Security - Restrict Access To A Specific URL, Running On IIS7

Jun 10, 2010

I am deploying a public ASP.NET website on an IIS7 web farm.

The application runs on 3 web servers and is behind a firewall.

We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.

/admin/somepage.aspx

What is the best way to control access to this page? We need to:

Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.

Should this access control be done at the (a) network level, (b) application level, etc.?

View 3 Replies


Similar Messages:

Security :: Restrict Login Access To Website From Specific Machine?

Nov 1, 2010

I need to restrict access to my website by physical PC. When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.

I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address. Am I trying to over complicate things or is that the only way? I realise that MACS can be spoofed but this is not much of an issue.

View 4 Replies

IIS7 Web.config Rewrites To Restrict Access For IP Range - Can't Get It To Work?

Mar 21, 2011

I'm simply adding to a set of rules on existing rewrite rules for our company website. We have a file that we need to restrict to only our internal IP addresses. The URL is http://oursite.com/internal/index.aspx?u=blahblah and need it restricted to IP ranges 10.1.X.X. I'm adding this and it's not doing anything. Even if I tried to capture all using .* for the pattern, it still ignores it. Is my syntax correct?

<rewrite>
<rules>
...
<rule name="Restrict URL" enabled="true" stopProcessing="true">

[code]...

View 1 Replies

Security :: 4 Security Via Windows Authentication - Restrict Access To Safe / UCantSeeMe.aspx

Aug 18, 2010

I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?

View 1 Replies

How To Restrict Access To A Specific File In The Account Folder Rather Than The Entire Folder

Jan 1, 2010

I am ristrcting access to the Account folder using below:

<location path="Account">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

and access to the Default.aspx using

<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

but how do i restrict access to a specific file in the Account folder rather than the entire folder?

I tried the following but did not work

<location path="AccountChangePassword.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

View 1 Replies

Security :: Trying To Restrict Access To Folder But Can't?

Jan 23, 2010

[Code]....

Trying to restrict access to folder but can't?

View 6 Replies

Security :: Restrict Access To File .wmv?

Oct 13, 2010

I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.

[Code]....

View 10 Replies

Security :: Restrict Access To Domain Users Only?

May 12, 2010

I have just started to use asp.net mvc.

I have read this article about using ntlm authentication

[Code]....

it provides access to specific domain users

[Code]....

I want to restrict access to all my domain users only lets say

[Authorize(Domain="redmond")]

or do I do it via web.config

View 2 Replies

Security :: Restrict Pages Direct URL Access?

Mar 17, 2010

I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.

View 5 Replies

Security :: Restrict Access To Site From Outside Office?

Nov 9, 2010

I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.

The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.

I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.

View 3 Replies

Security :: Access Denied Error With Response.writefile Of UNC File In IIS7. Bug?

Mar 5, 2010

I'm moving applications from IIS6 to IIS7.5 (win 7 an win server 2008 r2), when 2 applications (with identity impersonate) try to get a file with response.writefile only from a UNC path i'll get "access denied". In IIS6 and Visual Studio Developer Web Server, same code works. I can save file with FilePath.SaveAs and get name and length with FileInfo, but not download. After 2 days of nightmares I have tried to change

Response.WriteFile(filePath)

to

Response.BinaryWrite(File.ReadAllBytes(filePath))

and now work. My question is: can I have a microsoft developer to sacrificate for my avenge?)

View 2 Replies

Security :: Deny Access To Webapplication To Specific Computers?

Mar 2, 2011

i have a web application which can be accessed via intenet the application is running on iis and configured using a router..i m looking for a good solution where i can give access to only authorized computers rest of the computers cannot access the applcation for eg:- if i have a users in office1 in sales dept. and he access the application from his office, so i want to deny the same user or any other user, that he cannot access the same application from home or antwhere else.

View 8 Replies

Security :: How To Show A Warning Popup When User Is Not Authorized To Access A Specific Folder

Feb 16, 2011

I am implementing membership provider. For example, anonymous users are not allowed to acces pages under the folder, namely XXX.

When user clicks to navigate any of those pages I would like to display a popup window. I know I can implement button clikc events. But there are many buttons and links. What is the most effective way to do that?

View 8 Replies

Running Locally With IIS7?

Jan 3, 2010

This may be obvious to many of you (hopefully!) I have a site under asp.net created using Visual Web Developer 2008 and MSSQL 2007 (all express editions)All ok so far.My PSP requires the addition of a couple of traditional ASP 'screens' to redirect payments to them. I cannot run this under VWD2008 development server as .asp are not allowed, so am looking to move to running it locally under IIS7 which is turned on.How do I alter the site to run on the IIS7 instance?

View 3 Replies

IIS7 Running .net 2.0 Application Under .net 4.0 CLR

Apr 4, 2011

I want my .net2.0 webservice application to run on IIS7.0 under CLR4.0, Is this possible simply creating an apppool with Classic,.netframework 4.0 settings and pointing my app to this pool? I have tried this and it works fine, but want to confirm on right track?

