Security :: Restrict Folder Contents To Authenticated Users?
Mar 26, 2011
I am using the membership provider and am reasonably comfortable that all of my web pages are safe.Some of the pages contain hyperlinks to documents (pdf, xls, etc.) stored in a folder under the root of the web site. I have disabled the ability of users to anonymously list folder contents, but I don't see a way to keep anonymous users from accessing the documents if they know the specific URL for that document. Example; if the document contains a spreadsheet of current sales, I don't want an ex-employee (who captured the URL while working here) to be able to bring up the current document.asswording the documents isn't a good choice because there are hundreds and we'd like to avoid changing them all every time someone leaves, or weekly, or whenever...Is there a way to restrict access to all contents of a web folder to people who have been authenticated?
View 4 Replies
Similar Messages:
Aug 18, 2010
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
View 2 Replies
Apr 3, 2011
I have an asp.net application. There is a folder in the project that users upload images and files to that folder.
I want to restrict users, that each user sees only his files. How can I do this?
Because files are uploaded in folder, users may access them by browsing file urls.
View 1 Replies
Feb 12, 2010
I'm setting up a new web forms app and want to use ASP.NET membership. All my users must be authenticated. What is the best way to implement this?I'd love to deny all unauthenticated users in the root folder of the app by setting this in web.config but then where would I put the login folder? I'd like the login folder to be a subfolder of my root folder so that the URL can be www.myapp.com/login/Another idea is not to put the restriction in the web.config but put the logic in Session_Start in global.asax but I really like the idea of controlling who can see what using web.config files.
View 3 Replies
Mar 3, 2011
we want to have a fronend to a custom databasince, since I do have experiance with HTML/CSS and have used VB.NET before, I'm the one that gets to make it.
problem is, the one thing I have not used before is the autentication system in ASP.NET, I want to use single-signon for the system.
and I do have this right now, the only problem I have is how do I check if a user is logged in, and change the page content for autenticated users.
the template does have this:
[Code]....
which does indeed change the login view, problem is, how do I change this to change the pages and menu.this:
[Code]....
has to be a longer menu that also gives options to insert data into the database and/or remove/update the data.
View 3 Replies
Jul 1, 2010
In one website I am working on we're using a java applet in 2 places: the 1st one in a public area where it works just fine and one in a protected folder where it just doesn't work. The protection is performed with forms authentication. The error is shown below. Any clue ?
java.lang.ClassFormatError: Incompatible magic value 218774561 in class file activeup/activeupload/UploadApplet
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(Unknown Source)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.ClassFormatError: Incompatible magic value 218774561 in class file activeup/activeupload/UploadApplet
View 4 Replies
Jun 3, 2010
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
And web.sitemap:
[Code]....
View 8 Replies
Jan 23, 2010
[Code]....
Trying to restrict access to folder but can't?
View 6 Replies
Mar 7, 2010
I am developing a website that has 2 roles of users.i have made 2 folders for each type of user's web pages. how to imply security so that 1 type of user could not see other user web pages.is thier any other way or i will have to check form the databse for credidentials every time the page is visited?Also let me know why do people put web pages in folders?i am not using sql membership and not even .net classes for role management.
View 7 Replies
May 12, 2010
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
View 2 Replies
Aug 9, 2010
I have a login form and users have to enter their username and password for entering the sites ..
Also now its possible for users to enter the sites without login .. they can select the options in the menu and access them ... But i want to restrict the users ..only allow them to access the menu componets after login ... If they tries to access the contents a text have to display ask them to login
how can i do that... i am using vb.net as my language in the page
View 22 Replies
Mar 3, 2011
We deployed our usercontrols (gridView, textboxes & button) on sharepoint 2010 site, & everything works fine.
Now testing team are able to alter the viewstate value of controls through Fiddler and changed it with some junk characters, now after submitting
the form to server, it throws Invalid JASON Primitive (server 500 error)
In web.config file, by default EnableViewStateMac is true.
