Are there any prebuilt modules for this? Is there an event thats called everytime a page is loaded? I'm just trying to secure one of my more important admin sections.
As blowdart said, simple IP Address logging is handled by IIS already. Simply right-click on the Website in Internet Information Services (IIS) Manager tool, go to the Web Site tab, and check the Enable Logging box. You can customize what information is logged also.
If you want to restrict the site or even a folder of the site to specific IP's, just go to the IIS Site or Folder properties that you want to protect in the IIS Manager, right click and select Properties. Choose the Directory Security tab. In the middle you should see the "IP Addresses and domain name restrictions. This will be where you can setup which IP's to block or allow.
If you want to do this programatically in the code-behind of ASP.Net, you could use the page preinit event.
A little more information please; do you want to log IPs or lock access via IP? Both those functions are built into IIS rather than ASP.NET; so are you looking for how to limit access via IP programatically?
You can use the following to get a user's IP address:
Request.ServerVariables["REMOTE_ADDR"]
Once you have the IP you will have to write something custom to log it or block by IP. There isn't something built in to asp.net to do this for you.
Is there an event that's called everytime a page is loaded?
Page_Load might be what you're looking for.
However, and I'm really not trying to be mean here, if you don't know that, you probably shouldn't be trying to secure the app. You're just not experienced enough in .Net
I'm sure you're great at what you do, in whatever platform you're experienced in. But .Net WebForms isn't your forte. This is one of those times when you should back off and let someone else handle it.
Related
We have a regular asp.net website. I started debugging several errors, so the website cannot be used (but is not down). Since the default page is not Default.aspx and users are used to going directly to Main.aspx, if anyone goes to http://network:1332/Main.aspx, the person should be redirected to Issues.htm.
Is there an easy to do this without having to alter Main.aspx or write any code? Maybe change web.config or some IIS 6 configuration?
I just don't want anyone to use the website even though the site is available for use.
Thanks.
If you have an ASP.NET web application site, and you place a text file
named "app_offline.htm" in the root of the site, all requests to that
website will redirect to that app_offline.htm file. Basically, if you
need to take an entire ASP.NET site offline, you can place some nice
message in that file.
https://forums.iis.net/t/1152788.aspx?Put+website+in+maintenance+mode
Be warned you too will be directed to the maintenance page, so if you're debugging in production this could make things more difficult.
You can use Url Rewrite Module to IIS. Then you will be able to define your rewrite rules in web.config or using IIS Manager. Check this : https://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
In code, we're referencing "athirdpartydomain.com"
Page.Response.Redirect("www.athirdpartydomain.com");
However, the owners of "athirdpartydomain.com" have decided to change their domain. This will involved a fairly considerable amount of work for us eventually, and they're letting the domain go completely.
We will of course change it in time, but I'm wondering if there's a quicker way to do this. Like changing something on the server to make sure all requests to "athirdpartydomain.com" all go to "theirnewdomain.com"
Considering you're using .NET, I can imagine you're also using IIS and, so, you can do this using IIS Redirects. NB, this will only work if you're hosting www.athirdpartydomain.com and have access to the IIS on that server.
You can learn how to do this here: http://support.microsoft.com/kb/313074
In .net you can't do that, but yes you can do that using cpanel of that domain.
You have to open that domain with admin login.
and you have to set "a name" or "a point" to particular server where you wants to redirect to site when some one browse the site this will redirect to particular site without load of that site.
Say I have a mobile optimized website which runs with a lot of javascript on it to create awesome effects, and a user enters the website via a mobile browser which doesn't have javascript activated.
Is it then possible to (through a button click) redirect that user to his/hers browser settings?
You need to have JavaScript activated in order to browse this site properly.
Click here to change your settings
In principle, you can create an intent: URL that references an ACTION_SETTINGS Intent, though I have not tried this. Off the top of my head, the simplest way to construct that URL is to generate a scrap Android project and call:
Log.d("Something", new Intent(android.provider.Settings.ACTION_SETTINGS).toUri(Intent.URI_INTENT_SCHEME));
then check LogCat for the URL that you would put in the Web site. Of course, this URL will only work on Android devices.
I only know Windows Mobile (and there, only up to v6.1), but I would guess your clients would have to have some app of yours prior installed to access features of the device itself.
If websites could access a device's features, it would be viewed as a virus.
I need to allow my asp.net application to read and write from and to a folder.
Could you please help me to do so.
Regards,
Assuming your application pool is using the default identity (it probably is), then right click on the folder, select Properties, go to the Security tab, click Edit..., click Add..., in the object names field enter NETWORK SERVICE (also assuming IIS 6 or 7 here), click OK, in the permissions pane check Write, and click Apply.
That should do it.
It's two pronged, neither of which involves your code, and both assume you have access to server settings. You need to have appropriate permissions set on the folder in the file system as well as within the IIS web application.
I'm trying to build a C# console application to automate grabbing certain files from our website, mostly to save myself clicks and - frankly - just to have done it. But I've hit a snag that for which I've been unable to find a working solution.
The website I'm trying to which I'm trying to connect uses ASP.Net forms authorization, and I cannot figure out how to authenticate myself with it. This application is a complete hack so I can hard code my username and password or any other needed auth info, and the solution itself doesn't need to be something that is viable enough to release to general users. In other words, if the only possible solution is a hack, I'm fine with that.
Basically, I'm trying to use HttpWebRequest to pull the site that has the list of files, iterating through that list and then downloading what I need. So the actual work on the site is fairly trivial once I can get the website to consider me authorized.
I have dealt with something similar, and the hardest part is figuring out exactly what you needed to "fake" to get authorized. In my case it was authorizing into some Lotus Notes webservice, but the details are unimportant, the method is the same.
Essentially, we need to record a regular user session. I would recommend Fiddler http://www.fiddler2.com but if you're on linux or something, then you'll need to use wireshark to figure some of the things out. Not sure if there is a firefox plugin that could be used.
Anyway, start up IE, then start up Fiddler. Complete the login process.
Stop what you're doing. Switch to the fiddler pane, and examine the recorded sessions in detail. It should give you exactly what you need to fake using WebRequests.
This page should get you started. You need to first make a request to the page, and then saving the cookie to a container that you include in all later request. That should keep you logged in, and able to retrieve the files.