Security ::redirect If A Folder Is Protected By A Web.config File?
Jun 9, 2010
There are some folders in my application that are only accessible by users in certain roles.In order to protect the contents of these folders, I placed web.config files in them which look like so:
[Code...]
Also,in the main web.config file, I have this configured:
[Code...]
However,when I try to access a folder that I'm not authorized to access, I'm not being redirected to unauthorized.aspx page as indicated in the main web.config. Instead,I'm getting sent to the login page.Any idea what I'm doing wrong? Here's the authentication section from the main web.config:
[Code...]
View 6 Replies
Similar Messages:
May 24, 2010
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 Replies
Jul 1, 2010
I was following the tutorials from this two sites:
http://www.15seconds.com/issue/070104.htm
http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
View 4 Replies
Mar 7, 2011
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
View 8 Replies
Jun 13, 2010
I have a problem configuring web.config file. In root directory I have a web site that doesn't require logging in to be viewed (public section of the web site) and I also have a folder ("Administration") that needs logging in to get access to it. Login.aspx is located in folder "Administration".
The question is how to properly set up the web.config to connect Administration/Login.aspx with Administration/Default.aspx. I tried editing web.config in root directory by adding the following lines, but it only shows me Login.aspx and it redirects me to the public section:
[Code]....
Do I also have to add web.config in "Administration" folder and with which parameters?
View 8 Replies
Dec 28, 2010
I use ASP.NET RoleMembership. I have 3 Roles :
1. "Admin"
2. "Manager"
3. "User"
By default, all new users are in "User" role.
I have 3 folders:
1. auth - "Admin", "User"
2. manager - "Admin", "Manager"
3. Administration - "Admin"
If "Manager" tries to access "auth" folder, it is redirecting to login.aspx page. But because the "Manager" is authenticated already, how to redirect him to "manager" folder instead of Login.aspx page ?
View 5 Replies
Jan 5, 2010
I seem to be having a problem with my visual studio 2005/2008 installation or something because it isn't providing any IntelliSense whatsoever for controls registered on web.config files in folders different from the root, but it isn't showing any errors neither. Is this behavior normal?
I have access only to the folder of my sub-app, so I can't modify the root's web.config file. Well I COULD, but I'm NOT allowed to.
What I'm trying is to register some WebUserControl's on the web.config file for sub-app folder, so all the pages in my sub-app can use the WebUserControl's without having to register them on every page, but I'm not getting IntelliSense for those controls registered on the web.config file on my sub-app folder, but I do get IntelliSense if I register them on the root's web.config file. IntelliSense for everything else appears to be working fine.
In the web.config file on my sub-app folder I have something like the following:
[code]....
am I doing something wrong?
Update Now I have upgraded to VS2008 SP1 and the issue persist
View 1 Replies
May 28, 2010
I want to redirect my Javascript and CSS URLs to Homepage(Default.aspx) by web.config or via anyother way in ASP.Net. I tried to try it but I can't able to do this thing. I have already checkout ASP.Net professional book but I can't get any reference for it anywhere.
View 2 Replies
Jun 24, 2010
I have a website that has anonymous authentication enabled. Now for a particular folder I want the users to be logged in with a userid and password. The user id and password is going to be same for everyone.
Eg user id is TEST and Password is answer. How can I do that?
I went in to that folder ->properties->directory security->edit-> And I disabled the anonymous access
But where should I add the User Id and Password? Under which option.
View 5 Replies
Jul 28, 2010
I have what I think is a very common scenario but I've searched quite some time now and can't seem to find the answer! I have a standard web app that has a web.config in the root directory. I have some account management pages in a subdirectory called Accounts. Any timeouts at the root level work fine - the user is redirected to Default.aspx as indicated in my Forms authentication. My problem is when the users are in the Accounts (or any) subdirectory and they go off for coffee and the app times out. On the next click, they get an error saying "Accounts/Default.aspx" cannot be found. And Default.aspx is not there as it sits at the root level. It's trying to redirect them to the default login URL as defined in the web.config file but that doesn't work when the user is sitting in a subdirectory. I don't want to put a default page in this any every sub directory. I have tried putting a web.config file in the subdirectory but it throws the error about machine to application level/IIS.
