This is part of my web.config
<location path="Secure">
<system.web>
<authorization>
<allow users="SecureUsers" />
</authorization>
</system.web>
</location>
I want to be able to search for path of Secure and find out the user role that is specified. My input is the path, such as "Secure" and the value I'm trying to retrieve is "SecureUsers".
I wanted to impose specific timeout interval and request length on some specific pages that uploads documents of size up to 50MB. Hence I did the following config changes after going through some sites.
<location path="Upload.aspx" >
<httpRuntime maxRequestLength="51200"/>
<httpRuntime executionTimeout="36000"/>
</location>
I keep getting error when I run the application. I tried various other ways like giving the complete path like <sitename>/<applicationname>/<v.folder name>/<filename>.I tried this on both IIS 6.0 and IIS 7.0.
In my ASP.NET's Web Config file I have the following location elements defined:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2. I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Is there any way of doing something like this?
<location path="/(view|edit)post.aspx?id=[7-9][0-9]+">
<system.web>
<authorization>
<allow roles="AdminPublishers"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Authorization is just an example. I would like to be able to do other things with those locations.
I want to delete location path using parameter textbox and allow user ..
example :
location path = textbox1
allow user = textbox2
explanation : i enter name of location path in the texbox1 and allow user in the texbox2, when i click button delete then location path based on parameter textbox1 and textbox2 in web config will be remove..
this below my web config
<location path="3pm.aspx">
<system.web>
<authorization>
<allow users="testing1,testing2,tunggal ,usertest" />
[Code] ...
So far this is my code for deleting location path using parameter name of path , yet to parameter allow user ..
protected void DeleteLocationPath(object sender, EventArgs e)
{
string path = Server.MapPath("~/Web.Config");
XmlDocument xDoc = new XmlDocument();
xDoc.Load(path);
[Code] .....
I need my users are redirected to AuthError.aspx page ("You don't have the access to this page") in the case when they are authenticated but try to access the page that they cannot access (because of the role for exam). If I set up web.config so:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
this is the system's wrong behaviour because an user is already authenticated and there is no need to redirect him or her to this page. But if I write here AuthError.aspx instead Login.aspx how could I redirect not-yet-authenticated user to the login page?
I am trying to give access to a button for only authorized users. These users are all apart of the domain's administrative users. The button should only appear to these users. Other users will not be able to see or access the button. how I could make my web application query for authorized users for certain features in the web app?
View 5 RepliesI have written a web application. All users open The default.aspx initially.
If user goes to auth/Login.aspx page and authorizes, he is redirected to auth/data.aspx
The problem is -
If user closes page and opens again, he is authorized (using cookies) but sees Default.aspx.
But because he is authorized already, is it possible that he is redirected to auth/data.aspx ?
OR
Is is possible to change the link in Master.Page to another for authorized users?
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 Repliesam using Asp.Net C# 2.0. My website is working fine in local. Website contains 2 js files included in master page. It works fine in local environment, but when i publish my website i get "Object expected" error on page load, and thus the js functions are not working in published website. Currently I am writing:
<script src="/javascripts/jquery.hotkeys-0.7.9.js" type="text/javascript"></script>
in the master page.
I need to save the selected File in my this location.My Actual path is this \zdcprojectCCHIS_NCHS_NVSSDEVNDI.When I add actula path its not accepting. I am getting this message 'unrecognized escape sequence'.So I replaced with with '\' . When I am executing its returing this path 'Failed to map the path '/zdc/project/CCHIS_NCHS_NVSS/DEV/NDI/'.How can I save my actula path.
[Code]....
My web.config has following settings :
Code:
<authentication mode="Forms">
<forms loginUrl="SignIn.aspx" >
</forms>
[code]....
and different settings for a folder - "user" inside root.
( same config file )
Code:
<location path="User">
<system.web>
<authorization>
[code]....
but when use the statement
Code:
Server.Transfer("~/user/somepage.aspx")
in code behind , the control goes to somepage.aspx instead of SignIn.aspx.
We have an application that is making use of the location tag in the web.config file at the machine level - meaning like :WindowsMicrosoft.NETFrameworkv2.0...CONFIGweb.config, the one that applies to the whole server - this application has lots of virtual directories under it and for each one there is a <location path="IIS Web App NameCustomerA">...This seems to work ok for that app. But then we have a second app on the same server, and I'd like to add location tags to that app's web.config file - meaning the local web.config file in the app's directory - and have each one of them specify a location tag in a similar way
View 1 Repliesaspnet_regiis.exe -pdf "connectionStrings" c:web.config And this is the error I got. Error - "The configuration for physical path 'C:Web.Config' cannot be opened. And the permissions of that file is not read only.
View 2 RepliesIn my ASP.Net application I'm using URL routing.
The url format is somewhat like: [URL] To allow users to visit the login and recovery page, I've added the following entries to my web.config:
[code]....
Is there a form of notation so that I can skip the en-GB part and replace it with a wildcard? I want the login and recovery page etc. to be available regardless of the culture.
When I add this in my web.config
[Code]....
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
[URL]
Is it possible to have location authorization nodes in a web.config be external?
Such that I could take all of the nodes simlar to
[code]....
And move them outside of the web.config or something simlar? I find these nodes at an extreme amount of noise to a web.config when they're relatively static. Normally my approach would be to config source something like this but since it falls under the root node I'm not sure of it's possible with these nodes.
I'm looking to deploy a web app and I have a simple question about the <location> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:
<location path="AppMyPages">
<system.web>
<authorization>
<allow roles="tester" />
[code]...
Where do I find the machineKey config section for ASP.NET?
I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config.
Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4)
Having read this: [URL]
i was expecting to find something like this, somewhere:
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
/>
Edit: the 1.1 docs seem fairly clear wrt default values: [URL] but the 4 docs are rather ambiguous [URL]
How to specify multiple paths in one location element in web.config:, a
<location path="Images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
We would like to add styles and images to location, e.g. location path="images, styles". Is it possible to put multiple paths in location element (and how)?
Here I trying to open a folder location through my save path in database. I binded a gridview with a hyper link as a template column. In hyperlink's Navigationurl proprty I write this
NavigateUrl = '<%Eval("ProjectPath") %>'
It's working fine with path which doesn't have spaces like D:/Myprojects/Project1. But if this path wud like be D:/Myprojects/Project 1, it doesn't work. how to come over this.
look at the attached web.config? The last part doesn't seem to work although the path is correct. I've tried logging on the site with a use which is in no groups, but it can still access the page...
[Code]....
I have the following authorization settings in my web.config:
[Code]....
This deny's all anonymous access to the application accept the login page. In addition to this I am using authorization within each controller action via a custom authorize attribute.
I have one additional action that I would like to expose publicly in addition to the login page. This action does not have the authorize attribute on it. I have tried to make this view (resetPassword view) public by using the location tag in the web.config file like so:
[Code]....
In the path attribute above I have tried both the view as well as the action path, but it doesnt allow public access to the action.
I have even tried to put this view in a separate folder within the shared folder and put a separate web.config file to make that folder public like so:
[Code]....
None of the above configuration allow me to make this particular action (view) public. Can anyone suggest any other solutions, or what I may be doing wrong in this case?
I have my theme for each folder set in the web.config, but on design I have no access to the css or skins for that page unless I add them in the page directive, then upon rendering in html, the page shows 2 references to the same css file.
So for design purpose do I have to reference the file, then delete the references after I finish designing the page? why does the editor not recognize the web.config and reference the proper theme?