Security :: Web Application Query For Authorized Users For Certain Features In The Web App?
Jun 21, 2010
I am trying to give access to a button for only authorized users. These users are all apart of the domain's administrative users. The button should only appear to these users. Other users will not be able to see or access the button. how I could make my web application query for authorized users for certain features in the web app?
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
I am making application in asp.net and I wanted to implement security features in my application I want help from you experts with good logic on implementing security Field Level, Button Level and different DIV section level security. Where I wanted like read only, addition, edit and delete and also I can make Groups and then assign user in that so that group security I can give. Customize security for some users.I am ready to use some DLL or Active X which give me above.
Before I was using database for security logic where in I was putting some codes in comma format and was looking that for specific control on form load but it have disadvantage that when some user have access to database that can alter make problem.
I need my users are redirected to AuthError.aspx page ("You don't have the access to this page") in the case when they are authenticated but try to access the page that they cannot access (because of the role for exam). If I set up web.config so:
this is the system's wrong behaviour because an user is already authenticated and there is no need to redirect him or her to this page. But if I write here AuthError.aspx instead Login.aspx how could I redirect not-yet-authenticated user to the login page?
Does an asp.net website developed locally with VWD 2010 and SQL Express need an SQL server on the the remote webserver or does asp.net have sufficient functionality to handle the SQL connection & requests? In particular I am using the membership features of asp.net to log users in and out.
I am pretty new to ASP. I have a asp page created and it is using the active directory to authenticate the user with AD login credentials. My problem is the code is working fine in our TEST environment. And the same code when I move to Production it is giving me an error saying you are not authorized to view this page.
i have in database following tableUSERS,GROUPS,MENU,MENU_ACCESSafter user login he caan type in address bar then he navigates to pages URL in menu tablei need to check if user is authorized upon his group if not authorized he will be redirected to not authorized pag
Though I have not tried it but i guess asp.net allows us to delete all the users in our application. What i mean is if it allows us to delete all the users, then at 1 point my application might become defunct or I will have to go back into WAT.
In my application only users in admin role are authorised to create new user, but when all user can be deleted, what will hpapen?
And if a user is logged in and deletes himself, he still remains logged in though with restricted access untill manually logout is not pressed.
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp). I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
I have 2 different website/applications with 2 different asp.net membership databases in the same server. Now my client wanted to create a user in one website and add that person automatically in to the other application/website/database too. Right now my applications create users using asp.net membership and added to its respective databases. Is it possible to create a user from different application using asp.net membership?
I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines: [Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this: [Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is: [Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.
I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.
I can I make the new application to recognize the users and roles of the existing database?
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
i am trying to implement ldap features to my web application in asp.net C#......
i implemented the ldap features in such a way that,if the ldap path is given like:
this will allow all the groups under this server and domain how can i differentiate between the groups for example consider an hospital i want this application to be accesible only by doctors,even the cashiers of the hospital will be able to access my application,how should i not allow certain set of groups to be authenticated to my application.