User Account Security
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
View Replies
ADVERTISEMENT
I have copied a web based application to a new laptop having windows xp professional. Now in one of the folders where the database is physically located, I want to give IUSR_Computermachine rights so that the applcation allows to update and insert records.
However, when I am right clicking to find the security tab, it is missing. OTher tabl like general, sharing, web sharing and customize are all there.
View Replies
View Related
I am working on a commercial ASP web application which use MS Access 2000 as database.When configuring the database access,I got an error saying that this
database is a read-only database.
I checked the database property,it shows that this database is archive,not read only.I can directly make change on the database using Access, so, my guess is the problem is not really database related, am I right?
According to the instruction of the software, the database folder must have read and write permissions given to the "anonymous web user account", I have set the database folder to share and gave all permissions to "anonymous logon " and "every one", but the problem is still there. I am just wondering, what is the "anonymous web user account" in Windows 2000 server and IIS?
View Replies
View Related
I am using the FileSystemObject to look at the contents of a directory. The process has always worked. Recently in an attempt to increase our security, we removed full rights for everyone to files on the D:. Now I only get a blank page.
Does anyone know what USER ACCOUNT is being used to access the folder. My guess is I need to grant access to some account.
View Replies
View Related
I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
View Replies
View Related
I have created a New Users registration form for my database. The User enters there details such as email, account, name etc, and then clicks a Register button. This should send an e-mail to the User with a link for them to click to activate there account.
When i click on register however, i get a page not found message. When i try to diplay my Confirmation page, i get the error mention ed above.
View Replies
View Related
By using <authentication mode="Forms" > in web.config, we can create
self-designed login page, but how to check user's account and password is
vaild in another domain controller?
Does <authentication mode="Windows"> can have self-designed login page?
View Replies
View Related
how to create a user security and authentication. I mean in a form of logging in or registration automatically in to a database in access.
View Replies
View Related
I want to open the MS Access file with user-level Security. I know that if I do NOT setup user-level Security in the MS Access file, and create the table for login in the MS Access file (Put the MS Access file in the server), then it works.
I did that. But, I want to know whether or not we can use ASP code to open the MS Access (MS Access user-level Security setting). This way I can put the MS Access file in the public place.
Can we do it in ASP?
The following code cannot do that:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/try.mdb"
%>
View Replies
View Related
I want to decide what should be displayed dependent on what security groups (2k server) the user belongs to. I don't appear to be able to do it with frames.
View Replies
View Related
I am working on a document management system for a client. I am planning to
set up the system so that documents are protected, sort of.. A user has an
access level and based on that access level, a list of available documents
will display as an HTML page and the user can click a hyperlink to download
or view the selected document.
I am planning to handle this all through a SQL database and ASP..
What I would REALLY like to do, though, is protect a set of directories so
that a user could not just enter a URL and download a document without being
prompted for a username and password if he/she hasn't already logged in.
I have done something like this using AuthnetiX from Flicks Software, but
this current client is trying to create a solution "on the cheap", and so
I'd like to see if I can build the solution using the secuirty mechanisms
built into the O/S.
What I'm thinking is that I'll set up the directories and assign a group
access to each directory.. My question then is, can I add users to the
"Local Users and Groups" for Windows 2000 via ASP?
View Replies
View Related
How would I get a windows account name through ASP? Say I login with veamon, and the start menu says Bob Barker ...how would I get the Bob name...i can get the login name
View Replies
View Related
I'm looking for an ASP script or tutorial to lockout an account after 3 or 5 failed attempts. It should be the best way to prevent my login screen against the brute force attack.
View Replies
View Related
Does ASP only use the IUSR_<IIS Machine Name> to gain access to files
located on a LAN, or can another user account name and password be setup?
To create a file on another computer on the LAN in ASP using the
FileSystemObject requires permissions on that other computer. Using a DSN
for a ODBC driver requires permissions to SELECT records from a database
file on another computer on the LAN. Must I use the IUSR_ account only?
View Replies
View Related
I have an application that references a database on my hard drive, however I am unsure how to transfer the files to the server and keep the integrity of the database reference string.
The Current DB is located on C:
[CODE]
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:database.mdb;Persist Security Info=False"
CODE]
If you have any suggestions on where to place my database in my hosting account and the reference code for it.
View Replies
View Related
Using classic ASP I want to check if a username and password are correct
before passing the details on to an object (stocktake module) that uses
them to authenticate the object. The object defaults to a preset user if
the authentication fails and doesn't warn the user, so I wanted to do
the check manually before passing it to the object.
View Replies
View Related
I was asked by a client to make changes for their Outlook Web Access page where I need to validate Expiry Date of the Password and also the Password Length for the NT Account Policy. Initially I use javascript to do a static validation for the password expiry and password length. There request now include dynamic changes to the Javascript where if the password length is changed on the NT Account Policy, it will reflect on the client side script. Also they request for server side validation as an alternate just in case.
Can someone point me to the resources available for this. I am stuck on this one for quite a while now and no idea on how to proceed?
View Replies
View Related
I was just looking things over and I noticed a new account under my users. It's and ASPNET user, (account used for ASP.NET worker process....) I hadn't noticed it before.
