We have a web site in the domain, let's name: http://website.com. It is necessary to implement same look-and-feel on another web site (https://custom.website.com). As we can see, the 2nd is in the sub-domain of the 1st one, but it is secured (it uses https).To achieve same look-and-feel same DLLs are used in both web sites. These DLLs contain functionality for menus, JavaScripts, etc). But the 2nd web-site uses images and some css files from the 1st one. For example, in order to display "Logo.png" instead of usual "~/Images/Logo.png" the following path to file is rendered into HTML: "http://website.com/Images/Logo.png"
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
i have to build a small webapp for a company to maintain their business data... Only those within the company will be using it, but we are planning to host it in public domain, so that the employees can connect to app from various locations. (Till now I have built web apps that are hosted internally only)
I'm wondering whether I need to use a secured connection (https) or just the forms authentication is enough.
What should I do to prepare my website for https. (Do I need to alter the code / Config) Is SSL and https one and the same... Do I need to apply with someone to get some license or something. Do I need to make all my pages secured or only the login page...
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. Am I missing something important? It seems like it could be a really big security issue.
UPDATE.This blog post, enter link description here, says:[When] you opt in for the UserName client credential type, WCF insists that your service must also reference a service certificate that contains a private key.
I am going to host my service in IIS and plan to use SSL certificate in the web site for encrypting communication. Can I make WCF not insist that I reference a service certificate?
My restricted files are all stored in ~/Secured folder on the root. Authorized users have no trouble accessing aspx files in that folder. Recently I added a part of an application whose files I wanted to keep separate and created a ~/Secured/HR folder. I am getting a "resource not found" error trying to use any aspx file in HR folder even after user successfully logs in, as if the file does not exist at all. Here is my web.config security settings:
[Code]....
Do I need to configure security for that folder separately?
I have a master page and its been working but I introduced roles and created a roll that so only admin's have rights to the admin folder. I then created a page using the master page in the admin folder I have my content there. All is well. However the links now that came from the masters static content isn't working. like HOME, LOGIN, ABOUTthey now try to go to /ADMIN/home.aspx inside the master i have /home.aspxWhats the trick here to get the master links to stay at the root or there orginal location after I click on the secured page.
I have an asp.net site. It has an order form which is accessible at https://secure.example.com/order.aspx. The links on the site do not include the domain name. So for example the home page is 'default.aspx'.The issue is that if I click on a link like the home page from the secure page, the url becomes https://secure.example.com/default.aspx instead of http://www.example.com/default.aspx.What's a good way to handle this? The scheme should automatically work using any domain name based on where it's launched from. So if the site is launched from 'localhost', moving away from the secured page, the url's should be http://localhost/...
I have a WCF service returning JSON to jQuery ajax calls and presenting the results on an ASPX page. When the page is NOT under SSL, the ajax calls work perfectly. When the page IS under SSL, the calls fail. I understand that this behavior must be due to the Same Origin Policy (SOP).
So, how do I setup my WCF service to accept calls from an SSL-secured page? Does the WCF service also need to be secured? If so, how do I do this?
i have create web application for school management system...bt when i run my webside...(my welcome page is defaul.aspx bt if i want to acces studentdetail.aspx then i only enter url and i get studentdetail.aspx)
I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the asp.net page or java script to access this secured folder with username and password without pop up the login form. find the method for asp.net page accessing the secured folder automatically.
I'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<% Response.Buffer = True If (Request.ServerVariables("HTTPS") = "off") Then sQ = Request.ServerVariables("QUERY_STRING") sURL = "https" & Right(sQ, (Len(sQ)-8)) sURL = Replace(sURL, ":80", "") Response.redirect(sURL) End if %>
How do I protect a webservice if it is called from ajax ?
Update: I realize that my question didn't reflect what I intended to ask. I don't want user to be able to do the request by pointing to it with its webbrowser but only in the context of my app.
I've got an asp.net application (written in vb.net). I have a results page that spits out some calculations. Ineed to write out that output to MS Word. The catch is, this happens within a folder that is secured (only users that are logged in can generate the word document).
Here's what I'm using to gen the document. This works ok when running it locally, but not when loaded to GoDaddy hosting.
[Code]....
My code seems works fine locally. However, after loading it to GoDaddy it only works on a non-secured (not subject to ASP Membership), but when trying to use it in a secured folder the page clocks and eventually closes out.
I have a requirement where I have to transfer a user from Web Site 1 on Server A to web Site 2 on Server B.
On Web Site 1, I have to provide controls to enter user id and password and which have to be validated on Web Site 2 on server B, after validating them I have to redirect the user to Web site 2.
what is best way fo doing it. code examples are greatly appreciated.
Note: On Web Site 2, user login functionality is already existing and it is provided by ASP.Net login control, am not sure how to handle the user login process from two different places.
or is it the best way to move Web Site 2 from Server B to Server A so that, the same login controls will be shown using Iframe on Web Site A.
