i have currently built a website with some administration. The user goes to a login page and put in there username/password. This then lets them access the admin stuff. Thats all ok. I then thought well instead of going to the login
www.blahblah.com/login.asp i would just type www.blahblah.com/adminarea.asp and low and behold i was in the admin are with no login required.
I'm not sure if ASP would be the right code to do this but I'm gonna ask anyway.
I'm trying to make an admin section...the thing is I make this site but I don't get online that often to update the news. One person offers to do this. He doesn't have a clue on how to use FTP. So I'm looking for something that I can let him log in(on a browser) to update this specific file(only news.html), don't want him to see anything else there.
I can connect to my schools webserver via VPN, and edit the webcontent. However, I cannot connect to the SQL server. Does anyone know of an ASP script I can use to admin the database remotely?
View Replies View RelatedThis is a small Web Application, this contains basic XML functions using ASP including a XML driven user authentication, adding new records, viewing records, editing and deleting records. Code:
View Replies View RelatedI want to call the redirect to the selected page depending on the username. It is comeing from a text file I would like for the login to automatically be written in to the = ("<%login%>") but this is worn.What i have below wokrs for only admin and anyone else who is not admin. Or I would like to be able to add a third and fourth. I don't mind hard coding the login if i have to.
if Request("login") = ("admin") then
Response.Redirect "main.asp?action=login"
else
Response.Redirect "client.asp?action=login"
end if
I have an access database on my website.Its tied in to an asp calendar page where people can click on a date and send me an email wanting to book that date. Could i sent a text message from my mobile to add a new date into my access database to book that date instead of having to go onto my admin section and add it in?what i trying to explain. Is this possible or impossible.
View Replies View Relatedanyone know where can i get good iis admin control panel for monitoring multiple sites?
View Replies View RelatedCan I use the Website Administration tool to manage users and roles for
multiple ASP.NET applications using a single, common ASPNETDB?
If so, what changes do I have to make to the web.config files for these
various applications to allow authentication from that single ASPNETDB.
I'd also like to be able to maintain the users/roles and application access
from the web server rather than from my development computer. Right now it
seems like I have to make changes to user/roles in each web app and then
transfer the database and code over to the server, just to add a new user.
And each app seems to have it's own ASPNETDB which defeats the goal of a
single point of administration for the server.
I managed to find the problem with my script thanks to jmurray's help. However I am now left with a confusing puzzle and I cannot any information about a workaround.
The error I now get is:
Cannot modify or delete an object that was added using the COM+ Admin SDK
I know now the reason for this is because I changed the 'from' email address in my script. If I put it as 'service@safetouch.com' it works fine. If I change the address to ANYTHING else, I get the above error. Is this something that can be corrected through scripting? If not, any ideas where I should be looking?
I would like to create the facility for admins on my site to be able to edit certain html pages on there site. Is this possible and if so does anyone know of any good urls discussing this matter ?
View Replies View RelatedI'm a Win2000 professional user - sP 4. I can't delete some folders in
e:inetpubwwwroot....
I've created them by FrontPage2000 SR1. I enter Windows as Administrator, then I should be able to create /delete all objects. On the contrary, each time I attempt to erase the assigned folder Windows warns me so:
"Access is denied. The source file may be in use."
I have to come up with an admin cntrol panel so the staff can change ,update there website as needed. I would like to use asp to create the admin panelor if you guys can tell me of a better way like using php or somthing.
How would I go about letting them update/change the text. Do I have the site load it
from a database like access or sql or ? Remeber it should be user freidly no html coding just type and upload.
I have an ASP page that uses a COM componenemt on a Win2000 server. The same server contains my SQL Server 2000, which the COM object is querying on. I use a constant login/password to login into the SQL Server, so it shouldn't matter which domain user is using the page.
It works fine for every user -=that is defined in the Win2000 computer Admins list=- , it doesn't work at all for users that are not (Connection ailure)....
I am not sure why, since how I see it, it shouldn't matter to the SQL Server which user is trying to login (since I use the same constant user/password for all of them...).
It might be either an IIS or SQL Server problem (or maybe even Win2000 related), Anyone ever encountered such an issue
I have iis, .net and MSDE installed on my machine, I have also installed "web data admin" but i cant log into it. The green blinking arrow for the server is in the bottom of my window so it appears that MSDE is ok.I am entering the following info at the w.d.a login screen
usrnm: sa
pwd: mypassword
server: production
etsdk
however i get this message returned:
Invalid username and/or password, or server does not exist.
