VS 2010 - Page Access Security
Aug 16, 2012
I have a website with many pages and many level of user accounts, i want to give a limited access for each roles... So i was thinking of doing it this way, but I'm not sure if it's secure or if there are better ways to do it.
I will create a DB with two columns, user level (admin..) and page file name (test.aspx), and each time a page is opened it checks the db against the logged in user and the current page url.
View 1 Replies
Similar Messages:
Mar 9, 2011
I am biginner regarding Database in vb.net I have a ms access as db
Field names as follows.. Uname and UPassword, the table is named as accdb and saved as useracc.mdb in 2k3 format... While in my vb.net my main page form has the followings
2 label boxes for Name and Password 2 text boxes namely loginid.text and loginpass.text A button named Login Here are the codes that i am working on
[Code]....
View 14 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Jan 22, 2011
I have a site where users are denied access to the site using the config file and the authorization and authentication tags.
The users should not have access to the pages within the site _except_ one page, where they are able to create their account
Can I allow access to only this page for all users?
View 2 Replies
Oct 28, 2010
I created a page containing a drop downlist wich is a list of all users and a gridview that shows all the dates that the user selected had connected (user,12/03/2009,email) the default membership generated by ASP.NET has just a lastlogindate so i insert manually the date login each time the user conect the code is (in the login page not in the page of acces log)
Protected Sub Login1_Disposed(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.Disposed
View 8 Replies
Jan 29, 2011
I'm trying to restrict access to one page on my website. However, the code I'm using doesn't seem to work for this purpose. I can get the code to work by removing the following out of the web.config.
<authorization>
<deny users="?" />
</authorization>
This works fine by preventing access to the page unless a password is entered. However, I've realised that if I type the page name into the browser this will by-pass the login page and allow access to the page I want to lock down.
[Code]....
View 1 Replies
Dec 25, 2010
I have a Table In DataBase Role.
Which Contain the Role
1. SuberAdmin
2. Admin
3. Coordinator
4. Agency
5. Agent
Which have the different- different Access of pages so now how i give the seetings in Web to access the page according to role.
View 8 Replies
Apr 21, 2010
I have a folder called <mysite>/Pages. This folder is PUBLICIn this folder I have a aspx page called : MySecure.aspx I have on the default.aspx page a hyperlink to the "~/Pages/MySecure.aspx page".I want to limit access to the MySecure page to only those in a Admin role (so no members no guests or www users can see it. I dont want to move MySecure.aspx into a secure folder.This is what I did in the wedconfig
<location path="Pages/MySecure.aspx">
<system.web>
<authorization>
[code]...
View 5 Replies
Nov 25, 2010
I have created a new asp.net website ( 3 pages of c# ) I need now to apply security on those pages. each page has a couple of buttons to run specific process . How would I apply security in the following senarios
I have 3 people who have access to all three pages, however, each person has the right to click specific buttons on the pages. What is the best way to apply security.
This is what I thought and need someone to confirm it. I have created a table like this
id
controlName
RoleId
1
btnCreateCustomer
101
[Code]....
View 4 Replies
Feb 7, 2011
I am trying to start a new mobile web application project but cannot find the mobile page template originally available on VS 2005, nor can I get the mobile web controls to display in the toolbox even though I have then all selected in the tool-> select toolbox items why? and what can I do?
View 1 Replies
Nov 23, 2010
I am working on a site that uses windows authentication, but I have one page for password resets that I want to allow anonymous access to.I have tried doing authorization, allow users="*", but it doesn't appear to work with this.Do I need to have another seperate site for this section?
View 2 Replies
Oct 15, 2010
Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
View 1 Replies
Mar 8, 2011
I've developed a web application and I've added some security features. Now i want to create a page for managing users and user access in my web application.Can anyone suggest some tutorial for managing users and access because i'm new to asp.net.