Is it any way to restrict the users or any way to stop the postback if some one alters the viewstate.
View 1 Replies
Jan 4, 2010
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 Replies
Jun 18, 2010
At first I got an error that the user did not have permission to read the config file (web.config).
So I gave NETWORK SERVICE and IIS_IUSRS read on the website folders.
But now vistors can not access images and other static content from the Content folder without logging in. Aspx and .ashx content works however static content is redirected to the login page.
View 6 Replies
Jan 12, 2010
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
View 4 Replies
Jan 1, 2010
I am ristrcting access to the Account folder using below:
<location path="Account">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
and access to the Default.aspx using
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
but how do i restrict access to a specific file in the Account folder rather than the entire folder?
I tried the following but did not work
<location path="AccountChangePassword.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
View 1 Replies
Feb 9, 2010
Im trying out the Hudson Continuous Integration. After the build is executed i want to copy the content of the ReleaseBuild to another website on the server.This should be possible i guess but i cant seem figure it out.I know this can be done in nAnt and msbuild but i need to make Hudson do it, eg plugin or something.
View 1 Replies
May 15, 2010
We store backup archives in subfolders of a folder on one of the server's external USB drive. I would like to have an ASP.NET app read the contents of this folder so the manager can view the backup files to confirm backups are working and optionally delete these backup files when an old drive is reconnected so it can be used for the next weeks backups.
This backup folder is oubviously outside the server's webroot. Is there some way I can grant authority so the ASP.Net app can access this folder for this purpose? I would be using VS Web Express, so can't create any signed packages and such.
View 3 Replies
Oct 18, 2010
I have a simple user-registration website where I keep records of registered users. I also have an admin page to upload videos, however videos are uploaded to a different server.
I'm using the <video> tag to show the video:
<video width="560" height="340" controls>
<source src="path/to/myvideo.mp4" type="video/mp4";>
</video>`
I want to show this video only to my registered users on my website, since the video is on second server, how can I protect it?
I thought I could build an application and install it on second server, this app will watch whether the requested url is for videos, if so then it'll redirect the user to my login page and here he'll be authenticated and again redirected to the same video url.
View 1 Replies
Feb 19, 2010
Need to get a list of currently loggedn in(authenticated) users from IIS6, and to display them in updatepanel (ajax).
View 1 Replies
Aug 1, 2010
In my ASP.NET MVC project i have following tag in in web.config file
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
This causes even the authenticated users but unauthorized resource requested users to redirect to logon page. but i need only to redirect this page if user try to access unauthorized page and not already authenticated(logged on) and redirect to custom page.
Is there easy way to do this without writing custom action filter?
View 2 Replies
Mar 6, 2011
We have a series of Silverlight apps that use WCF services via SOAP for just about everything. As we migrate to AJAX we've been hoping to expose the same services via JSONP with little more than config changes on the server.Although the message "Cross domain javascript callback is not supported in authenticated services" seems pretty explicit, I'm hoping there might be a way to allow it. We have a need to expose user-centric data across domains, but we'll need to roll our own JSONP to make it happen if this is a hard "unsupported". It would be even better if there was a way for the server to validate the referrer against the client access policy we provide for Silverlight clients, but for now we just need the general requests to not fail if the user happens to have an auth cookie for our domain from a previous visit.f there's no way to allow this to just work, we're also considering the option of channeling the requests through an IFRAME, but we're definitely open to other recommendations.
View 2 Replies
Feb 3, 2011
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
View 2 Replies
Feb 15, 2011
How can I Restrict Access to an specific folder, for example I have a folder that Authenticated users upload different files in it. the problem is that every user can access the files via URL in the browser.I don't use asp.net login controls for authenticating and role memberships, I have written login page and roles my self via code behind.
View 1 Replies
Sep 23, 2010
How to restrict folder access in asp.net like i dun want any other to see my Uploads folder in browser by link http://www.myweb.com/Uploads
View 3 Replies