Security :: Site Needs To Access File Across A Workgroup?
Oct 21, 2010
I have an ASP.net 2.0 website that sits on a Windows XP SP3 box on IIS 5.1. The website needs to go across a UNC path to another server to grab an image file. Both boxes are in the same workgroup but no domain is setup. I have created the same user on both boxes with the same password and the website is using anonymous access using that account. The account is an admin on both boxes(i know security risk but this is for testing). File.Exists() just keeps returning false but the file is there. I suspect it has something to do with the ASPNET account but i'm at a loss. I've tried aspnet impersonation using that account as well with no luck.
View 4 Replies
Similar Messages:
Mar 4, 2011
I have an ASP.NET MVC application that attempts to read a file in using a filestream and File.OpenRead().
When the path to the file is a share on the same workgroup, and I give access to NETWORK SERVICE for the share, this works perfectly as desired.
However, when the path to the share is a UNC path to a remote share within the LAN, with read permissions open for "Everyone", the "File.OpenRead()" method throws an exception saying "Could not find a part of the path".
In my test cases I'm debugging locally with the ASP.NET MVC app being given a UNC path to the computer that it's actually running on. It's a share on my C drive, being "Shared" with permissions to "Everyone" for read access.
Is there something in IIS that needs to be configured? If I try to impersonate, in this context, the impersonation doesn't matter because NETWORK SERVICE was the user trying to access the files when it worked for a share in the same workgroup.
View 2 Replies
Jun 29, 2010
Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
View 1 Replies
Oct 31, 2010
i want to know the number of users wich access to my site and show it
View 4 Replies
Mar 25, 2010
I am trying to find a good pattern to use for user access validation.
Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent.
When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately.
However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages.
I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly.
View 2 Replies
Nov 9, 2010
I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.
View 3 Replies
Dec 8, 2010
I have an internal corporate ASP.NET MVC website.
Requirement(1): When any person is on the network, they can access this site EXCEPT one AD Group (Example: AD_Sales group).
Requirement(2): Also like for example if a person that has the access passes a url (Ex: http://mysite/Home/Index/Product/Letter) to a sales group person, he still should NOT access and need to display a custom message saying "You are not authorised to view this page".
If the scenario is like to issue the access to one AD Group and deny access for all others, it is fairly is. It can done from IIS. I am Wondering how to do this.
View 2 Replies
Dec 10, 2010
1. I need to access the Site map File.
2. without webconfig file!
3. For ex: Admin,User
If admin Login all Menu will be visible
If user Login Limited menu Will be vislble.how to do that ,
View 1 Replies
Oct 15, 2010
I have an intranet site that i set up to windows authentication. It works fine most of the time but some departments wont be able to access the site and will be asked to enter user name and password.I checked their Active Directory account and the only difference i could see was that the organizational unit parameter was different than the rest of the users.
View 5 Replies
Aug 18, 2010
Why can I still access files inside a forms authenticated part of my site? Any webpages say that you need to login to view them, but people can still access images by typing in the address bar. I am using forms authentication with my own database, so none of the aspnetdb services like membership roles etc. Is this a bad way to do things because I'm pretty deep into it now and it would be very difficult to change.
View 16 Replies
Feb 8, 2010
I don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?
View 1 Replies
Jan 8, 2011
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
UserName
Email
PasswordQuestion
Comment
IsApproved
IsLockedOut
LastLockoutDate
CreationDate
LastLoginDate
LastActivityDate
LastPasswordChangedDate
IsOnline
ProviderName
)
but i can't see a way to export the following info for example;
<profile enabled="true" defaultProvider="AccessProfileProvider">
<providers>
<add name="AccessProfileProvider" type="AccessProviders.AccessProfileProvider" connectionStringName="ProfileAccessProvider" applicationName="MandS_2010" description="Stores and retrieves profile data from an personal Access database."/>
</providers>
<properties>
<group name="SupplierProfile">
<add name="CompanyName" type="String"/>
<add name="HoldingCompany" type="String"/>
<add name="Address" type="String"/>
<add name="Telephone" type="String"/>
<add name="Fax" type="String"/>
<add name="TypeOfSupplier" type="String"/>
<add name="DirectSupplierCode" type="String"/>
<add name="Alist" type="String"/>
<add name="otherCode" type="String"/>
</group>
View 1 Replies
Oct 13, 2010
I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.
