Security - Restrict Access To A Specific URL, Running On IIS7
Jun 10, 2010
I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?
View 3 Replies
Similar Messages:
Nov 1, 2010
I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.
I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.
View 4 Replies
Mar 21, 2011
I'm simply adding to a set of rules on existing rewrite rules for our company website. We have a file that we need to restrict to only our internal IP addresses. The URL is http://oursite.com/internal/index.aspx?u=blahblah and need it restricted to IP ranges 10.1.X.X. I'm adding this and it's not doing anything. Even if I tried to capture all using .* for the pattern, it still ignores it. Is my syntax correct?
<rewrite>
<rules>
...
<rule name="Restrict URL" enabled="true" stopProcessing="true">
[code]...
View 1 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Jan 1, 2010
I am ristrcting access to the Account folder using below:
<location path="Account">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
and access to the Default.aspx using
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
but how do i restrict access to a specific file in the Account folder rather than the entire folder?
I tried the following but did not work
<location path="AccountChangePassword.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
View 1 Replies
Jan 23, 2010
[Code]....
Trying to restrict access to folder but can't?
View 6 Replies
Oct 13, 2010
I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.
[Code]....
View 10 Replies
May 12, 2010
I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
View 2 Replies
Mar 17, 2010
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 Replies
Nov 9, 2010
I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.
View 3 Replies
Mar 5, 2010
I'm moving applications from IIS6 to IIS7.5 (win 7 an win server 2008 r2), when 2 applications (with identity impersonate) try to get a file with response.writefile only from a UNC path i'll get "access denied". In IIS6 and Visual Studio Developer Web Server, same code works. I can save file with FilePath.SaveAs and get name and length with FileInfo, but not download. After 2 days of nightmares I have tried to change
Response.WriteFile(filePath)
to
Response.BinaryWrite(File.ReadAllBytes(filePath))
and now work. My question is: can I have a microsoft developer to sacrificate for my avenge?)
View 2 Replies
Mar 2, 2011
i have a web application which can be accessed via intenet the application is running on iis and configured using a router..i m looking for a good solution where i can give access to only authorized computers rest of the computers cannot access the applcation for eg:- if i have a users in office1 in sales dept. and he access the application from his office, so i want to deny the same user or any other user, that he cannot access the same application from home or antwhere else.
View 8 Replies
Feb 16, 2011
I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.
When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?
View 8 Replies
Jan 3, 2010
This may be obvious to many of you (hopefully!) I have a site under asp.net created using Visual Web Developer 2008 and MSSQL 2007 (all express editions)All ok so far.My PSP requires the addition of a couple of traditional ASP 'screens' to redirect payments to them. I cannot run this under VWD2008 development server as .asp are not allowed, so am looking to move to running it locally under IIS7 which is turned on.How do I alter the site to run on the IIS7 instance?
View 3 Replies
Apr 4, 2011
I want my .net2.0 webservice application to run on IIS7.0 under CLR4.0, Is this possible simply creating an apppool with Classic,.netframework 4.0 settings and pointing my app to this pool? I have tried this and it works fine, but want to confirm on right track?
View 2 Replies
Oct 26, 2010
I changed the maxAllowedContentLength to
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="5024000000" />
</requestFiltering>
</security>
In my web.config, but when running on IIS7 I get this error:
The 'maxAllowedContentLength' attribute is invalid. Not a valid unsigned integer
but when I run in the VS server it run normally without any errors.
How to config my website to allow upload files with 500MB size, without this problem on IIS7?
View 1 Replies
May 30, 2010
Is it possible to determine the managed pipeline IIS7 is running under in ASP.NET?
View 1 Replies
Jan 11, 2011
I am trying to port an existing ASP.Net 1.1 website to another web server that currently runs IIS7 and a number of websites that target either .Net 2.0, 3.5 or 4.0. All other sites continue to work perfectly. Unfortunately, I can only browse static files on the newly imported site. If I try to access any of the Features in IIS7 for the new sit
View 1 Replies
Sep 22, 2010
Can someone tell me if its possible to run both a 64bit compiled web site and a 32bit compiled website on the same IIS7.5 machine. The core OS would be Windows 2008 R2 64bit. I looked around and can only find how to switch the appPools to 32 or 64. But the question I want answered is can you have one appPool 32bit and another 64bit?
View 1 Replies
Apr 18, 2010
i am building a member management site for a sports club, i have all the usual feilds
lastName, firstName, address1, address2, address3 ....
but they also want a photo
when i first made the DB i used access 2010 which uses the 2007 file type which supports attachments, however asp.net doesnt support the 2007 format. and the 2003 file type doesnt support attachments, i assume i use the OLE object data type but i have no idea how i get my aspx page "new.aspx" to upload an attachment. plus i want to restrict the file type to *.jpg
View 1 Replies
Sep 30, 2013
Just to avoid misuse of website i have to make it specific for certain region. Like people could view menu across the world and only the people of mumbai can order online. I want a submit button that would be visible to only mumbai people.
View 1 Replies
Dec 9, 2010
I'm using ASP.net 3.5 to run a .exe with Process.Start(). It works fine if I use the host that's built-in to VS2008, WinServer 2003 but if I use IIS7 it no longer runs. I am using the following code.
Process proc =
new
Process();
proc.StartInfo = psi;
proc.StartInfo.FileName = "cmd.exe";
proc.StartInfo.Arguments = args;
proc.Start();
View 2 Replies
Dec 29, 2010
Does anybody knows if it is possible to make URL routing in a ASP.Net webforms website that is running under the Classic .NET AppPool.
I've tried a few things here, but it just works when I switch from Classic AppPool to Default AppPool.
** the web site MUST run under Classic AppPool.
View 2 Replies
Feb 25, 2010
I have a need to run an application in classic mode for backwards compatibility with a specific application, and am trying to understand what kind of impact that will have on the performance of an MVC application that is running on the site. If we put a few static file maps (for .js, .css, .png, etc) above the ASP.NET wildcard map to reduce the amount of processing by the ASP.NET handler, will we be approaching the integrated mode in terms of performance?
The thing i'm primarily concerned with is any effect this might have on output caching. I understand that integrated mode might (?) allow for the output cache to handle non ASP.NET content, but that isn't really a concern. We're more interested in ensuring that the MVC application has full use of the output cache. Empirically i've found that the two configurations operate on par when things go well, but if the page references resources that are not available, the integrated mode tends to fail much more quickly than the classic mode (e.g. 500 ms vs 10 seconds), reducing 'hang time' on the page load.
View 1 Replies
Nov 6, 2010
i have one problem in executing the ssrs reports..
i've developed one project for that project there are some SSRS reports which are deployed
in path ( "http://localhost/reports/") it is working fine...
when i run through the project and press F5 ( i.e execute) the reports
are displaying correct with full of content in that...
now i want to host that project.. so i've created one virtual folder named as proj in IIS7..
and i've assigned the project to that..
when i execute from IE7 and type the path http://localhost/proj then the main page is displayed
and when i click the button print then it is showing the empyt report with only the toolbar above
no content are there in reports ...
but when the run the project i.e F5 then the report is displayed with full of content...
View 1 Replies