Directory Security Via ASP / Or Adding User To Win2000 Users
I am working on a document management system for a client. I am planning to
set up the system so that documents are protected, sort of.. A user has an
access level and based on that access level, a list of available documents
will display as an HTML page and the user can click a hyperlink to download
or view the selected document.
I am planning to handle this all through a SQL database and ASP..
What I would REALLY like to do, though, is protect a set of directories so
that a user could not just enter a URL and download a document without being
prompted for a username and password if he/she hasn't already logged in.
I have done something like this using AuthnetiX from Flicks Software, but
this current client is trying to create a solution "on the cheap", and so
I'd like to see if I can build the solution using the secuirty mechanisms
built into the O/S.
What I'm thinking is that I'll set up the directories and assign a group
access to each directory.. My question then is, can I add users to the
"Local Users and Groups" for Windows 2000 via ASP?
View Replies
ADVERTISEMENT
I am writing a web application to get System user name. By reading the previous post, it seems that this method works
<%@ Language=VBScript %>
<%
Dim user, pword
user = Request.ServerVariables("AUTH_USER")
Response.Write user
%>
but I want to ask is it only work at WINNT? How about WIN2000 Server, I can get nothing when use this statement on WIN2000 Server.
Besides, If I want to use Jsp, is there any methods to achieve the same thing?
View Replies
View Related
I would like to use ASP in a web page to modify the "Directory Security" settings of IIS. In Directory Security under "IP Address and Domain Name Restrictions" you have the ability to add an IP address of someone to ban from the web server. Does any ASP code exist to actually add a number into that field from the ASP automatically?
This would allow the perfect honeypot web page situation.
View Replies
View Related
I am trying to run a script that will add users to a database so they can register with the site. ive got it working so that the users are added however i am trying to prevent people from registering the same username or email address and this is not working.
the script firstly checks that the user has filled out all the fields in the form from the previous page then the script is supposed to check the database for the username and email then adds the user if it is all ok however if the fields have all been filled out it simply adds the users anyway. here is one of the check scripts i am using VBscript and an access database .....
View Replies
View Related
I am trying to prevent users from submitting HTML pages from their local machine to our website and I was wondering what the best way of doing this was.
I was thinking about using the HTTP_REFERER server variable (to check where the user has submitted a page from) as a blanket fix however when you use the javascript document.location on a page the HTTP_REFERER is always blank, which makes that a flawed fix.
I have seen other sites protect against this, so I know it can be done. Whats the best way.
View Replies
View Related
Could someone tell me how I can get all users within a certain group from AD using classic ASP?
View Replies
View Related
I was wondering whether if it was possible to insert users into active directory using ASP and then also viewing those users as well. Also, how would I implement such tasks in the most secure way?
View Replies
View Related
Does anyone have a script ASP 3.0 that will return the email address and display name for the current user in Active Directory.
Not be using Anonymous access and will be using Integrated Windows Authentication.
View Replies
View Related
how to create a user security and authentication. I mean in a form of logging in or registration automatically in to a database in access.
View Replies
View Related
I want to open the MS Access file with user-level Security. I know that if I do NOT setup user-level Security in the MS Access file, and create the table for login in the MS Access file (Put the MS Access file in the server), then it works.
I did that. But, I want to know whether or not we can use ASP code to open the MS Access (MS Access user-level Security setting). This way I can put the MS Access file in the public place.
Can we do it in ASP?
The following code cannot do that:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/try.mdb"
%>
View Replies
View Related
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
View Replies
View Related
I want to decide what should be displayed dependent on what security groups (2k server) the user belongs to. I don't appear to be able to do it with frames.
View Replies
View Related
How can I add a new user on my server using ASP?
User example: myserver/user1
View Replies
View Related
I have a user based service where each user has their own information, user settings, etc. I want to be able to add tables in my user settings and allow the users to enter in their IM Service (AIM, Yahoo, MSN, etc) and their screen name/user name.
That is the easy part.
What I do not understand or cannot figure out is how to link this information to the icons for each service they enter that will open up the appropriate service with their correct IM name, etc.
Basically I want to provide a way for my members to IM another member when they pull up that users information, or associated information, etc. Basically I need the script to make the Icon execute the correct IM service if the user clicking on it has the service installed as well. The majority of my members use AIM.
Where can I find information on how to install this kind of script and associate it with the users information and an icon?
View Replies
View Related
I need to get the current logon (to AD) user name on ASP level. Is there any ActiveX (ocx,dll) object in windows directory, which I can use? I used the nwdir.dll file to get this name from novell directory with ndap....
View Replies
View Related
I have a question concerning ASP classic. I'm trying to add an existing user in active directory to an AD group using a web-based form. Using regular code to do this, I get a general access denied error, upon which further research told me I needed admin rights in order to accomplish the task.
