473,378 Members | 1,393 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > security on page

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Security on page

I am trying to restrict users access to certain pages in my asp.net 2.0 app.

What I have done is I check the users permissions (based on data stored in
database) on the page load event of the page. If they dont have access I just
do a response.redirect to another page.

So it works something like this..

Page Load Event
If ispostback=false then
if userHasPermission = false then
response.redirect("somewhereelse.aspx")
end if
end if

Should I be doing this check on some other page event, or is there a way a
smart user could bypass this check and get access to the page?
Jan 11 '08 #1
3 1046
If you can put all the pages with the same rights into one folder, you
should rather setup the <authorizationsection in the web.config. That is
the place where you grant or deny access to pages, no coding required.

http://support.microsoft.com/kb/316871
--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin

"NH" <NH@discussions.microsoft.comwrote in message
news:94**********************************@microsof t.com...
>I am trying to restrict users access to certain pages in my asp.net 2.0
app.

What I have done is I check the users permissions (based on data stored in
database) on the page load event of the page. If they dont have access I
just
do a response.redirect to another page.

So it works something like this..

Page Load Event
If ispostback=false then
if userHasPermission = false then
response.redirect("somewhereelse.aspx")
end if
end if

Should I be doing this check on some other page event, or is there a way a
smart user could bypass this check and get access to the page?

Jan 11 '08 #2

"NH" <NH@discussions.microsoft.comwrote in message
news:94**********************************@microsof t.com...
>I am trying to restrict users access to certain pages in my asp.net 2.0
app.

What I have done is I check the users permissions (based on data stored in
database) on the page load event of the page. If they dont have access I
just
do a response.redirect to another page.

So it works something like this..

Page Load Event
If ispostback=false then
if userHasPermission = false then
response.redirect("somewhereelse.aspx")
end if
end if

Should I be doing this check on some other page event, or is there a way a
smart user could bypass this check and get access to the page?
It depends on how you are deriving userHasPermission. If this is pulled out
of a cookie value or querystring data then it's possible that a user could
bypass it. If possible you may be better off using Forms Authentication in
your application which will do all this processing for you.

Jan 11 '08 #3
There is not need to check Permission on each page.

I feel you should look at MemberShip & Role features of ASP.NET
Also
Check <locationtag of web.config

After quick study of above you should get some good alternative ways.

Regards
JIGNESH.

"NH" wrote:
I am trying to restrict users access to certain pages in my asp.net 2.0 app.

What I have done is I check the users permissions (based on data stored in
database) on the page load event of the page. If they dont have access I just
do a response.redirect to another page.

So it works something like this..

Page Load Event
If ispostback=false then
if userHasPermission = false then
response.redirect("somewhereelse.aspx")
end if
end if

Should I be doing this check on some other page event, or is there a way a
smart user could bypass this check and get access to the page?

Jan 11 '08 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
After changing security settings Post-method returns emty variables
by: Asp Help | last post by:
I'm working on a ASP applicatition to create Windows 2000 users. Because I don't want everybody to have access to the site I've changed te security in IIS 5.0 which runs on a windows 2000 Sp4...
ASP / Active Server Pages
7
.Net Security - Not 'all' pages
by: PaulThomas | last post by:
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my application to be accessable by 'all' I am using <authentication mode="Forms" /> and if I Login - everything works...
.NET Framework
2
ASP.NET security control
by: PK | last post by:
Hi All, I will be writing an asp.net application which require users to log on before they can view the particular information. so here the security control is needed and a must for different...
ASP.NET
29
Security- access to Event Viewer
by: Patrick | last post by:
I have the following code, which regardless which works fine and logs to the EventViewer regardless of whether <processModel/> section of machine.config is set to username="SYSTEM" or "machine" ...
ASP.NET
0
Security Exception on 1&1 with SQL Server
by: Carl Gilbert | last post by:
Hi I am trying to get an online gallery to work (www.ngallery.org). I have managed to get it all working on my local host but I can not get it to work on my web space. The site can be found...
ASP.NET
3
Sending a WSE 2.0 security SOAP request from HTML client VBScript
by: Sydney | last post by:
Hi, I am trying to construct a WSE 2.0 security SOAP request in VBScript on an HTML page to send off to a webservice. I think I've almost got it but I'm having an issue generating the nonce...
.NET Framework
0
unable to catch Security exception
by: alf | last post by:
I have an app that was running in my local server using full trust, now I moved it to hosting company wish run in Medium trust. Then I get a Security exception (details below) Then I configured...
ASP.NET
3
Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK
by: Mike | last post by:
Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type...
ASP.NET
4
System.Security.SecurityException when clicking a linkbutton
by: confused1234 | last post by:
I get the error at the bottom of this post when i click on a linkbutton, javascript:__doPostBack('ctl00$Main$btnchangeemail','') The problem is intermitant, sometimes it works and sometimes...
.NET Framework
5
System.Security.SecurityException: Request
by: Henry Stock | last post by:
I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!