View 1 Replies
Dec 3, 2010
I have a simple online store where there are products that can be put into a cart and purchased. There is a admin page that can be logged into so that new products can be added or existing products can be removed or edited. To get to the admin area I need to put a /admin/index after the main page loads up. If I want to give my friends (from any location) the ability to add new products should I create a link to the admin area on the main page (like at the bottom) of the main page or should I just tell them to type in /admin/index after they go to the webpage?
View 3 Replies
Feb 15, 2011
I have a web app developed using role & membership provider...
this is my web.config file
<authentication mode="Forms">
<forms loginUrl="Forms/LogIn.aspx" name=".ASPXFORMSAUTH" defaultUrl="Forms/main.aspx" timeout="30"></forms>
</authentication>[code]....
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
View 1 Replies
Nov 11, 2010
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 Replies
Apr 1, 2010
I have a summary page that has an Add New Record button, andEdit Record butto and a Delete Record button.Every user has ReadOnly access.However, only users with administrators Access Level can add, edit, delete, view.Users with Staffers Access Level can only Add records but cannot delete or edit.So, basically, 2 access Levels, Administrators, Staffers.Administrators can view, add, delete, update records.The rest, Staffers, can only view and Add records.I am struggling to figure this out.I have done this a ton of times using Classic ASP, something like:
If AccessLevel <> "Administrator" Then
Response.Redirect"login.asp" 'so if user has admin password, s/he ccan log in with that.
End if
[code]...
4 different groups will be using the system, each will be redirected to their own summary page based on their groupNumber.All I just want now is to ensure that a user from a particular group is redirected to his/her summary page, then that user is checked again against AccessLevel (view, edit, delete, update).
View 7 Replies
Oct 5, 2010
I trying dotnetzip on localhost everything works fine.but on a real dotnet hosting it raises error :
Access to the path 'C:inetpubvhostslahblah.comsubdomains
aporhttpdocsDotNetZip-luqevaxu.tmp' is denied.
using (ZipFile zip = new ZipFile(Server.MapPath("~")+"/a.zip"))
{
zip.AddFile(Server.MapPath("~")+"/deneme.txt");
zip.Save();
}
View 1 Replies
Aug 18, 2010
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
View 2 Replies
Jan 20, 2011
I'm planning to make a page that has about 10 different pages for varying use, for example, stats, data entry, reports, logistics, audit, sales, promo, etc etc. I'm anticipating there will be many combinations as to what pages a user may have access to, for each page, a user ought to be authorized to either enter new data, edit data, print and/or just view.
My questions are :
1. can membership & roles be used, once user is logged in, to display links to all the areas of the web app he is allowed access to?
[code]....
2. besides having access to a particular page, a user should, as mentioned before, be authorized to either enter new, edit, print and/or just view data.
3. Is there a preferred/better method to handle this besides using membership & roles?
View 3 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Feb 17, 2010
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
View 3 Replies
Dec 5, 2011
I enhanced an existing page in my website and it is doing double duty. But currently it is displaying as "Recruitmen Admin" because of this HTML.
Code:
<div id="title1" class="title">
<h2>Recruitment Admin</h2><h3>Â </h3>
</div>
It is not always Recruitment Admin. Sometimes it is Co-sponsored Admin. I know which is which from a query string.How do I access that text to change it accordingly?
View 9 Replies
Mar 21, 2011
I´m learning how to use a web service with flash.
Now I need to connect the web service to my db.
This is what I tried:
Code:
Public Function HelloWorld() As String
Dim orgcon As New OLEDBConnection("Provider=Microsoft.jet.oledb.4.0;data source=c:dataDB.MDB")
Dim OrgDA As New OleDbDataAdapter("select * from organization order by orgname", orgcon)
Dim Orgds As New System.Data.DataSet
OrgDA.Fill(Orgds, "Organization")
Dim hwstring As String
hwstring = orgds.tables(0).rows(0).item(3).tostring
Return hwstring
End Function
The flash just gives me an error that there was an error opening the web service. For some reason I can´t debug it in vwd.
View 7 Replies