Grant Access To Controllers / Views For Non-authenticated Users?
Feb 3, 2011
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
View 2 Replies
Similar Messages:
Aug 18, 2010
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
View 2 Replies
Feb 12, 2011
Consider the following scenario: Page written in classic ASP or PHP, which is rendering a data report (series of HTML tables for simplicity). There is one main database query and then multiple sub queries as the page renders. The report is split into sub panels, which correlate to a sub query. Therefore:
Main database query. Loop over result. For each row, execute sub query and render report panel. How would you architect a similar report using the MVC pattern? This can be split into two parts: Efficiency at database level of multiple queries, which are dependent on values from an outer query. If all data was processed and prepared in the controller, would this also be deemed inefficient if looping within the controller and then again in a view to render. Could sub controllers be used or sub panels, which encapsulate smaller sections of logic i.e. loading data and rendering report panel.
View 2 Replies
Apr 19, 2010
Basically what the title says. I created a new MVC application. I'm trying to add new pages to the site, but anytime I do I get the following error:Server Error in '/' Application.The resource cannot be found.Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
namespace MyAppMVC.Controllers
{
public class ProductsController : Controlle{
public ActionResult Index()
[code]...
View 3 Replies
Jan 20, 2010
For applications that need to have fastly different view layers, and I would like to still use the idea of the controller. I would ideally like to but the controllers in a Class Lib. and then have only the Views in a MVC Web Application. Taking the model out in this way works well, but I can't find a nice way to split the views and controllers.
View 7 Replies
Jan 7, 2010
I am new to MVC. my question is when we add a view to the controller event by doing the right click and add view.then we give a view name and click on add button. where is this information stored that which view is linked to which view?
View 2 Replies
Apr 14, 2010
I'm building a CMS type of application in MVC. I want to reuse my views and controllers for adding/managing content in at least two other MVC sites. Obviously I dont want more than one code base for the CMS stuff. I figured out a way to do so:
Controllers:
Controllers are easy. Nothing more than creating a new Class Library Project and adding your controllers. Be sure to reference System.Web.MVC. In your MVC project just reference your controller assembly.
Views:
Views are a bit trickier. My solution was to add the folder structure to my assembly
CMSViews
CMSViewsWhatever
Then start adding my view pages. For each page, you have to set the 'Copy to Output Directory' to 'Copy Always' (right click -> properties)
Then I created a new class which inherits from 'WebFormViewEngine'. In the constructor I call the base() and then I add paths to the base.MasterLocationFormats and base.ViewLocationFormats to specify the new locations to look for views.
[Code]....
Setup in MVC project:
To get the controllers and views to work from the assemblies, you have to add two lines of code in the global.asax. Under the RegisterRoutes() method, add
ControllerBuilder.Current.DefaultNamespaces.Add("YourAssemblyNamespace.Controllers");
then under the Application_Start() method add:
ViewEngines.Engines.Add(new YourAssemblyNamespace.MyViewEngine());
What I dont like is that the Views get put into the Bin directory when published and you have to make sure to set the Ouput to Copy Always which is going to be a PITA for larger projects with lots of views.
View 1 Replies
Feb 11, 2011
We're throwing together a quick project (CRUD forms) and decided to skip view models and use EF entities directly in controllers and views. Since I'm not used to this approach, I'm confused about handling validation.
For example: a DB field has a length of 25. How does that get transferred (if it can) to a validation constraint in my view? If i was using an intermediate model, I would attach attributes to the model properties and it would work. How would I do this using EF objects directly?
View 3 Replies
Jan 15, 2011
I have a subdirectory in Controllers named Admin, which contains several controllers.
Is there a way to change the route so that I can put all the views in "/Admin" for every controller in the Admin directory? Or do I need to map a route for every single controller?
View 1 Replies
Jan 20, 2010
We have a legacy ASP.NET webforms application that we're engaged in stabilising and removing technical debt from. Is it possible to take a hybrid approach - ie, can ASP.NET MVC coexist with webforms within the same web-project? Are there any gotchas for that? If it is possible, I assume one just has to initialise the routes table, register the ASP.NET MVC handlers,
View 1 Replies
Mar 16, 2011
I would like to ask a plain and simple question about the Model-View-Controller architecture - should the UML Class diagram for my application include all the controllers and views and their relationships, or should it just include my model classes, i.e. the entities that are the heart of the application, you know - like in an ordinary application - i.e. User, Administrator, Student, Teacher, Course, Grade etc...?
View 1 Replies
Jun 28, 2010
I have wav/mp3 files that I want to grant access to only users after signing into my webapp. I have the user credentials being checked through a mySQL db. I do not want the files to be able to be accessed by url. I have found that adding the mime type to the web.config section at
[Code]....
will disallow access to the files by url, but how can I allow access programmically to the files after signing in?? Currently using godaddy hosting.
View 5 Replies
Apr 22, 2010
I need to allow my asp.net application to read and write from and to a folder.
