473,387 Members | 1,530 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > url security problem

Join Bytes to post your question to a community of 473,387 software developers and data experts.

URL security problem

Dear All,

In my web application, i have a login screen to allow the user to login to
my system.

all user should be logined in before they can use the system.

my question is

how to aviod the user from directly access my system by typing the exact
URL?

e.g.

http://localhost/demo/data/search.aspx

?

Regards,
Angus
Nov 18 '05 #1
3 1043
"angus" wrote ...
how to aviod the user from directly access my system by typing the exact
URL?


Store the fact that the user is logged in - in a session variable, then each
page checks for it, if it doesnt exist, either because their session has
expired or because they are trying to get in without logging it - redirect
them back to the login page.

Regards

Rob
Nov 18 '05 #2
in web.config add:
<location path="data/search.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

somewhere between <configuration> and </configuration>

--
Saber S.
http://maghalat.com (Persian)

"angus" <an***@angus.com> wrote in message
news:Oa**************@TK2MSFTNGP10.phx.gbl...
Dear All,

In my web application, i have a login screen to allow the user to login to
my system.

all user should be logined in before they can use the system.

my question is

how to aviod the user from directly access my system by typing the exact
URL?

e.g.

http://localhost/demo/data/search.aspx

?

Regards,
Angus

Nov 18 '05 #3
This is best set in the web.config file
The settings below will redirect all users to the page myloginpage.aspx

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<customErrors mode="On" />

<authorization>
<deny users="?" />
</authorization>

<authentication mode="Forms">
<forms name="icontoolweb" path="/" protection="All"
loginUrl="myloginpage.aspx" timeout="400">
</forms>
</authentication>

</system.web>
<configuration>
in the loginpage yoou do some authorization then you call :
FormsAuthentication.RedirectFromLoginPage(userid, true);

Which will automatically return the user to the page he tried to access
directly

cheers,
mortb

"Saber" <saber[--AT--]maghalat.com> wrote in message
news:uU**************@tk2msftngp13.phx.gbl...
in web.config add:
<location path="data/search.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

somewhere between <configuration> and </configuration>

--
Saber S.
http://maghalat.com (Persian)

"angus" <an***@angus.com> wrote in message
news:Oa**************@TK2MSFTNGP10.phx.gbl...
Dear All,

In my web application, i have a login screen to allow the user to login to my system.

all user should be logined in before they can use the system.

my question is

how to aviod the user from directly access my system by typing the exact
URL?

e.g.

http://localhost/demo/data/search.aspx

?

Regards,
Angus


Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

28
Who should security issues be reported to?
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
Python
22
Permissions/security problem
by: Alistair | last post by:
hello again oh knowledgable ones Today I took the plunge (more like a hell-hole dive) and upgraded to windows XP Pro.. and as I expected things are slightly different... what I didn't...
ASP / Active Server Pages
3
Developing role-based security question
by: craig | last post by:
I am working on my first .NET development project that involves custom role-based security per the project requirements. This lead to a general design issue this week that really caused us some...
.NET Framework
12
File.txt
by: A.M. | last post by:
Hi at all, how can I do to insert into a HTML page a file .txt stored in the same directory of the server where is the html file that must display the text file.txt? Thank you very much P.Pietro
Javascript
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
3
Apply security permission in class library, fail to call it out!
by: Chua Wen Ching | last post by:
Hi there, I had applied this security permissions in my class library based on fxcop standards. Before namespace: using System.Runtime.InteropServices; using System.Security.Permissions;
C# / C Sharp
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
5
User Control Security on .Net 2.0
by: Norsoft | last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a dll which inherits from System.Windows.Forms.UserControl. It works fine on a PC with only the 1.1 Framework. However,...
ASP.NET
0
Referenced security token could not be retrieved
by: Jay C. | last post by:
Jay 3 Jan. 11:38 Optionen anzeigen Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen Datum: 3 Jan...
.NET Framework
8
System.ServiceModel.Security.SecurityNegotiationException
by: =?Utf-8?B?TWFuanJlZSBHYXJn?= | last post by:
Hi, I created a web service and hosted it in Windows Services. It is working fine. Now I am trying to implement the X509 certificates for message layer security. But it is throwing the following...
.NET Framework
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!