What is is? What does it do? Should it be disabled? Should I make any changes? Have been out of the loop for a while, could someone bring me up to speed.
View Replies
View Related
I wrote this script which for now it works fine. The purpose of this code is to lock the account whenever a particular document comes to its expiration date. So, if I have a document that expired on 7/31/06, the it should lock the user's account once they'd logged in.
However, the problem I am having is that is locking everyone that has already an expired document. What I would like it for the code to check during the current month. If a document expired, say yesterday 8/9/06, lock the account, else let then user continue to access their account. Code:
View Replies
View Related
I have this page in which emails will be send simultaneously, one is to
send at the my-sites email while the other is on the users email. Problem is once the
email page is sent the my-sites email was also recorded in users email account and vise versa. Code:
View Replies
View Related
IIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check
anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
startup the app in Page_Load I have...
string samp =
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
View Replies
View Related
I have a typical internet web site that uses a VFP database on the back end which is accessed via ASP/ADO using the VFP OLEDB provider.
My ASP code for establishing a connection looked like this:
Set oConn = Server.CreateObject("ADODB.connection")
oConn.Open "Provider=vfpoledb;" & _
"Data Source=C:edsDATAedsdata.dbc;" & _
"Mode=ReadWrite|Share Deny None;" & _
"Collating Sequence=MACHINE;" & _
"Password=''"
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set rsUsers = Server.CreateObject("ADODB.Recordset")
It was working just fine. Then the need arrised to move the database off the web server box and onto a file server on the same domain. Code:
View Replies
View Related
We have a simple asp page that query LDAP attribrute. Everithing is working fine using a native domain account. but when using an external account we have an error 70, acces denie.
Here's some basic info on our structure.
- Domain/Forest A with Exchange
- Domain/Forest B with external accounts.
- Forest A Trus Forest B and "Vice Versa"
- asp page on a Exchange FrontEnd server on default web site (same as
Exchange)
- asp page is using basic authentification.
- Authentification work fine using native domain account or External
domain Account.
- Getting native Windows attributes work fine with External account
but the attributes starting with "ms-Exch" do not come out.(Exchange
Attribute). Code:
View Replies
View Related
I don't know if this is a unique problem, or I'm going about it the
wrong way. I currently connect to one of our SQL servers via a
priviliged account (by using RUNAS). Works with no problem. I now
need the ability to connect to the same SQL server using ASP. I have
the following connect string, but I'm not sure how to specify the
domain in the string, or is there some other way?
<%
Set demoConn = Server.CreateObject("ADODB.Connection")
demoPath="DRIVER={SQL Server};" & _
"SERVER=mysqlserver;UID=myusername;" & _
"PWD=mypassword#;DATABASE=qdb"
demoConn.open demoPath
%>
View Replies
View Related
How can I change the culture/region of the machines ASPNET Account??? In
code, I can set it for the threat manually by using
system.threading.thread.currentThread.currentUICul ture, but there must be a
way to do it global on the machine: Plesk allows to change this for the
machine which works fine, but how do I do it manually when no plesk is
available?
View Replies
View Related
Is it possible to use IIS 5.x software on WinXP/2K OS and VBScript to detect the logged in user account.
ie, we login with our firstname initial, last name (amartone) as well as the domain the computer resides in? My account is under ITU, so I am ITUamartone.
Can ASP detect this? I'm making an intranet app, and I'd rather validate users that way than have them log in over and over.
View Replies
View Related
I want to display something strictly if the value of pid = 4, except anything after this, for example index.asp?pid=4&nid=3.
Still the if statement continues to display I am sure because pid=4 still exists is there a method to be strict, for example not & ....
View Replies
View Related
I am trying to create a form where a user has to enter information such as username, password, last name, etc...
My current code is to look at the recordset to find any existing username, and if not found, it will add the new username.
At what part of the page do I validate the password so I can determine if the user enter the password correctly the second time (to determine the password was entered twice correctly)?
Here are my pseudo codes: ....
View Replies
View Related
I'm looking for some best practices when it comes time to allowing a user to create an account for our web app. For example, a potential customer of ours would fill out an application and then an email would be sent w/further instructions on how to activate and
login to their account. What's the best way to accomplish this? Should our system create a unique password for them (initially) and then require them to create their own? I need a solution that is secure with almost no chance of someone attempting to impersonate.
View Replies
View Related
How do you regenerate the ASP_NET login account? The password got changed which hosed everything. I can no longer see my web services and need to reset the ASP account. How do I do this?
View Replies
View Related
We have recently upgraded our web server. The web server is in a remote location and is being administered by a contract company. After the upgrade, one of the location of our database (access) has been asssigned the following rights:
Read and Write. There are two more permissions i.e. Read & Execute and List Folder Contents which were not given permssion. With this scenario, I cannot add or update records on a web application tied to this Access database. My Is the Read & Execute not essential in order for me to insert and update or even select record in the web application.
View Replies
View Related
ASPNET profile/account was accidentally deleted on NT/2000 platform. Is there anyway to get it back without reinstalling the whole exchange/IIS services?
View Replies
View Related
How do you create a form that can be forwarded to an email account. Could somebody please provide me a code.
View Replies
View Related