I need to show authors Page so If I'm not login when It shows. The Login Page shows with the link to authorPage in the URL.
View 4 Replieshow to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
View 1 RepliesI am using Visual Studio 2008 Express and created a login page using the ASP.net web site Adminstration tool security to generate users and passwords.
After login, a new page appears. I have a button to go back to the login page to allow a user to relogin. When I try loging in again as a different user or the same, I get an error saying the resource that I am looing for was not available.
I have a button on the page after login (one this one page will occur) and I am using on on click event to do the following:
FormsAuthentication.Initialize()
FormsAuthentication.SignOut()
Response.Redirect("~/Login.Aspx")
After clicking on this button, the Login page appears again. How can I release everyting to allow it to work like when I first open the application.
This is the error message I get:
Description:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /MyFirstSite/default.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.3615; ASP.NET Version:2.0.50727.3618
Server Error in '/MyFirstSite' Application.
The resource cannot be found.