Also, please ensure that SQL Server Authentication is enabled on the server.I dont know What have i done wrong/ missed.
for the admin table and page layout, is it compulsory for the key field to have a primary key? or it's not necessary becoz of it is only plan to link up to the combo box in the pages for the end users?
View Replies View Relatedif there is an application,I can change the default session timeout property via IIS Administration? If so, how does one do it.
View Replies View RelatedI've just installed web data Administrator and did everything instructed from the book, but when I opened the browser and typed http://localhost/SqlWebAdmin I get a web page but no input fields or place to type in the password. I'm running xp pro, IIS is running, MSDE is also running and I have SqlWebAdmin folder in the C:Inetpubwwwroot folder.
View Replies View RelatedHow to change my Admin password and login for my website I just have the FTP acess and I would like to change my Admin user id and password can you guide me ?
View Replies View RelatedIn our project, we have a situation where the administrator needs to 'force log off' a particular user under certain conditions. In other words, the admin user needs to have the ability to kill any other user's session.
Is this possible? By using the session properties, we can kill the current session (the current user's session) but is it possible (for the admin user) to kill some other user's session?
I've created an admin side for my ASP site and I use session vars to provide
page security.
Just as a bit of advice, I want to know if I should expire each admin page
so that others can't bring them up. I know the session var check will
bounce them back to the login page, but I'd rather they didn't even see this
page if they aren't authorised.
I am writing admin functions for my sites. Is it safe to put the admin username and password within the asp file?
View Replies View RelatedWhen making an admin area i have always just allowed 'delete the user', but is it possible to deactivate and reactivate a username and password.
I can picture it in my noggin. when viewing all the users there is the ability to check a box selecting deactive or reactivate depending on the state of the username at the time.
What do you think, is it more hassle than its worth to allow this?
I am trying to build a site for a group which already has a hosting company.
I would like to try to find out which objects are available for use to me.
I do not have admin access to the NT box. Obviously I have permissions in
my area of the server.
I know I can test for specific objects but I'd like to know what is
available, not just what I can test against. Is this even possible? Code:
I have a problem with adding and deleting the categories that a product is added to within a shopping cart administration system. My tables are designed as follows:
Table: Products
Uid: autonumber
Name: text
etc
Table: ProductCategory
Uid: autonumber
ProductID: number
CategoryID: number
Table: Category
Uid: number
Name: text
Etc
When I add a product to the database I also add the same product to different categories i.e. I insert product info into Products and the product unique ID into the ProductCatgory table, which links to the Category table. The ProductCatgory is the table that links both the Products and the Category table together when I construct queries. This all works fine and I am able to add a product to multiple categories and then display the categories/product accordingly in the actual shopping cart. Code:
I have set up Index Server in IIS to search my intranet. I've installed the Adobe PDF filter so that words from PDF files are included.
I can get results from PDFs when querying the catalogue in the Windows console. However, I have tried various ASP Search pages and they all ignore PDF files from a browser (even though the scripts include the pdf extension).
I now have a login page for user authentication.
But I am kind of paranoid about security.
Is it enough just to have that to secure my site?
How do hackers do "sniffing"?
And how to prevent that?
If there is any GOOD website security tutorial, I would love to read it.
IIS can handle security on its own without the need for complex scripting and i like the idea of being able to just let the system do it however im not sure how to set such things up and would that mean that if you used something like integrated windows authentication that security is delt with by windows and its users info rather than getting the info from a database of my choosing ?
the whole concept is quite confusing to me but there must be a simple ish way to set up at least some form of secure site area within my web.
I am starting to learn asp and I have IIS installed on my WIN xp pro machine. Do I have to worry about security for any reason at all. I don't believe I have file sharing on at all, then again, I don't know if that has anything to do with this.
How do I run security through all of the pages? The users log in, an asp checks their password, then what do I do to secure the pages from users that do not enter the password?
View Replies View RelatedDeveloped a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Does anyone know how to implement one way hashing or encryption using ASP 3.0 and no additional components.
I need to secure a intranet application which is being moved online, currently the passwords are stored in plain text, ideally id like to hash the passwords in the database and hash the form data when testing, but I don't seem to be able to find any hashing methods for standard ASP, perhaps someone has a nice code snippet for hashing.
is there a way to login to a particular security group from asp?I use IP addresses and email addresses to identify web users and most have general IWAM_COMPUTERNAME access.
Once web users login is there a way to give SOME of them access to a NT security group based on stored NT user/password information?
I am working on a new feature on my website where people can write their own HTML files. They are actaully going to have .ASP extensions, and are hosted on my webserver. So, what security issues can you suggest? So far all I have got is disabling '<% %>' tags. Anything else?
View Replies View Related