have a .net website that i have been developing where the majority of pages are accessible to anybody but a few pages are restricted to members. This have been done thru the .net membership provider.This all works fine but what im trying to do now is run a closed beta test.So i want to put the application online but require any visitors to the site to have to go thru an initial beta login screen that has one common username and password for all users. Once past that login the site needs to function like it would if that login step had not occurred. That is, users would have to signup or use their own personal logins to access the pages restricted to members
I have two levels of authentications in ASP.NET application.I have a [Code].... user that have full access to all the websites and [Code]....user that have limited access.I want to destroy all open sessions before do any new login, no matter who will do the login.Where should I place my code to destroy all open sessions before I do any new login?
I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.
Level 1 - Support Level 2 - Manager Level 3 - Senior Manager Level 4 - Department Head etc.
If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.
Questions
When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality? Is there a better way of doing this?
I am trying to hide the content of the folders on my website. I can redirect the anonymous user to the login page, when he try to access to prohibit individual pages, but when the user is regiestered in the website, he can see the folders' content. For example:
he types in the address www.mydomain.coma/account/ and he can see all the pages there: shoping.aspx, shoping.aspx.cs,
I have a web app were every user has its own folder so that they can store documents. What i would like to do is protect a user's folder so that only the owner can access it.
Example:
Username: ricky Folder: ~/Files/ricky/ --> Ricky can access his folder but can't access Diana's
Username: diana Folder: ~/Files/diana/ --> Diana can access her folder but can't access Ricky's
I'm using membership provider for the user authentication.
I have a few computers (with Vista Business OS) connected in a private network. A C#.NET application running on one computer is currently able to access the network shared folders without problems. However, I am trying to get an ASP.NET application on that computer to access the same folders but I am getting "Access denied" errors. I added NETWORK SERVICE to all the shared folders' security (with full control) but it still gives the same errors.
I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.
[Code]....
However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
When I link to a file in a web folder which is user/password protected on the host, I get a panel requiring me to enter the correct user id and password.
I would like to create a link in my form that provides the id and password without exposing it to the user. How can I do this?
In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.
The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).
The question is, is that correct of scenario (4 project for 4 module)? How was the correct best practice if there is? What if I create all of the module in 1 project in VWD? future maintenance handy and performance wise (and security of course).. and maybe for easier in development also :)
I'm wondering what would be the best solution for hidding a folder like for example "AdminFolder", and also .aspx pages inside this folder.
I have several pages inside "AdminFolder" which I (as "Administrator" :) ) plan to use for some background work on daily basis! I am using Membership shema and no one except me can not / or should not acces this area, but I'am afraid if web crawlers like google find and expose this part of my page in searching results!
I also need to create a second folder for PDF files which I also would like to hide (incl. PDF Files inside it) from web crawlers!
I just got a windows vps setup at a hosting company and about to install a big web application that is a store front. Do I need to set any of the folders as virtual directories? I'm so confused on all of this. Do I just copy the folders and files over and thats it? It has Plesk to use for the control panel. I know I have to set the directories to run as application but is there anything else?
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
I have disabled annonymous, on IIS6 <authentication mode="Windows"/> <identity impersonate="true"/> in my webconfig and i am using both HttpContext.Current.User.Identity.Name Request.LogonUserIdentity.Name.ToString to retrive the username.
The problem is i am being prompted to logon, i don't want the user to have to login as this is an intranet.
have a website which as far as I know has the following timeout settings:1) In Web.config, FORM's authentication timeout="10"2) In Web.config, MEMBERSHIP's userIsOnlineTimeWindow="10"3) Assigned in Global.asax on Session_Start(): Session.Timeout =10;In the past I had problems because at least 1) and 3) weren't in sync, not sure about 2).
Do these 3 have to be in sync and if so, is there a way to set the timeout once and to have it applied to all 3? I deploy my website to many clients and each may want a different timeout, so I'm looking for a dynamic method to set this, perhaps after loading the timeout period from the db or settings file.
Not sure if this falls under security but I figured since its about logging in it might. Anyway. I would like to know if my approach is good. I have set up a login, the Login method is under the User Class which uses validation to my own database (not ASPNETDB). I would also like to set values to that user to use on each page such as a simple label on the home page that says "Hello [UserName]". Code is below, should I separate the User values into a different class? Also once i go to another page (called Home.aspx) I would like to set an ASP Panel to have the username in it. I created a new instance of the User class in Home.aspx but unsure what I would need to go to get this to work. Should I have some LoadUser method after a successful login?
After a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the ASP.net configuration tool that denies them access but the default setting allows them in. How do I go about this?
I just launched my application to the production environment. I have a section on my website that is only accessed by users in the role administrator. (Here is the code:
[Code]....
It does fine on the development application. But on the production app the function is not working. I checked the database and everything is the same. What should I do?
I am working on a scenario where I need to combine three applications into one (Project Requirement). I link the three applications on a web page and which ever link is clicked, I redirect it to that page.
My application sturcture looks as below
MainPage
- Folder1 with App1 (uses Active Directory group for authentication)
- SubPages
- Folder2 with App2 (Uses Membership roles and users)
- SubPages
- Folder3 with App3 (Uses Other logins for oracle database)
- SubPages
Is it possible to provide authorization only for my App2 based on the role created in membership.
For eg: There is user1 with role1 and user2 with role2 but i need to allow only user1 with role1.
When I was checking this scenario in the ASP.NET configuration settings to modify, it has the allow all permisions which is disabled to modify and it is given that Rules that appear dimmed are inherited from the parent and cannot be changed at this level.
I have some pages that need user to sign in. If not, I need to redirect user to signin page. I know this can be done by using some code like"<system.web><authorization><deny users="?"/></authorization></system.web>" in web.config.
But can I just write some code to do the same function?
like in page load method, I can check whether user is sign in, if user is not signed in yet, how can I redirect user to the login page by using code? and how can I stop sending the content of the page to user?
The error that I'm getting in Visual Studio is "Overload resolution failed because no accessible 'GetUser' accepts this number of arguments". I don't understand why it's not working.
i have an administrators page that gets a list of the users that are members of my site and i want to display their profile each time i clikc on the user name.
In order to do so, i use the following code:
[Code]....
This way, the last activity date is updated and the IsUserLogedOn property is set to true, without the user actually enter the application (since it is a calculated value that depends on the last activity date). As a result, each time i click a user name to view his profile, the user seems to be loged in.