View 1 Replies
May 28, 2010
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
View 7 Replies
Dec 31, 2010
I have a web service which is in a folder within my application. This folder is only accesible to certain roles. I use this service in a page on root of the application but I block creation of the javascript or the service definition in the aspx page if the user is not in the role.
The problem is that when anonymous users try to access the page in the root of the application they are prompted for a user name and password. I hope I am clear. The code below is what I have set up in the ASPX page:
[Code]....
View 3 Replies
Jun 18, 2010
I want to make my web.config password protected so that external users do not open it. But my application should be able to access. Is there any way to do this?
View 2 Replies
Mar 21, 2011
I'm looking to deploy a web app and I have a simple question about the <location> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:
<location path="AppMyPages">
<system.web>
<authorization>
<allow roles="tester" />
[code]...
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Jan 27, 2010
Am trying to open a .pps/.ppt file through my vb.net code.....due to secure reasons this file is password protected,
However i will not like the end user to put a password when accessing through my application.
Hence i want to pass a password as a parameter while open such a password protected file.
Here is my code.
Reference URL: http://support.microsoft.com/kb/303717/EN-US/
Dim oApp As Microsoft.Office.Interop.PowerPoint.Application
Dim oPres As Microsoft.Office.Interop.PowerPoint.Presentation
Dim objpresset As Microsoft.Office.Interop.PowerPoint.Presentations
oPres = objpresset.Open(filename, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue)
Where can i provide password while opening a ppt file...
View 2 Replies
Mar 15, 2011
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
[Code]...
i tired this but its giving error
[Code]....
View 1 Replies
Mar 15, 2011
I fully followed the steps in this page [URL]
look at the step 5 at "Using the Example Provider in an ASP.NET Application" element , I entered the command "
aspnet_regiis.exe -pe "connectionStrings" -app "/SessionState" -prov "TripleDESProvider"
" at the windows command line, it asked me "The protection provider 'TripleDESProvider' was not found"
I make sure the files keys.snk and keys.txt are in the same folder and the file web.config is correct. Who can tell me the reason for the error and how do I handle with it?
View 2 Replies
Aug 30, 2010
I have developed asp.net 2.0 website with crystal report now what my problem is whenever i go to crystal report page its by default going to login.aspx or default.aspx though i didt set any login to my asp.net page..
I talk with my hosting provider they said that the asp.net impersonate is enable..
I think in IIS 7 authentication if i set anonymous access enable, will it work fine?
so i need to know how to enable anonymous access from my webconfig ..
View 3 Replies
Apr 13, 2010
i have to copy AI file from client machne toserver without use the file upload control.
Can i use Scripting.FileSystemObject ?
View 1 Replies
Jan 27, 2011
I have requirement to copy or move file from webserver app folder to local file system folder (user selected). How is it possible in ASP.Net.
On my page i have textbox and browse button and user clicks browse button to select folder and there is Copy/Move button and when clicked the files under webserver folder should be move to the user selected folder. The webserver folder path is available to application.
View 1 Replies
Jun 18, 2010
How to protect our web.config file from external access.
I mean some sort of password protection.
View 3 Replies
Mar 8, 2010
when i set forms authentication to my website to web.config file as
<authentication mode ="Forms">
<forms
loginUrl="login.aspx"></forms><authentication><authorization><deny
users="?"/></authorization>
and login button ,i write the following code
FormsAuthentication.RedirectFromLoginPage("login",
false);
and logout button ,i write the following code
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
it works but when i press browser back button after logout button click
it maintains the page history and the page will redirect to last requested page
View 7 Replies
Sep 23, 2010
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
View 10 Replies
May 6, 2010
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 Replies
