Denying Direct Access To A Webpage?
Mar 11, 2010I have a webpage errors.aspx that needs to be protected from direct access. I want it to be accessed only when redirected to by another web page.
View 3 RepliesI have a webpage errors.aspx that needs to be protected from direct access. I want it to be accessed only when redirected to by another web page.
View 3 RepliesI need to restrict access to pages based on permission given to roles based user .Roles created dynamically so that i can't restrict thru the WEB config file .i am using the custom sitemap so menu is showns correctly based on roles , but if we enter direct url in address bar we can access that page although its not permitted for the user .is there any other way to redirect to common access restrict page .
View 3 RepliesI am an experienced developer but I am new to web application development. Now I am in charge of developing a new web application and I could really use some input from experienced web developers out there.
I'd like to understand exactly what experienced web developers do in the code-behind pages. At first I thought it was best to have a rule that all the database access and business logic should be performed in classes external to the code-behind pages. My thought was that only logic necessary for the web form would be performed in the code-behind. I still think that all the business logic should be performed in other classes but I'm beginning to think it would be alright if the code-behind had access to the database to query it directly rather than having to call other classes to receive a dataset or collection back.
I'm trying to deny access to all xml files using a httpHandler in web.config.
Code:
<add verb="*" path="*.xml" type="System.Web.HttpForbiddenHandler" />
I've got that inside the <httpHandlers> section in <system.web> but it doesn't seem to do anything to stop me accessing .xml files via a web browser. What am I doing wrong?
1. How do i limit access to admin directory to only admin roles ?I logged in with a user whose role is Customer and went to the url of mysite.com/admin/ and it shows be the directory listing for that directory.
2. Have I implemented the roles/web.config correctly ?
[Code]....
I have a ASP.NET page called admin.aspx that needs to be protected from direct access.
I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008,how to do it.
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 RepliesHere is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.
It loads the Mp3's in by javascript...example below:
AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });
This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.
Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.
I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.
My ASP.NET application logs transactions (both inside AND outside of databases), and therefore needs read/write access to text files within various directories within the root of the website - in ADDITION to the normal database access.
In this scenario, how can I safely allow my ASP.NET application to write data to the web folders? I have a thread-safe DLL that performs the actual work, so I don't believe I need to worry about multiple sessions writing to the log files at the exact same time - assuming my DLL will only be running in a single instance/process that will be shared between numerous ASP.NET instances/processes/threads.
But I'm more concerned about file access permissions. I've heard that ASP.NET applications generally aren't allowed access to the webserver's local file system, and that this may even restrict my DLL from getting the correct file access. Can I grant my application file-access to the web-driectories?
Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
I have a web app developed using role & membership provider...
this is my web.config file
<authentication mode="Forms">
<forms loginUrl="Forms/LogIn.aspx" name=".ASPXFORMSAUTH" defaultUrl="Forms/main.aspx" timeout="30"></forms>
</authentication>[code]....
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 RepliesI am using IIS7's URLRewrite feature to hide the .aspx extension in my ASP.NET WebForms application's URLs.
I'm using the following configuration:
[code]....
I can now browse to:
[URL]
and this is rewritten to:
[URL]
This preserves the "pretty" url in the browser address bar. I have also updated all my links on the site to use the extensionless URLs.
The problem is that the underlying .aspx pages can still be accessed directly and I'd like to prevent this.
If a user browses to [URL] I'd like it to either redirect/rewrite to [URL], or at the very least just return a "Page not found".
Update:
I managed to get this working by redirecting all .aspx pages to the home directory. This isn't ideal as I'd prefer to send them to the non-.aspx version, but it will do for now.
<rule name="Block .aspx" stopProcessing="true">
<match url=".aspx" />
<action type="Redirect" url="/" />
</rule>`
How do I rewrite and redirect URLs that directly address .aspx pages to my friendly URL format?
Denying all users to a page?
View 3 RepliesI have the followingh scenario where I have a radgrid and inside it, I have a template column containing a check box:
[code]....
However, I only really want the user to be able to select one checkbox at a time.
Therefore, how to I go about ensuring that the any previous 'checks' are removed or stopping multiple checking altogether?
