I am currently storing all my images in the public folder and once logged in the user can see all the images listed on the page. But I want it to be so that the user can't access the images if he/she is not logged in.
Right now, if the user types localhost:3000/image.png he/she is able to access the images. How do I stop this?
Related
How do you have an image carousel show only the logged in user's images? I can upload images to a carousel but can only choose between ALL users' images.
WordPress does not keep information in the database on the logged in status. Logged in user just have a cookie in his browser.
Yoi can use some hook when a user logs in, and maintain this list by yourself in the database. Also, you can use some hook on logout. Additionally, you should use cookie expiration time to make a reasonable estimation if user is still logged in.
It is not so simple and straightforward task.
I have a SharePoint server 2013. And i have added site-pages in that, now i want the home page (www.xyz.com) to be accessible to all users regardless they have been added to the groups/authenticated users.
Except the home page the only the registered users should have access to content/other pages. Otherwise SharePoint should give a message you don't have access or this page hasn't shared with you when an unauthorized user tries to access the rest of the site-pages.
I already tried NTAuthority command to define setting on Home page but for that the user needs to have the exact path of the webpage (www.xyz.com/main.aspx) otherwise it's not working with just (www.xyz.com).
Either the user is getting all the access or none.
Kindly refer this link for more info. It is somewhat similar to what i need.
Sharepoint-Add permission to to all authenticated users
I hope you can give me some advice about membership and images.
Which is the best way to secure images so that only the authorised users can retrieve them?
The scenario:
I own a website on which users can enter and publish their wishlist(s). The owner of the wishlist has a username/password, and family&friends have a username/password (family&friends all share exactly 1 username/password)
Now I want to give the owner the opportunity to upload an image which will be used as a background image for the wishlist. This may be a personal image, so I want only the concerning owner and family&friends to be able to see that image. I don't want other users (and people not logged in) to be able to see this image, even if they try to hack it.
To be more specific, if I decide to store jpg-files in a folder, everyone can easily retrieve it like https://pbs.twimg.com/media/B4VBJc6CEAAFSKf.jpg
I can put it in a folder which only logged in users can access, but then all logged in users can access it, and I only want to grant the owner and the family-and-friends-user. Can I secure the image file?
So, my question is: Which is the best way to secure images so that only the authorised users can retrieve them?
I use:
ASP.NET,
SQL Server,
ASP standard membership
Only the concerning owner and family&friends to be able to see that
image. I don't want other users (and people not logged in) to be able
to see this image.
I assume you are using ASP.Net Web Form. If so, you want to look at a generic image handler.
To be more specific, if I decide to store jpg-files in a folder,
everyone can easily retrieve it
You should not store images in publicly available folder. In other words, it should be restricted to public access. For example, App_Data folder.
User can only access those images via Image Handler.
Inside the Image Handle, check whether user is authorized. If not authorized, return 404.
If authorized, you can use either BinaryWrite or TransmitFile (if image is stored in file system).
can anybody tell me if its possible to retrieve a list of a member's pages without manage pages permissions? or if its possible to send the graph a facebook page id and have it return whether or not the current FB user admins the page.
i have a page tab application which a FB user can install to one of their pages, and in order to show the relevant info regarding the current FB user from my website on their facebook page, i need to know that the page they have given me is administered by them.
since i dont want any control over the page itself, only to know that the page id ive received is associated with the current FB user, asking for permissions to log in as any and all of their facebook pages seems like a bit of an excessive permission
I'm currently building a site where I want anonymous users to see a page which talks about what the site is about, but shows no content. It only offers two options
Register
Login (username & password field)
Once the user logs in, they should be redirected to a specific frontpage.
I tried using drupal/front module, but that did not work. Anynmous access was always shown as access denied
I think I could LoginToboggan to redirect authenticated users but not sure what to do about the frontpage.
thanks
When you say that you want the front page to show now content you really just mean you only want to show static copy right?
One way to do this is with views and the context module.
Create blocks with views of the content that you want to hide.
Create some regular blocks from the blocks menu.
The magic happens with the context module. It lets you set up custom rules for which blocks to display where and when. You can set it so that some blocks show up for anon users and other blocks show up for authenticated.
Set it up so that the static copy that talks about the site shows up for anon users along with the login block.
You can tell context module load whatever content you need on the home page with views generated with blocks.
Set up context module to load all of your blocks for you instead of drupal's core block system.
I'm sure you could do this somehow with panels too, but I couldn't tell you how.
Make sure that the page you are redirecting to is accessible for anonymous users. The most likely reason for your acess denied message is that anonymous users do not have permission for that page.
You could also try the Rules module to redirect after login.
Checkout my response to a similar question answered on Drupal.org. I'll repost here as well:
http://drupal.org/node/1962546
I also used Context but with a few other items to help.
I've done this, not with Facebook or LinkedIn however but with another
login based site.
Required modules: Omega theme Context Delta Views Some type of access
control Custom version of r4032login
How I did it: All content is locked down. r4032login redirects all non
logged in users to login, even if they try to get to a certain page.
Create a new delta: In here I have create a content region and shown
only what I need (custom login page).
Context Checks User Role must be anonymous user It then has a rule to
activate a delta, which is basically a copy of your theme
functionality: (Homepage login)
The login is set to forward the user to /frontpage which is a view, it
requires authenticated permissions to view. Once a user is logged in,
the redirect module forwards to the /frontpage (main page) and
permissions are verified and they're in.
If you need more details let me know. This is more of a complex
implementation I have in place but I'm sure there are also others
interesting in doing it.