[Code]....
View 10 Replies
Jul 8, 2010
I can't run a website in a workgroup, it needs username and password.
View 2 Replies
Aug 30, 2010
I have developed asp.net 2.0 website with crystal report now what my problem is whenever i go to crystal report page its by default going to login.aspx or default.aspx though i didt set any login to my asp.net page..
I talk with my hosting provider they said that the asp.net impersonate is enable..
I think in IIS 7 authentication if i set anonymous access enable, will it work fine?
so i need to know how to enable anonymous access from my webconfig ..
View 3 Replies
Jun 18, 2010
How to protect our web.config file from external access.
I mean some sort of password protection.
View 3 Replies
Apr 26, 2010
i am adding a login feature to a website with the user name and password stored in an access database table? can this be done through the WAT tool?
View 7 Replies
Nov 19, 2010
I have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
View 3 Replies
Jan 18, 2010
I have a question about security. If I put the ip address and full path for my swf file which is embedded within my asp.net application I can access it. I do want anyone to access that file. The file should only be viewed upon logging in to the asp.net webportal which displays it as an embedded flash animation.
View 1 Replies
May 6, 2010
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 Replies
Jan 26, 2011
Running winXP and Visual Studio 2005. Using only the Development server at this stage:
Have added asp.net machine user in Windows for the directory in question
Have set up web config as
<identity
impersonate="true"/>
<authorization>
<allow
users="?"
/>
</authorization>
Problem: In test environment using VS development server, want to allow all users (will change to specific roles when implemented) to add and delete files from the directory App_Data. I can successfully upload files, but when I attempt to delete a file I get the error....
System.UnauthorizedAccessException: Access to the path 'C:Documents and Settings.......App_Data' is denied.
View 3 Replies
Mar 12, 2010
I am getting "Access Denied" error when I am trying to write a file on my hard drive (C:/.... xmls/test.xml) from a webservice which is also on my local machine.
The folder structure is like this
AdminApp (Web Folder on C drive)
- WebServices Folder
- TestService.asmx
-Xmls Folder
- Test.xml
I tried following settings in IIS in my efforts to resolve the issue:
- Set anonynmous access checked with my account name and password under "Account Used for anonymous access" alongwith integrated windows authentication checked. I am a admin on my machine.
- Disabled anonymous access with only integrated windows authentication checked. I have identity impersonate = true set in my web.config.
View 4 Replies
Aug 6, 2010
I'm pretty sure the answer to this question is no, but I just wanted to get some feedback before I go down another path.
Here is my scenario. I have two websites. Website 1 is an internal website that cannot be accessed outside of our domain. Website 2 is an external website that can be accessed outside of the domain, but has access to webservices inside of the domain.
My question is, is there any possible way to display the internal page through the external page without making the internal page external.
View 1 Replies
Mar 5, 2010
I'm moving applications from IIS6 to IIS7.5 (win 7 an win server 2008 r2), when 2 applications (with identity impersonate) try to get a file with response.writefile only from a UNC path i'll get "access denied". In IIS6 and Visual Studio Developer Web Server, same code works. I can save file with FilePath.SaveAs and get name and length with FileInfo, but not download. After 2 days of nightmares I have tried to change
Response.WriteFile(filePath)
to
Response.BinaryWrite(File.ReadAllBytes(filePath))
and now work. My question is: can I have a microsoft developer to sacrificate for my avenge?)
View 2 Replies
Dec 21, 2010
I have 2 website A and B.
B site with windows authentication
I want to open B site as new window from A site, so its ask for windows credential. I have credential in A site. I am opening B site using Javascript.window.open.
how i can set credential for B site from A site.
View 2 Replies