View 2 Replies

Set The MaxAllowedContentLength To 500MB While Running On IIS7?

Oct 26, 2010

I changed the maxAllowedContentLength to

<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="5024000000" />
</requestFiltering>
</security>

In my web.config, but when running on IIS7 I get this error:

The 'maxAllowedContentLength' attribute is invalid. Not a valid unsigned integer

but when I run in the VS server it run normally without any errors.

How to config my website to allow upload files with 500MB size, without this problem on IIS7?

View 1 Replies

Is It Possible To Determine The Managed Pipeline IIS7 Is Running Under?

May 30, 2010

Is it possible to determine the managed pipeline IIS7 is running under in ASP.NET?

View 1 Replies

Errors Running .NET 1.1 On IIS7 (applicationHost.config)?

Jan 11, 2011

I am trying to port an existing ASP.Net 1.1 website to another web server that currently runs IIS7 and a number of websites that target either .Net 2.0, 3.5 or 4.0. All other sites continue to work perfectly. Unfortunately, I can only browse static files on the newly imported site. If I try to access any of the Features in IIS7 for the new sit

View 1 Replies

IIS7.5 Running Both 32bit And 64bit Websites?

Sep 22, 2010

Can someone tell me if its possible to run both a 64bit compiled web site and a 32bit compiled website on the same IIS7.5 machine. The core OS would be Windows 2008 R2 64bit. I looked around and can only find how to switch the appPools to 32 or 64. But the question I want answered is can you have one appPool 32bit and another 64bit?

View 1 Replies

Access :: Upload To Access DB / Restrict The File Type To .jpg?

Apr 18, 2010

i am building a member management site for a sports club, i have all the usual feilds

lastName, firstName, address1, address2, address3 ....

but they also want a photo

when i first made the DB i used access 2010 which uses the 2007 file type which supports attachments, however asp.net doesnt support the 2007 format. and the 2003 file type doesnt support attachments, i assume i use the OLE object data type but i have no idea how i get my aspx page "new.aspx" to upload an attachment. plus i want to restrict the file type to *.jpg

View 1 Replies

Web Forms :: Make Website Specific For Certain Region - Restrict Users Location Wise

Sep 30, 2013

Just to avoid misuse of website i have to make it specific for certain region. Like people could view menu across the world and only the people of mumbai can order online. I want a submit button that would be visible to only mumbai people.

View 1 Replies

Web Forms :: Server 2008 R2 - IIS7 And Running .exe Files

Dec 9, 2010

I'm using ASP.net 3.5 to run a .exe with Process.Start(). It works fine if I use the host that's built-in to VS2008, WinServer 2003 but if I use IIS7 it no longer runs. I am using the following code.

Process proc =
new
Process();
proc.StartInfo = psi;
proc.StartInfo.FileName = "cmd.exe";
proc.StartInfo.Arguments = args;
proc.Start();

View 2 Replies

Iis7 - URL Routing In .Net Webforms Running Under The Classic .NET AppPool?

Dec 29, 2010

Does anybody knows if it is possible to make URL routing in a ASP.Net webforms website that is running under the Classic .NET AppPool.

I've tried a few things here, but it just works when I switch from Classic AppPool to Default AppPool.

** the web site MUST run under Classic AppPool.

View 2 Replies

Running IIS7 In Classic Mode Does Affect MVC Output Caching

Feb 25, 2010

I have a need to run an application in classic mode for backwards compatibility with a specific application, and am trying to understand what kind of impact that will have on the performance of an MVC application that is running on the site. If we put a few static file maps (for .js, .css, .png, etc) above the ASP.NET wildcard map to reduce the amount of processing by the ASP.NET handler, will we be approaching the integrated mode in terms of performance?

The thing i'm primarily concerned with is any effect this might have on output caching. I understand that integrated mode might (?) allow for the output cache to handle non ASP.NET content, but that isn't really a concern. We're more interested in ensuring that the MVC application has full use of the output cache. Empirically i've found that the two configurations operate on par when things go well, but if the page references resources that are not available, the integrated mode tends to fail much more quickly than the classic mode (e.g. 500 ms vs 10 seconds), reducing 'hang time' on the page load.

View 1 Replies

SQL Reporting :: Blank Reports Are Displayed When Running The Project Through IIS7?

Nov 6, 2010

i have one problem in executing the ssrs reports..

i've developed one project for that project there are some SSRS reports which are deployed

in path ( "http://localhost/reports/") it is working fine...

when i run through the project and press F5 ( i.e execute) the reports

are displaying correct with full of content in that...

now i want to host that project.. so i've created one virtual folder named as proj in IIS7..

and i've assigned the project to that..

when i execute from IE7 and type the path http://localhost/proj then the main page is displayed

and when i click the button print then it is showing the empyt report with only the toolbar above

no content are there in reports ...

but when the run the project i.e F5 then the report is displayed with full of content...

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved