Security :: Setting Right Security Levels To Folders?

Dec 20, 2010

i got a web app where some users can upload to a folder images or files like pdfs.

Those users are authenticated by forms.

Well, in public areas, everyone can see those images and files.

I use for showing an httphandler, changing name, etc...

Id like to know if its possible set security like this:

- Folder with uploads, only with read permission for everyone that is not authenticated

- Folder with uploads, with write permission for authenticated users

Goal is that none can upload files if they are not autenticated and make the upload through the web form created for that.

View 1 Replies

Similar Messages:

Security :: Two Levels Of Login

Apr 13, 2010

have a .net website that i have been developing where the majority of pages are accessible to anybody but a few pages are restricted to members. This have been done thru the .net membership provider.This all works fine but what im trying to do now is run a closed beta test.So i want to put the application online but require any visitors to the site to have to go thru an initial beta login screen that has one common username and password for all users. Once past that login the site needs to function like it would if that login step had not occurred. That is, users would have to signup or use their own personal logins to access the pages restricted to members

View 5 Replies

Security At Various Levels In Website

Feb 21, 2010

I want to provide different security aspects to the admin and customer to a single website with a different home pages..

View 3 Replies

Security :: Two Levels Of Authentications In .NET Application?

Aug 22, 2010

I have two levels of authentications in ASP.NET application.I have a [Code].... user that have full access to all the websites and [Code]....user that have limited access.I want to destroy all open sessions before do any new login, no matter who will do the login.Where should I place my code to destroy all open sessions before I do any new login?

View 3 Replies

Security - Using Roles To Represent Different Access Levels?

Mar 4, 2010

I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.

Level 1 - Support
Level 2 - Manager
Level 3 - Senior Manager
Level 4 - Department Head

If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.


When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality? Is there a better way of doing this?

View 2 Replies

Security :: How To Hide The Contents Of Folders

Feb 24, 2011

I am trying to hide the content of the folders on my website. I can redirect the anonymous user to the login page, when he try to access to prohibit individual pages, but when the user is regiestered in the website, he can see the folders' content. For example:

he types in the address www.mydomain.coma/account/ and he can see all the pages there: shoping.aspx, shoping.aspx.cs,

View 3 Replies

Security :: Users Can Only Access Their Folders?

Sep 26, 2010

I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.


Username: ricky
Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's

Username: diana
Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's

I'm using membership provider for the user authentication.

View 9 Replies

Security :: .net Cannot Access Network Folders?

Oct 26, 2010

I have a few computers (with Vista Business OS) connected in a private network. A C#.NET application running on one computer is currently able to access the network shared folders without problems. However, I am trying to get an ASP.NET application on that computer to access the same folders but I am getting "Access denied" errors. I added NETWORK SERVICE to all the shared folders' security (with full control) but it still gives the same errors.

View 4 Replies

Security :: Redirect To Different Folders Based On Roles?

Jul 4, 2010

I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.


However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.

View 5 Replies

Security :: Restricting Access To Folders And Pages?

Nov 16, 2010

I'm using user membership and roles. Below is my web.config for subfolder restriction.


The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?

View 2 Replies

Security :: Accessing Files In Protected Folders?

Jan 29, 2010

When I link to a file in a web folder which is user/password protected on the host, I get a panel requiring me to enter the correct user id and password.

I would like to create a link in my form that provides the id and password without exposing it to the user. How can I do this?

View 2 Replies

Security :: Two Roles (admin, User) And Two Folders?

Nov 15, 2010

In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.

The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).

View 6 Replies

Security :: Treat App Folders's With Single Login.aspx

Nov 5, 2010

I'm developing ERP project with 4 modules or maybe will be more within (1 module I mean 1 project in VWD)

And now 1 of it project near complete, and now I want to move to next module

But in my scenario, I want my single login.aspx to access all of modules

Let say like this


The question is, is that correct of scenario (4 project for 4 module)? How was the correct best practice if there is? What if I create all of the module in 1 project in VWD? future maintenance handy and performance wise (and security of course).. and maybe for easier in development also :)

View 3 Replies

Security :: Hide Folders And Pages Inside Folder From Crawlers Like Google

Feb 12, 2011

I'm wondering what would be the best solution for hidding a folder like for example "AdminFolder", and also .aspx pages inside this folder.

I have several pages inside "AdminFolder" which I (as "Administrator" :) ) plan to use for some background work on daily basis! I am using Membership shema and no one except me can not / or should not acces this area, but I'am afraid if web crawlers like google find and expose this part of my page in searching results!

I also need to create a second folder for PDF files which I also would like to hide (incl. PDF Files inside it) from web crawlers!

View 3 Replies

Setting Up App On A Vps / Need To Set Any Of The Folders As Virtual Directories

Sep 16, 2010

I just got a windows vps setup at a hosting company and about to install a big web application that is a store front. Do I need to set any of the folders as virtual directories? I'm so confused on all of this. Do I just copy the folders and files over and thats it? It has Plesk to use for the control panel. I know I have to set the directories to run as application but is there anything else?

View 1 Replies

Security :: Non-asp Files / Moved The Pages And Files To Other Folders And Set The Web.config File On This Folder?

Jul 1, 2010

I was following the tutorials from this two sites:

Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!

The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the


on the web.config new folder and on the web.config website´s root.

It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.

View 4 Replies

Setting Up Integrated Security / Ii6?

Feb 16, 2011

I have made my web site into an application.

I have disabled annonymous, on IIS6
<authentication mode="Windows"/>
<identity impersonate="true"/>
in my webconfig
and i am using both
to retrive the username.

The problem is i am being prompted to logon, i don't want the user to have to login as this is an intranet.

View 1 Replies

Security :: Dynamically Setting The Timeout?

Jul 21, 2010

have a website which as far as I know has the following timeout settings:1) In Web.config, FORM's authentication timeout="10"2) In Web.config, MEMBERSHIP's userIsOnlineTimeWindow="10"3) Assigned in Global.asax on Session_Start(): Session.Timeout =10;In the past I had problems because at least 1) and 3) weren't in sync, not sure about 2).

Do these 3 have to be in sync and if so, is there a way to set the timeout once and to have it applied to all 3? I deploy my website to many clients and each may want a different timeout, so I'm looking for a dynamic method to set this, perhaps after loading the timeout period from the db or settings file.

View 6 Replies

Security :: Setting User Values On Login?

Oct 25, 2010

Not sure if this falls under security but I figured since its about logging in it might. Anyway. I would like to know if my approach is good. I have set up a login, the Login method is under the User Class which uses validation to my own database (not ASPNETDB). I would also like to set values to that user to use on each page such as a simple label on the home page that says "Hello [UserName]". Code is below, should I separate the User values into a different class? Also once i go to another page (called Home.aspx) I would like to set an ASP Panel to have the username in it. I created a new instance of the User class in Home.aspx but unsure what I would need to go to get this to work. Should I have some LoadUser method after a successful login?

View 1 Replies

Security :: How To Configure Default User Setting

Mar 7, 2010

After a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the configuration tool that denies them access but the default setting allows them in. How do I go about this?

View 1 Replies

Security :: Setting Roles On Production Application?

Mar 12, 2011

I just launched my application to the production environment. I have a section on my website that is only accessed by users in the role administrator. (Here is the code:


It does fine on the development application. But on the production app the function is not working. I checked the database and everything is the same. What should I do?

Here is my code in the web.config


View 2 Replies

Security :: Authorization Setting For Combined Applications?

Sep 22, 2010

I am working on a scenario where I need to combine three applications into one (Project Requirement). I link the three applications on a web page and which ever link is clicked, I redirect it to that page.

My application sturcture looks as below


- Folder1 with App1 (uses Active Directory group for authentication)

- SubPages

- Folder2 with App2 (Uses Membership roles and users)

- SubPages

- Folder3 with App3 (Uses Other logins for oracle database)

- SubPages

Is it possible to provide authorization only for my App2 based on the role created in membership.

For eg: There is user1 with role1 and user2 with role2 but i need to allow only user1 with role1.

When I was checking this scenario in the ASP.NET configuration settings to modify, it has the allow all permisions which is disabled to modify and it is given that Rules that appear dimmed are inherited from the parent and cannot be changed at this level.

View 1 Replies

Security :: How To Deny User With C# Code Instead Of Setting Web.config

Oct 16, 2010

I have some pages that need user to sign in. If not, I need to redirect user to signin page. I know this can be done by using some code like"<system.web><authorization><deny users="?"/></authorization></system.web>" in web.config.

But can I just write some code to do the same function?

like in page load method, I can check whether user is sign in, if user is not signed in yet, how can I redirect user to the login page by using code? and how can I stop sending the content of the page to user?

View 3 Replies

Security :: Programmatically Setting Membership Provider At Runtime?

Jul 27, 2010

I've been using the following:


The error that I'm getting in Visual Studio is "Overload resolution failed because no accessible 'GetUser' accepts this number of arguments". I don't understand why it's not working.

View 2 Replies

Security :: How To Get A User Profile Without Setting The Last Activity Date

Apr 9, 2010

i have an administrators page that gets a list of the users that are members of my site and i want to display their profile each time i clikc on the user name.

In order to do so, i use the following code:


This way, the last activity date is updated and the IsUserLogedOn property is set to true, without the user actually enter the application (since it is a calculated value that depends on the last activity date). As a result, each time i click a user name to view his profile, the user seems to be loged in.

View 2 Replies

Copyrights 2005-15, All rights reserved