I vaguely remember an ASP project I worked on in the past where the script itself authenticated to active directory before requesting information. Is it possible to authenticate to AD (as in, authenticating with my username/password which has access to add users to this specific AD group), then continue with the commands that way? I've resurrected a bit of code from that prior project, and attempted to mix the two together: Code:
View Replies
View Related
I'm working on a logon script that needs to query AD for the current user's information. Phone numbers, email address, etc. One thing that makes it a little bit more difficult is that I don't have the full dn for the user; I only have the base dc and cn.
Microsoft's documentation on all of this is lacking greatly, so I've been racking my brains quite a bit.
View Replies
View Related
My win 2000 server is connected with MS SQL server 2000
There are around 10 applications on this server. Some webpage will be
refereshed itself within 20 seconds to retrieve update data in sql server
This server run 2 years till now.
Recently we face the problems. When refershing the page, it show 503 and 504
error sometimes
View Replies
View Related
I have the following codes working fine on one PC running Win2000 Server, but fails on another PC running WinXP. When I check the system log, it tells me the problem is on line 8, that is :-
cnn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:DevelopmentFamilyTestingElouiseAccess oryProductList.mdb;"
Is there any difference between Win2000 Server and WinXP? Code:
View Replies
View Related
I got a new server with Windows 2003 on. I moved a site that works fine from a Windows 2000 server. On many pages i get a convertion like this:
|Microsoft VBScript runtime error '800a000d'
|Type mismatch
|
|/test/test.asp, line 3
|
This is the code that i run to get the error:
|<%
| a = 1
| if a = 1 then response.write("a = 1")
|%>
|
It does work if i add "if cint(a) = 1 then...." but is it a way to make IIS6/ASP don't check the code so critical?
View Replies
View Related
I want to be able to log in a database any transactions my users perform. For example logging in, requesting a page, downloading a resource, logging out etc.
What is the most practical way to code this? I was thinking of trying to use an include file which would have a function to add a log in the database for each page on the site or when a particular action is performed.
View Replies
View Related
I have written a script to update user information in the Active Directory using ADSI. Here is part of it:
Set User = GetObject("LDAP://<GUID=" & GUID & ">")
User.Department = DepartmentName
User.SetInfo
Set User = Nothing
This works fine unless DepartmentName is an empty string ("").
Then I get error 0x8007200B: "The attribute syntax specified to the directory service is invalid."
This happens with all the attributes I have tried, including TelephoneNumber
.
Do I need to delete the value of the attribute instead of setting it to an empty string? If so, how do I do it?
View Replies
View Related
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM
to manage account users - the site has a page that allows people to create an
account (much like any site). The page populates the AD with all the
information and the user account but I am unable to enable the account.
Microsoft has information on how to do that here -->
http://msdn.microsoft.com/library/d...ting_a_user.asp
(the sample is for Visual Basic) - and I am unable to complete the bottom
portion of the script. Can some one point me in the right direction - or can
you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones
(System.DirectoryServices) but it is rather confusing - I seem to accomplish
one thing with one and another with the other (they did have trouble
co-existing however). Anyway my script works very well but I am not able to
access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
View Replies
View Related
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
View Replies
View Related
I now have a login page for user authentication.
But I am kind of paranoid about security.
Is it enough just to have that to secure my site?
How do hackers do "sniffing"?
And how to prevent that?
If there is any GOOD website security tutorial, I would love to read it.
View Replies
View Related
IIS can handle security on its own without the need for complex scripting and i like the idea of being able to just let the system do it however im not sure how to set such things up and would that mean that if you used something like integrated windows authentication that security is delt with by windows and its users info rather than getting the info from a database of my choosing ?
the whole concept is quite confusing to me but there must be a simple ish way to set up at least some form of secure site area within my web.
View Replies
View Related
I am starting to learn asp and I have IIS installed on my WIN xp pro machine. Do I have to worry about security for any reason at all. I don't believe I have file sharing on at all, then again, I don't know if that has anything to do with this.
View Replies
View Related
How do I run security through all of the pages? The users log in, an asp checks their password, then what do I do to secure the pages from users that do not enter the password?
View Replies
View Related
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
View Replies
View Related
Does anyone know how to implement one way hashing or encryption using ASP 3.0 and no additional components.
I need to secure a intranet application which is being moved online, currently the passwords are stored in plain text, ideally id like to hash the passwords in the database and hash the form data when testing, but I don't seem to be able to find any hashing methods for standard ASP, perhaps someone has a nice code snippet for hashing.
View Replies
View Related
is there a way to login to a particular security group from asp?I use IP addresses and email addresses to identify web users and most have general IWAM_COMPUTERNAME access.
Once web users login is there a way to give SOME of them access to a NT security group based on stored NT user/password information?
View Replies
View Related
I am working on a new feature on my website where people can write their own HTML files. They are actaully going to have .ASP extensions, and are hosted on my webserver. So, what security issues can you suggest? So far all I have got is disabling '<% %>' tags. Anything else?
View Replies
View Related
I'm developing a local intranet site. i'm just new in ASP, could anyone help me how to put security?i have username and password but i want the site not to go back on the previous pages after logging off.
I'm using macromedia dreamweaver and VBscript, i have a database using MS Access.
View Replies
View Related