I have created an xml file. and I want only some websites that I have chosen to reach this file and view the datas of this xml file on their sites.
How can I do that? How can I give permission to some sites for and xml file?
I am pretty new to ASP. I have a asp page created and it is using the active directory to authenticate the user with AD login credentials. My problem is the code is working fine in our TEST environment. And the same code when I move to Production it is giving me an error saying you are not authorized to view this page.
View 2 Repliesi have in database following tableUSERS,GROUPS,MENU,MENU_ACCESSafter user login he caan type in address bar then he navigates to pages URL in menu tablei need to check if user is authorized upon his group if not authorized he will be redirected to not authorized pag
View 1 RepliesI am trying to give access to a button for only authorized users. These users are all apart of the domain's administrative users. The button should only appear to these users. Other users will not be able to see or access the button. how I could make my web application query for authorized users for certain features in the web app?
View 5 RepliesI have written a web application. All users open The default.aspx initially.
If user goes to auth/Login.aspx page and authorizes, he is redirected to auth/data.aspx
The problem is -
If user closes page and opens again, he is authorized (using cookies) but sees Default.aspx.
But because he is authorized already, is it possible that he is redirected to auth/data.aspx ?
OR
Is is possible to change the link in Master.Page to another for authorized users?
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 RepliesI am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
How do you compare the security of websites built in ASP.NET with other websites bulit in other technologies such as Ruby on Rails, PHP..?
View 3 RepliesI have 2 web sites both located physically on the same web server, I'll call them siteA and siteB. These sites are accessed by internal users on our intranet as well as external users on the internet.
SiteA is is setup on IIS6 using basic authentication which we connect to an active directory. The web config is set to use Windows authentication mode. The url to site a is etoolbox.xxx.yyy
SiteB is the same setup. The url to siteB is rdow.xxx.yyy
What I want is once the user is authenticated against the active directory when the login to SITEA for them to be able to click the url in siteA which opens SiteB in a separate browser window and automatically takes them to the welcome page without being prompted for credentials again.
Currently when clicking on the url to go to siteB I am being prompted again for my credentials.
Is there any way for both external and internal users to only be prompted once for their active directory credentials and then be able to go to whatever site they want to without be prompted for credentials again? Is this something I have to code for or is it handled automatically by IIS?
i have 2 websites, website1 has window.open link to the website2, authentication is forms (and windows but in web.config is set to forms) for both websites, when i click on the link and debug Request.IsAuthenticated should be true or false? both applications are running on the same machine
View 2 Repliesthe account we use to copy/publish websites to our web server is not allowing us access to push websites. I've added this account to the permissions in the links listed in the below link, but i don't have success when trying to push remotely. When the account is in the local admins account, everything works flawlessly, but we are not allowed to have it in there. http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/31be047e-4716-4974-b8a1-be0111b50199 I've googled and searched a lot for this particular error, but am not finding an answer that helps. We get this error, 'Unable to create the Web 'http://edea01/test/planning'. You are not authorized to perform the current operation', and the above link is the scenario that matches mine the most. I don't do develompment work, but am asked to figure out this connection problem.
View 3 RepliesI have a scenario with three applications:
1) Portal: where user executes login
2) Site1: after login at "Portal" user is able to use Site1
3) Site2: after login at "Portal" user is able to use Site2
I just need to execute a validation in Site1 and Site2, to validate if they (users) did login at Portal1.
Something like (in site1 main page page_load).
{
if (notFromPortal)
{
//redirect to Denied.apx
}
}
How can I do this in a simple way? With cookies? Does somebody have a url with sample?
My security requirements are almost zero. I just wanna prevent that user put a url from Site2 in browser and see a Site2 page.
We have two different websites that run two seperate web sites (a backend and a front end) for our peice of software. The way we do our authentication is to put the user id into the session when the user logs in, all the pages on the site inherit from one base page if this base page cannot find this value in session it kicks the user out to the login screen.
What we want to be able to do is have a link on the front end after the user logs in and when they click on it it takes them(redirects them) to the back end. However I cannot think about how to do this in a secure and sensible way. I did think of putting the users username and password dynamically generated into the hyperlink that takes them from the front end to the back end. Would this be advisable. It will be clear text but then again we done use ssl in any case just plain forms authentication. I mean I will hash the values anyway but still be sending them. I suppose is there a way to share a session across two app domain without too much dificulty?
