I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
View RepliesIIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check
anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
startup the app in Page_Load I have...
string samp =
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
I have several website that use asp pages and backend databases running on my win2000 server. I removed everyone from the permissions on all of my Hard drives and added the annonymous user to the winnt folder and the wwwroot folder and all of the folders within these directories. Now my sites that just run straight html work fine but my sites with .asp pages are having problems.
However if I add the Domain Administrator account as the annonymous user to the site it will work. Then I have reverted back to the I_USR account and the site still works until the server has to be rebooted. At this point the site won't work until I add and then remove the admin user as the annonymous user to the site.
I am working on a commercial ASP web application which use MS Access 2000 as database.When configuring the database access,I got an error saying that this
database is a read-only database.
I checked the database property,it shows that this database is archive,not read only.I can directly make change on the database using Access, so, my guess is the problem is not really database related, am I right?
According to the instruction of the software, the database folder must have read and write permissions given to the "anonymous web user account", I have set the database folder to share and gave all permissions to "anonymous logon " and "every one", but the problem is still there. I am just wondering, what is the "anonymous web user account" in Windows 2000 server and IIS?
I am using the FileSystemObject to look at the contents of a directory. The process has always worked. Recently in an attempt to increase our security, we removed full rights for everyone to files on the D:. Now I only get a blank page.
Does anyone know what USER ACCOUNT is being used to access the folder. My guess is I need to grant access to some account.
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
I have created a New Users registration form for my database. The User enters there details such as email, account, name etc, and then clicks a Register button. This should send an e-mail to the User with a link for them to click to activate there account.
When i click on register however, i get a page not found message. When i try to diplay my Confirmation page, i get the error mention ed above.
By using <authentication mode="Forms" > in web.config, we can create
self-designed login page, but how to check user's account and password is
vaild in another domain controller?
Does <authentication mode="Windows"> can have self-designed login page?
One of our webdev guys is having trouble with IIS set up on his system, particularly with anonymous authentication. On all of his web instances, he can get to non-asp pages but all asp pages return 401.3. when using HTTP/1.0 or a proxy server. It doesn't seem to be at all related to the file system, because a test file has wide-open access. And it only happens with script pages; html or other files can be retrieved
The anonymous user is the one the iis install generated, and the "IIS controls the account password" box is checked. Everything looks like it's set up properly and the same way it is on other systems. There are no authentication errors in his system's event log. So what is asp.dll not liking.
I have what I think is a simple question but I am finding nothing but
complicated answers.I have a web site running on IIS6. One directory used to use an
alternate account as the anonymous user (not the IUSR_ServerName
account) to connect to a database, etc. Now the pages in that
directory no longer do anything special and I just want to start using
the default IUSR_ServerName account again. I put that account back in,
but what do I put in as the password? I am reading all about security
improvements, network service vs. local system, unprivileged vs.
priveleged, etc. I realize there is no longer a "Let IIS control
password for anonymous account" option, but all I want to know is, HOW
DO YOU GET IT BACK TO THE DEFAULT
I have a server that hosts a few intranet sites. The one that all my coworkers have their Home Page set for causes their browser to authenticate, which is all good.
The one i'm working on now requires Anonymous Access in order to work, but the authentication from the first one is carrying over to the other. Can I use WWW-Authenticate to force anonymous access isntead of using it to force NTLM, Basic, etc?
I'm creating a simple email form with just a text area field and a submit button. I want it to send to my mailbox. I want the senders email address to be anonymous. I don't know any server side scripting, so I'm hoping somebody can tell me how to build the .asp page to send the email. Code:
View Replies View RelatedA freshly installed IIS on my Windows XP SP2 does not allow anonymous
acces to the default ASP file (localstart.asp). I just used default
configuration for installation, which enables anonymous access. But
when I load http://localhost I just get a login box. A simple
index.html placed manually for debugging purpose loads without login
prompt.
I am testing the same thing on a Windows XP (w/o SP2). ASP works for
anonymous access like a charm.
How can I create new folders on the server, via ASP programming, which automatically allows by any user:
1. Files to be browsed
2. Anonymous upload to this directory
3. Allow uploaded files to over-write the existing file
I use the following ASP codes to create new folders, but all above options are off and I cannot e.g., upload (via ASP programming) to upload a file in the new directory because the option is off.
Set fs = CreateObject("Scripting.FileSystemObject")
set b = fs.CreateFolder(newFolder)
I'm going to make a database of rude words, that i do not want users to name themselves when they use my scoreboard. I need my asp to scan their string and if a word from the database appears replace the entire string with anonymous.
I have some code which was designed to astrisk out all but the first and last letter of any appearing rude word
eg: d**n this b****y game
or godd**nit
i have changed this to just replace each word to anonymous, but cant get it to the stage above, can any one help? My code so far is below. Code:
How would I get a windows account name through ASP? Say I login with veamon, and the start menu says Bob Barker ...how would I get the Bob name...i can get the login name
View Replies View RelatedI'm looking for an ASP script or tutorial to lockout an account after 3 or 5 failed attempts. It should be the best way to prevent my login screen against the brute force attack.
View Replies View RelatedDoes ASP only use the IUSR_<IIS Machine Name> to gain access to files
located on a LAN, or can another user account name and password be setup?
To create a file on another computer on the LAN in ASP using the
FileSystemObject requires permissions on that other computer. Using a DSN
for a ODBC driver requires permissions to SELECT records from a database
file on another computer on the LAN. Must I use the IUSR_ account only?