View 2 Replies
Jun 9, 2010
I have a web app that uses AD to authenticate the user which works great. But i received a request where a user that is outside of the Ad needs access to the application.
Is there a way to add this user manually (Maybe in web.config) to allow them to access the application?
View 1 Replies
Feb 12, 2010
I'm setting up a new web forms app and want to use ASP.NET membership. All my users must be authenticated. What is the best way to implement this?I'd love to deny all unauthenticated users in the root folder of the app by setting this in web.config but then where would I put the login folder? I'd like the login folder to be a subfolder of my root folder so that the URL can be www.myapp.com/login/Another idea is not to put the restriction in the web.config but put the logic in Session_Start in global.asax but I really like the idea of controlling who can see what using web.config files.
View 3 Replies
May 21, 2010
I want to grant access to some ressources located on server only for specified web pages, how could I do this?
For example I have an image www.mysite.com/images/image.jpg and something like <img src="www.mysite.com/images/image.jpg" /> should only work on site asp.net.
Is it possible with web.config or maybe with some C# code?
View 4 Replies
Jul 22, 2010
I'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
View 1 Replies
Mar 3, 2011
we want to have a fronend to a custom databasince, since I do have experiance with HTML/CSS and have used VB.NET before, I'm the one that gets to make it.
problem is, the one thing I have not used before is the autentication system in ASP.NET, I want to use single-signon for the system.
and I do have this right now, the only problem I have is how do I check if a user is logged in, and change the page content for autenticated users.
the template does have this:
[Code]....
which does indeed change the login view, problem is, how do I change this to change the pages and menu.this:
[Code]....
has to be a longer menu that also gives options to insert data into the database and/or remove/update the data.
View 3 Replies
Oct 18, 2010
I have a simple user-registration website where I keep records of registered users. I also have an admin page to upload videos, however videos are uploaded to a different server.
I'm using the <video> tag to show the video:
<video width="560" height="340" controls>
<source src="path/to/myvideo.mp4" type="video/mp4";>
</video>`
I want to show this video only to my registered users on my website, since the video is on second server, how can I protect it?
I thought I could build an application and install it on second server, this app will watch whether the requested url is for videos, if so then it'll redirect the user to my login page and here he'll be authenticated and again redirected to the same video url.
View 1 Replies
Feb 19, 2010
Need to get a list of currently loggedn in(authenticated) users from IIS6, and to display them in updatepanel (ajax).
View 1 Replies
Aug 1, 2010
In my ASP.NET MVC project i have following tag in in web.config file
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
This causes even the authenticated users but unauthorized resource requested users to redirect to logon page. but i need only to redirect this page if user try to access unauthorized page and not already authenticated(logged on) and redirect to custom page.
Is there easy way to do this without writing custom action filter?
View 2 Replies
Mar 6, 2011
We have a series of Silverlight apps that use WCF services via SOAP for just about everything. As we migrate to AJAX we've been hoping to expose the same services via JSONP with little more than config changes on the server.Although the message "Cross domain javascript callback is not supported in authenticated services" seems pretty explicit, I'm hoping there might be a way to allow it. We have a need to expose user-centric data across domains, but we'll need to roll our own JSONP to make it happen if this is a hard "unsupported". It would be even better if there was a way for the server to validate the referrer against the client access policy we provide for Silverlight clients, but for now we just need the general requests to not fail if the user happens to have an auth cookie for our domain from a previous visit.f there's no way to allow this to just work, we're also considering the option of channeling the requests through an IFRAME, but we're definitely open to other recommendations.
View 2 Replies
Mar 26, 2011
I am using the membership provider and am reasonably comfortable that all of my web pages are safe.Some of the pages contain hyperlinks to documents (pdf, xls, etc.) stored in a folder under the root of the web site. I have disabled the ability of users to anonymously list folder contents, but I don't see a way to keep anonymous users from accessing the documents if they know the specific URL for that document. Example; if the document contains a spreadsheet of current sales, I don't want an ex-employee (who captured the URL while working here) to be able to bring up the current document.asswording the documents isn't a good choice because there are hundreds and we'd like to avoid changing them all every time someone leaves, or weekly, or whenever...Is there a way to restrict access to all contents of a web folder to people who have been authenticated?
View 4 Replies
Jun 3, 2010
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
And web.sitemap:
[Code]....
View 8 Replies
Apr 29, 2010
Here is what i would like to be able to do with the urls/routes:
1) www.domain.com/customer/home/index
2) www.domain.com/home/index
Where both the home controllers should be seperate controllers with seperate views and the company part should be an param for all the actions in the controllers.Now why i want to be able to do this is because of the following scenario: Each customer will have there own pages (which actually will all be the same for each customer but with different information per customer). The one without the customer is the general website where non customers can go to to become an customer or get information about the services we provide for them, they can sign up etc.
View 5 Replies
