I have 3 questions about using ASP.NET security and Membership in web applications
Do people outside localhost have any means of accessing the ASP.NET security control panel?
What is the best way to edit security? Is it by opening the website through VS2010 and editing security, or there is another way or some control panel I can use?
I can't edit security while the folder is in wwwroot, so I have to cut it into desktop, edit its security the put it back in wwwroot folder. I don't think this is an acceptable way at all, any better ideas?
The Web Site Administration Tool (WSAT) is the default means to manage a ASP.NET site out of the box. If you want a deployable solution that can be integrated into your website you should look at the MyWSAT project on CodePlex. It provides all the features of WSAT.
1: No you cannot access the WSAT tool outside of localhost and it has to be used in conjunction with VS. (Note: I have seen people trying that but somehow it isn't easy.
2: You can use modules already created by others as one mentioned by Zack. Similar one is here. Or you can use Membership/Roles API to write your own pages do this work.
3: Not sure what is going on with your wwwroot issue. May be it could be some permission issue. Are you getting any error?
Related
I think the question says it all,
Visual studio under ASP.net locally Development server gives the ability to access asp.net web application administration . but, if i want to access it on the web after publishing, is there any way to achieve that?
I am asking because I hope not to reinvent the wheel again!. I want to use the administration features, managing roles, users security for folders..etc.
You can do this by creating an administration panel by yourself.
Means
1. You have to create pages where you can have functionality which you want to give an administrator.
2. You have to create an administrator user and password.
3. And have to check on the administration pages that only an administrator can login to an administrative page.
If I am getting your question right.This may help you.
And If this helps you plz let me know i have another more tricks to restrict the other and secure the administration page.
That would be the biggest backdoor ever created...
the answer is NO!, we must reinvent the wheel and develop the Administration panel again, i believe that Microsoft -in the feature- will Include that in a templates just like Register and login forms.
I don't have much experience with ASP.NET and IIS -
But I created some simple web site and i put it on IIS server -
I want to make the access to be only for those users, who are know the access password.
How can I do it ?
You can easily do this with Forms Authentication in asp.net. Take a look at some information on the web about this.
http://msdn.microsoft.com/en-us/library/ff647070.aspx
http://www.codeproject.com/KB/aspnet/ASPDOTNETauthentication.aspx
http://msdn.microsoft.com/en-us/library/7t6b43z4.aspx
It is pretty easy to get this working, most of the work is in the web.config and it gives you a lot of control about what pages are secure and what pages are not.
I have the need to add Host Headers to an existing web site in IIS. I want to be able to add this host header via a Web page, ASPX page. Also, I want to able to create a new web site from file.
Sample code?
How to do I manage security issues, what issues should I be concerned about?
How many host headers can a single web site have?
I am using the ASP.Net membership provider on the site.
Server is running IIS7 and Windows 2008 Server.
WMI is the best way to create website from your pages, I have used it and had referred http://blogs.msdn.com/ramesh_r/archive/2004/03/24/95109.aspx link.
This is really a cool link to understand/ learn WMI programming.
You can download WMI code generator from http://www.microsoft.com/downloads/details.aspx?FamilyID=2cc30a64-ea15-4661-8da4-55bbc145c30e&displaylang=en
IIS 7 Has a managed code API which should allow you to do what you need.
Take a look at the API documentation from Microsoft, here: http://msdn.microsoft.com/en-gb/library/aa347649.aspx
This blog may be useful, too.
I am making this in a proactive attempt to head off any potential problems which could arise from this. The situation is that we are developing an ASP.NET application for a client which will handle the online ordering from their customers. This application is going to be using the same database that their current WinForms application uses (no real issue here).
At the same time we are developing a new front-end website for them using DotNetNuke. The DotNetNuke app will simply be linking to the ASP.NET application for the customers to submit their orders (no need for them to communicate back and forth, etc.)
The plan is to host both applications on the same box at the client location. What I am looking for are potential problems or setup tips which would prevent possible conflict between the two apps (web.config conflicts, etc.) Is there a problem with having both hosted on the same location, how should IIS be set up, etc.?
If there are any external resources also available which could address this, please feel free to link them as well.
Option 1: Make all the apps separate virtual directories off of the root website. Then have the root document redirect you to the proper subdirectory for the default application for that website(DNN).
Option 2: (DotNetNuke in root, other site in subdirectory) There will be many issues with web.config inheritance if the new application is not built with DotNetNuke, but you can get around these by blocking inheritance of the root web.config. Basically you add the following to your root web.config(DNN) file.
<location path="." inheritInChildApplications="false">
<system.web></system.web>
</location>
Option 3: As Scott said, create seperate sites with differnt subdomains and link them together. You can setup a redirect so whatever.com/order sends a user to order.whatever.com.
Just an FYI, if you use
inheritInChildApplications in DNN 4.7-4.9.2 (haven't verified 5.0) you will run into ScriptManager errors, previous versions of DNN don't have the problem.
We host a DNN site for our corporate site on the same Windows 2003 server with a bunch of other sites (.NET 2.0, SugarCRM, and even some WordPress instances with PHP extensions in IIS). These sites are 'separate' websites, and not subwebs of the default site. It's a real melting pot, and it works well. We did create some separate app pools for the PHP, .NET 2.0, and .NET 3.0/5 sites to ensure that they did not foul each other.
Does anyone know a web based editor for the web.config? I want to offer the possibility of changing and adding settings through a nice web interface.
Update: I am aware of the security issues but still i want to make it possible. The application is an internal app which is not available for outside. I configure authorization within web.config and want be able to administer the users who are able to access the app. Furthermore I have some app settings which i want to be updateable. E.g. mailserver, Connectionstring, etc..
I tend to agree with GregD on this point... Exposing the web.config is not a good idea at all. If you really want the user to be able to configure some settings, provide an interface for it, which allows the user to set the values as per requirement. Check out the built-in ASP.NET website administration tool if you need an example.
There is a good reason why the web.config is not readable from the internet. Don't do it.
Edited to add
What is it that you wish to accomplish by opening up the web.config? The web.config is where you store database connection strings, turn debug off/on, show error messages locally or remotely, etc., etc. Opening up your web.config to "editing" via a web interface, is really asking for someone to hack it, thus gaining full access to your application.
I agree you probably shouldn't do this.... but in going against the grain since we are all adults here...
It is possible to modify the web.config if your website is running in full trust mode. If you're hosted on GoDaddy for example then you are probably out of luck.
That being said you could leverage an admin page I wrote for BlogEngine which will allow you to edit any file you have granted the AppPool service permission to edit. You would probably want to remake this into a user control and then add it to a protected url address and/or folder.