I have an application that references a database on my hard drive, however I am unsure how to transfer the files to the server and keep the integrity of the database reference string.
The Current DB is located on C:
[CODE]
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:database.mdb;Persist Security Info=False"
CODE]
If you have any suggestions on where to place my database in my hosting account and the reference code for it.
Using classic ASP I want to check if a username and password are correct
before passing the details on to an object (stocktake module) that uses
them to authenticate the object. The object defaults to a preset user if
the authentication fails and doesn't warn the user, so I wanted to do
the check manually before passing it to the object.
I was asked by a client to make changes for their Outlook Web Access page where I need to validate Expiry Date of the Password and also the Password Length for the NT Account Policy. Initially I use javascript to do a static validation for the password expiry and password length. There request now include dynamic changes to the Javascript where if the password length is changed on the NT Account Policy, it will reflect on the client side script. Also they request for server side validation as an alternate just in case.
Can someone point me to the resources available for this. I am stuck on this one for quite a while now and no idea on how to proceed?
I was just looking things over and I noticed a new account under my users. It's and ASPNET user, (account used for ASP.NET worker process....) I hadn't noticed it before.
What is is? What does it do? Should it be disabled? Should I make any changes? Have been out of the loop for a while, could someone bring me up to speed.
I wrote this script which for now it works fine. The purpose of this code is to lock the account whenever a particular document comes to its expiration date. So, if I have a document that expired on 7/31/06, the it should lock the user's account once they'd logged in.
However, the problem I am having is that is locking everyone that has already an expired document. What I would like it for the code to check during the current month. If a document expired, say yesterday 8/9/06, lock the account, else let then user continue to access their account. Code:
I have this page in which emails will be send simultaneously, one is to
send at the my-sites email while the other is on the users email. Problem is once the
email page is sent the my-sites email was also recorded in users email account and vise versa. Code:
I have a typical internet web site that uses a VFP database on the back end which is accessed via ASP/ADO using the VFP OLEDB provider.
My ASP code for establishing a connection looked like this:
Set oConn = Server.CreateObject("ADODB.connection")
oConn.Open "Provider=vfpoledb;" & _
"Data Source=C:edsDATAedsdata.dbc;" & _
"Mode=ReadWrite|Share Deny None;" & _
"Collating Sequence=MACHINE;" & _
"Password=''"
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set rsUsers = Server.CreateObject("ADODB.Recordset")
It was working just fine. Then the need arrised to move the database off the web server box and onto a file server on the same domain. Code:
We have a simple asp page that query LDAP attribrute. Everithing is working fine using a native domain account. but when using an external account we have an error 70, acces denie.
Here's some basic info on our structure.
- Domain/Forest A with Exchange
- Domain/Forest B with external accounts.
- Forest A Trus Forest B and "Vice Versa"
- asp page on a Exchange FrontEnd server on default web site (same as
Exchange)
- asp page is using basic authentification.
- Authentification work fine using native domain account or External
domain Account.
- Getting native Windows attributes work fine with External account
but the attributes starting with "ms-Exch" do not come out.(Exchange
Attribute). Code:
I don't know if this is a unique problem, or I'm going about it the
wrong way. I currently connect to one of our SQL servers via a
priviliged account (by using RUNAS). Works with no problem. I now
need the ability to connect to the same SQL server using ASP. I have
the following connect string, but I'm not sure how to specify the
domain in the string, or is there some other way?
<%
Set demoConn = Server.CreateObject("ADODB.Connection")
demoPath="DRIVER={SQL Server};" & _
"SERVER=mysqlserver;UID=myusername;" & _
"PWD=mypassword#;DATABASE=qdb"
demoConn.open demoPath
%>
How can I change the culture/region of the machines ASPNET Account??? In
code, I can set it for the threat manually by using
system.threading.thread.currentThread.currentUICul ture, but there must be a
way to do it global on the machine: Plesk allows to change this for the
machine which works fine, but how do I do it manually when no plesk is
available?
Is it possible to use IIS 5.x software on WinXP/2K OS and VBScript to detect the logged in user account.
ie, we login with our firstname initial, last name (amartone) as well as the domain the computer resides in? My account is under ITU, so I am ITUamartone.
Can ASP detect this? I'm making an intranet app, and I'd rather validate users that way than have them log in over and over.
I want to display something strictly if the value of pid = 4, except anything after this, for example index.asp?pid=4&nid=3.
Still the if statement continues to display I am sure because pid=4 still exists is there a method to be strict, for example not & ....
I am trying to create a form where a user has to enter information such as username, password, last name, etc...
My current code is to look at the recordset to find any existing username, and if not found, it will add the new username.
At what part of the page do I validate the password so I can determine if the user enter the password correctly the second time (to determine the password was entered twice correctly)?
Here are my pseudo codes: ....
I'm looking for some best practices when it comes time to allowing a user to create an account for our web app. For example, a potential customer of ours would fill out an application and then an email would be sent w/further instructions on how to activate and
login to their account. What's the best way to accomplish this? Should our system create a unique password for them (initially) and then require them to create their own? I need a solution that is secure with almost no chance of someone attempting to impersonate.
How do you regenerate the ASP_NET login account? The password got changed which hosed everything. I can no longer see my web services and need to reset the ASP account. How do I do this?
View Replies View Related