I have a website with the below structure for saving product images:
~/fileserver/{user_id}/{file_id}.{file_extension}
I want to restrict access to each {user_id} folder and let only the specific user to retrieve that image. How this can be done? Do I have to set something in IIS?
I wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
I just got a windows vps setup at a hosting company and about to install a big web application that is a store front. Do I need to set any of the folders as virtual directories? I'm so confused on all of this. Do I just copy the folders and files over and thats it? It has Plesk to use for the control panel. I know I have to set the directories to run as application but is there anything else?
View 1 RepliesI have load balanced web servers My application has a function that allows the user to upload their company logo to display in the application header obviously, when they upload the logo image file, it needs to be in a central location or otherwise, the file will not be accessible to the other server on the load balancer. in order to be able to upload the image through the application other one of either servers and then display it on both servers I need a virtual directory on both servers that point to a third "file server" (this is the "AcctData" directory shown below with a sub folder "images")
If I use pass-through authentication I get a 401 error. If I use a specific user that's set up on both boxes, I get a 500 error. I've also tried sticking a Web.config file in the "AcctData" directory allowing anonymous access.
i have two solutions, 1. user management and 2. travel management. i publish the user management solution to [URL] and i publish the travel management to [URL] here i face the problem. the default home page would be [URL], its a windows authentication in page load, i capture the username, pass it to procedure which will fetch me his credentials on access. i store these in a session.
in the home page i have link to navigate to travel page, when i try to access the sessions in travel page, its empty. i tried printing the session id in both user management and travel, both are same but the sessions created in user management are empty in travel. what would be problem here and how can i resolve this.
Often, out of sheer desperation I will end up enabling "Everyone" access on a folder that a web app is accessing (perhaps for file creation, reading, etc) because I can't figure which user account to enable access on.
Obviously, this is a very bad thing to do. Is there a way to determine what account IIS is using at that exact moment to access folders (and perhaps other resources like SQL Server, etc)?
Are there logs I can look at that will tell me? Or perhaps some other way? I usually use Windows Auth without impersonation. Not sure if that information is relevant.
I want to authorize the asp.net account to access some folders in my project.
However, I get this error::
System.UnauthorizedAccessException: Access to the path 'D:ProgramingPartFromYamnWebExerciseWebExerciseAccordionImgs' is denied.
I am using win 7 so what is the name of the asp.net account that I should use?
I'm using VS2010 and need to give my remote server asp .net account (IUSR_istereos) access to my local intpub folder
how do I do that?
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
View 2 RepliesDo I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
View 7 RepliesI've got an ASP.NET website, and its connecting to a database I've created on SQL Server 2k8 and I'm using windows integrated security on my connection string between asp.net and SQL Server. What account should I give permissions to my database inside SQL Server? Should I give NT AUTHORITYNETWORK SERVICE permission to my database? Right now, I right clicked the network service account, and went to properties, and then I checked my database under "users mapped to this login:" and then in the "database role membership for" diaglogue I then selected public and db_owner. Is that right?
View 1 RepliesListing folders in folders then creating arrays in JS for each of the folders?
Directory Structure:
I have a directory structure as follows;
ad_folder
--folderA
--folderB
--folderC
--anotherFolder
--etcfolder
--afile.aspx
--anotherfile.gif
ad_code
--folderA
--folderB
--afile.aspx
--anotherfile.gif
ad_prep
--folderA
--etcfolder
--afile.aspx
--anotherfile.gif
ad_bin
--etcfolder
--afile.aspx
--anotherfile.gif
other Folder
files folder
assetsfolder
index.aspx
web.config
image.gif
Task at hand:
I want code in VB.NET to create javascript arrays of the folder contents that can then be used on the client end. I only need arrays for all folders contained in folders starting with ad_ and an array for all the base folders . like so:
var folders=["ad_folder","ad_code","ad_prep","ad_bin"];
var ad_folder=["folderA","folderB","folderC","anotherFolder","etcfolder"];
var ad_code=["folderA","folderB"];
var ad_prep=["folderA","etcfolder"];
var ad_bin=["etcfolder"];
note that I do not know the number of or the names of the folders, they can be different in different cases, I only have the root path.
[code]...
Can I use LINQ to SQL and have a user log in, and with that login be restricted to certain parts of the database.. basically having access to information located under their particular customer ID number.... how would I get the 'session' to follow them throughout the website without having to login each time the database is tapped for info...?
View 1 RepliesI am using ASP.NET MVC 3. We assign roles to certain people at work, then we use Windows authentication to determine what roles a user has. Lets say the roles are RoleA, RoleB and RoleC. So now I get a list of roles for a user. Lets says that UserA belongs to RoleA and RoleB. Some of my views need to be authenticated as not everyone can view certain views. Lets say that ViewA can only be viewed by users that belong to roles RoleA and RoleB. How would I do this? What would I need to look into? When a user that does not belong to these roles tries to access the views then he/she should be redirected to an error page.
View 1 Repliesi am able to deploy the SRS Reports locally without any issue. but the probelm when i try to access in the website its gives the error as "The permissions granted to user 'XXXASPNET' are insufficient for performing this operation. (rsAccessDenied)"So Please any one of you let me know what needs to be done in the configuration setting for the problem to get resolved.
View 1 RepliesWhat's the best technique to hide part of a view depending of the credentials of the user?
To explain my self little better and as example i have the following code in my view:
<%= this.Model.Name %> <%=Html.ActionLink("Edit",....)%>
And i would like to hide the edit button for those that aren't administrators for instance...
Could you give me a hand?
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
View 6 RepliesI have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
This is web.confg code:
<?xml version="1.0"?>
I have an asp.net app that allows users to create personal pages which can be publicly accessed thru a "directory" page. The content of the pages is stored in sql server, so a given user's page is dynamically created thru the code that executes when the relevant link on the directory page is clicked.
I would like to take this a step further by allowing access to a given user's page directly thru the browser's address bar, something likewww.thegreatestsite.com/jim (pretty much like You Tube, Facebook, etc.).
I could achieve this by manually creating a folder under the root, called "jim" and put a default.aspx page in it which has the code in it's load event that would dynamically create jim's page.
However, I would like this "additional feature" to be created automatically, as part of the sign up process of the user.
I have no clue as to what would be the best approach. For all I know there might even be a standardized way to ado this in asp.net?
In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.
The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).
I want to check if a user in User table is found either in UserName Column or in FriendUserName Column in UserFollow table and if yes display lable found, But if no display lable notfound. This code will be excuted onse a user logs in the connection code
protected void Page_Load(object sender, EventArgs e)
{
if (Session["UserName"] != null && Session["UserName"].ToString() != string.Empty)
{
string userName = Session["UserName"].ToString();
if (!this.IsPostBack)
[code]...
I'm using asp.net membership provider. and I need to block user account in case if the user post spam. How can I accomplish it using build in features of the Membership Provider.Can I use IsLockedOut? If so how can i update it programmatically?
View 2 RepliesIs it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
View 4 Repliesi have almost 2500 peoples details i want enter it to the database from background using one exel sheet .but when i enter all the details i want to set the password for each user in the database (must be unique)
View 2 RepliesI have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 5 Replies