In my web.config file, I have an authorization section that is supposed to deny all users EXCEPT for those included in the group specified. However, my login form doesn't allow these users to proceed to the next page - the login form just reappears as if the user has been denied. Code:
[Code]....
I have a user named 'test' that is in the Student Council group. I've tried 'allow users' and 'allow roles' with no success. I've also confirmed that the user is able to log into any workstation in my domain.
I've a problem with my web application. I hosted a web site in IIS and initially its working good. After sometime ( i dont know the time diff exactly ), if i try to access my page its not working and after re-starting my application only its working. Let me explain about my project.
I've only 4 pages ( ex: main, a1,b1,c1 ) in my site. In main page i used IFrame to show other 3 pages by clicking the appropriate tab. Before this main page load, i'm connecting to DB (Oracle 10g) and i used "System.Data.OracleClient" class to communicate with oracle. Every time after retrieved data from DB i'll close the connection. Then i'll display the main page and assign other page url's to the tab.
Now the problem is after sometime if i access the main page, its not connecting to DB at all then i'll show some static message like "site is unavailable at this time". And i'm not using connection pooling concept. And also this problem is not occurring all time.
I am working with a client who wants to make his current MS Access 2007 Reports available on demand in his web site. Currently, as I understand it, the managers of the company are being required to actually load MS Access and the active database to run the reports which exposes all of the data and linked tables to people who have no reason to modify them. So my client just wants them to be able to log into the admin section of the company website and request a report which he has already built in Access. I am trying to figure out how to get those reports to an ASP.NET application for the website to consume.
I have already spent a day looking at the Microsoft.Office.Interop library, and I don't think that that will cut it because I can actually get the HTML for the Report directly out of the application. All I can find is an option to save it to the hard disk which is inelegant and could easily cause problems with filename changes when I try to then load the document from ASP.
What I would like to see is a solution by which I can load the mdb or accdb file into the ASP application, access the Reports as a container and select the one I want by name, and then run it and collect the output in HTML to then simply echo to the webpage. Is there anything out there that can:
// Psuedo-code
Dim AccessFile As MSAccessFileOperator
Dim Reports As List(Of MSAccess.Reports)
Dim htmlResult As String
AccessFile = New MSAccessFileOperator("myDatabase.accdb")
Reports = AccessFile.Reports
htmlResult = Reports("MyReportName").toHTML
I haven't found such a method yet, and I am okay with the idea that maybe it isn't possible to do it that easily, but, at the end of the day, I need the HTML result of the Report to exist in memory as a String.
Is it possible to configure web.config to authorize a page to be only read locally (similar in concept to the RemoteOnly feature for error messages).
View 1 RepliesIs it possible, and if so how do you access the webpage from the webhandlers?
Basically, when i button is clicked i kick off some JavaScript, which then kicks off a C# webhandler which return data from the server. What i would like to do then is rather than feed it back to the JavaScript, id like to add a GridView directly to the webpage from the webhandler.
Equally, within the handler it would be incredible useful to be able to read values of dropdowns etc from the webpage.
I have an Access db on webserver. In my ASP webpage I need to return the sum of rows which match criteria.
I am not sure where the sum needs to happen. I tried sum in the sql statement, but got an error when it tried to put it in asp page.this is what I have
strSQL = "Select * from tblApplicantCreditors where ApplicantID = '" & strApplicantID & "'"
Trying to figure out how to programmatically access the web pages in the application. Just something simple like a list of them would be awesome. I know I can create a list but I was wondering if there was something that could 'look' at the pages and add a new one to the list if you make a new page for the application.
Example with 7 pages:
Error
Default
Login
Content
Users
ContactUs
Admin
I am half awake so I may be a little unclear. Maybe puting it all in a single question will be easier.
How do you autogenerate a list of all webpages in your current application?
I'm building a website that just allow each person in my office to access the page from their own PC placed at the office only. It looks like I need to identify a client from within the codes on the ASP.net web server. How can I do this?
View 2 Replieson my vistual studio 2010 I can see my project by [URL]
but I can access my project on either localhost or Ip address without the port number , how can I access the web page without the port number?