I've just got a new PC set up with windows 7. I mainly do front-end dev, but have done some classic ASP and .NET too. My 'systems admin' skills aren't too good, so I'm looking for advice as to the best way to set up my sites locally.
I built a new asp.net web app just now in Visual Studio 2010 Express, and by default it created a new project in: C:UsersMyNameDocumentsVisual Studio 2010Projects. I then needed to do some work on an old legacy classic ASP site, so I created a new folder in the same 'Projects' directory and loaded my files in there. I then went in to IIS to create this site so I can preview it locally but when I locate the content directory and click 'Test settings...' I get the following authentication error:
"The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain><computer_name>$ has Read access to the physical path. Then test these settings again." Which I don't really understand how to resolve.
I am wondering what the best method is. E.g.
<script type="text/javascript" src="<%= GetBaseURL() %>Scripts/jquery-1.4.1.min.js"></script>
renders
<script type="text/javascript" src="http://www.mywebsite.com/Scripts/jquery-1.4.1.min.js"></script>
Is there any danger or performance hit doing it this way?
I created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
Can we upload a file automatically in websites? I mean,I have a website where a default log folder is there and I will to upload automatically the log file present in the folder.
View 2 RepliesI have a new server(windows server 2008) and Installed ASP.NET and IIS(7.5) successfully.
After that I create a virtual directory of my web site.
when I ran the site following error message comes on the screen
I searched internet and find that there should be a user ASPNET added the user list, I searched that but didn't find, and try to locate but it has no such user.
I send programatically a request to remote server:
string xml = "SomeXML Data";
string url = @"http://someserver.com";
WebRequest request = WebRequest.Create(url);
request.Method = "Post";
request.ContentType = "text/xml";
//The encoding might have to be chaged based on requirement
UTF8Encoding encoder = new UTF8Encoding();
byte[] data = encoder.GetBytes(xml); //postbody is plain string of xml
request.ContentLength = data.Length;
Stream reqStream = request.GetRequestStream();
reqStream.Write(data, 0, data.Length);
reqStream.Close();
System.Net.WebResponse response = request.GetResponse();
System.IO.StreamReader reader = new System.IO.StreamReader(response.GetResponseStream());
string str = reader.ReadToEnd();
but this code throws error:
The remote server returned an error: (401) Unauthorized.
I know user/pass to authorize when IE ask me.
I need my users are redirected to AuthError.aspx page ("You don't have the access to this page") in the case when they are authenticated but try to access the page that they cannot access (because of the role for exam). If I set up web.config so:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
this is the system's wrong behaviour because an user is already authenticated and there is no need to redirect him or her to this page. But if I write here AuthError.aspx instead Login.aspx how could I redirect not-yet-authenticated user to the login page?
This is part of my web.config
<location path="Secure">
<system.web>
<authorization>
<allow users="SecureUsers" />
</authorization>
</system.web>
</location>
I want to be able to search for path of Secure and find out the user role that is specified. My input is the path, such as "Secure" and the value I'm trying to retrieve is "SecureUsers".
I have a page that I want only anonymous users to see, and authenticated users to be redirected. So, like this:
<location path="Login_ForgotUserID.aspx">
<system.web>
<authorization>
<allow users="?" />
<deny users="*" />
[code]...
how to do the following code snippet i posted below in web method?
[Code]....
I'm an New Coder(Just started.) But my problem = I cant connect ASP.NET to this: [URL] I have already added HWID in my program now i want to add: AUTHORIZED OR UNAUTHORIZED to my program in an textbox
View 3 RepliesBy default ASP.NET MVC setups up the AccountController to use the SqlMembershipProvider, SqlProfileProvider and the SqlRoleProvider. I don't really need everything that brings to the table, in fact, it is more of a hassle to shape my data into that model.What is the minimum I need to implement on the MembershipProvider, RoleProvider and ProfileProvider abstract classes to get authentication and authorization and not break some other dependency that might be there?
View 3 Replies