I have copied a web based application to a new laptop having windows xp professional. Now in one of the folders where the database is physically located, I want to give IUSR_Computermachine rights so that the applcation allows to update and insert records.
However, when I am right clicking to find the security tab, it is missing. OTher tabl like general, sharing, web sharing and customize are all there.
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
I'm writing a script to do a simple directory listing and parse, and that is all working fine. However I run into a problem when I try to create a text file to write it into.
Specifically:
Microsoft VBScript runtime error '800a0046'
Permission denied
(PATH)/indexer.asp, line 15
Where line 15 is the line where I'm trying to create the text file.
This is probably because the IUSR_ account permissions aren't set to allow writing. I'm also running this on a server where I do not have the rights needed to change the However, I do have an account with full permissions that I use for accessing the website from Frontpage.Is there a way I can use my other account to run the script, or at least that part of it?
Is there any other way to write files to a directory than allowing the
IUSR write access. We have a website that will be writing XML files and
Label files to a directory outside of our website directory but I am
hesitant to give the generic IUSR account write access to anything and
wondered if we could asign a different account or if there was some
sort of ASP script we could use. These files will be created based on a
received XML string (used for label generation) then saved to the
server for archiving and/or recreation of the labels.
Hi iam using proxy in my system and when i tried to access the remote url thorugh xml object in asp iam getting the following error. the error is: the system cannot locate the resource specified. the same code is working when i remove the proxy.
View Replies View RelatedI have been given a asp legacy application, on each code file they have included some files which are located in the web directory they are,
<!-- #include virtual="/dss/includes/header.inc"-->
<!-- #include virtual="/dss/includes/classes/user.inc"-->
<!-- #include virtual="/dss/includes/classes/menulist.inc"-->
But i tried to find these files in the directory and couldn't locate them (tried searching them too, no result). My application runs perfectly fine,
Any idea how this thing works and where the files actually located.
I try to use ASP call to call a batch file and print report to the server's printer. But error message displayed to point out that ASP cannot locate printer in Server.How to do?
View Replies View RelatedI am running the following code and I get an error:
Set xmlHttp = Server.CreateObject("MSXML2.XMLHTTP.3.0")
xmlHttp.Open "Get", URLToRSS, false
xmlHttp.Send
RSSXML = xmlHttp.ResponseText
The error is:
msxml3.dll error '800c0005'
The system cannot locate the resource specified.
It points to the "xmlHttp.Send" statement.
This code runs perfectly on my old ISP's server but not on my GoDaddy server.
How would I get a windows account name through ASP? Say I login with veamon, and the start menu says Bob Barker ...how would I get the Bob name...i can get the login name
View Replies View RelatedI'm looking for an ASP script or tutorial to lockout an account after 3 or 5 failed attempts. It should be the best way to prevent my login screen against the brute force attack.
View Replies View RelatedDoes ASP only use the IUSR_<IIS Machine Name> to gain access to files
located on a LAN, or can another user account name and password be setup?
To create a file on another computer on the LAN in ASP using the
FileSystemObject requires permissions on that other computer. Using a DSN
for a ODBC driver requires permissions to SELECT records from a database
file on another computer on the LAN. Must I use the IUSR_ account only?
I have an application that references a database on my hard drive, however I am unsure how to transfer the files to the server and keep the integrity of the database reference string.
The Current DB is located on C:
[CODE]
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:database.mdb;Persist Security Info=False"
CODE]
If you have any suggestions on where to place my database in my hosting account and the reference code for it.
Using classic ASP I want to check if a username and password are correct
before passing the details on to an object (stocktake module) that uses
them to authenticate the object. The object defaults to a preset user if
the authentication fails and doesn't warn the user, so I wanted to do
the check manually before passing it to the object.
I was asked by a client to make changes for their Outlook Web Access page where I need to validate Expiry Date of the Password and also the Password Length for the NT Account Policy. Initially I use javascript to do a static validation for the password expiry and password length. There request now include dynamic changes to the Javascript where if the password length is changed on the NT Account Policy, it will reflect on the client side script. Also they request for server side validation as an alternate just in case.
Can someone point me to the resources available for this. I am stuck on this one for quite a while now and no idea on how to proceed?
I am working on a commercial ASP web application which use MS Access 2000 as database.When configuring the database access,I got an error saying that this
database is a read-only database.
I checked the database property,it shows that this database is archive,not read only.I can directly make change on the database using Access, so, my guess is the problem is not really database related, am I right?
According to the instruction of the software, the database folder must have read and write permissions given to the "anonymous web user account", I have set the database folder to share and gave all permissions to "anonymous logon " and "every one", but the problem is still there. I am just wondering, what is the "anonymous web user account" in Windows 2000 server and IIS?
I was just looking things over and I noticed a new account under my users. It's and ASPNET user, (account used for ASP.NET worker process....) I hadn't noticed it before.
What is is? What does it do? Should it be disabled? Should I make any changes? Have been out of the loop for a while, could someone bring me up to speed.
I wrote this script which for now it works fine. The purpose of this code is to lock the account whenever a particular document comes to its expiration date. So, if I have a document that expired on 7/31/06, the it should lock the user's account once they'd logged in.
However, the problem I am having is that is locking everyone that has already an expired document. What I would like it for the code to check during the current month. If a document expired, say yesterday 8/9/06, lock the account, else let then user continue to access their account. Code:
I have this page in which emails will be send simultaneously, one is to
send at the my-sites email while the other is on the users email. Problem is once the
email page is sent the my-sites email was also recorded in users email account and vise versa. Code:
I am using the FileSystemObject to look at the contents of a directory. The process has always worked. Recently in an attempt to increase our security, we removed full rights for everyone to files on the D:. Now I only get a blank page.
Does anyone know what USER ACCOUNT is being used to access the folder. My guess is I need to grant access to some account.
I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
View Replies View RelatedIIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check
anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
startup the app in Page_Load I have...
string samp =
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
I have a typical internet web site that uses a VFP database on the back end which is accessed via ASP/ADO using the VFP OLEDB provider.
My ASP code for establishing a connection looked like this:
Set oConn = Server.CreateObject("ADODB.connection")
oConn.Open "Provider=vfpoledb;" & _
"Data Source=C:edsDATAedsdata.dbc;" & _
"Mode=ReadWrite|Share Deny None;" & _
"Collating Sequence=MACHINE;" & _
"Password=''"
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set rsUsers = Server.CreateObject("ADODB.Recordset")
It was working just fine. Then the need arrised to move the database off the web server box and onto a file server on the same domain. Code:
We have a simple asp page that query LDAP attribrute. Everithing is working fine using a native domain account. but when using an external account we have an error 70, acces denie.
Here's some basic info on our structure.
- Domain/Forest A with Exchange
- Domain/Forest B with external accounts.
- Forest A Trus Forest B and "Vice Versa"
- asp page on a Exchange FrontEnd server on default web site (same as
Exchange)
- asp page is using basic authentification.
- Authentification work fine using native domain account or External
domain Account.
- Getting native Windows attributes work fine with External account
but the attributes starting with "ms-Exch" do not come out.(Exchange
Attribute). Code:
I don't know if this is a unique problem, or I'm going about it the
wrong way. I currently connect to one of our SQL servers via a
priviliged account (by using RUNAS). Works with no problem. I now
need the ability to connect to the same SQL server using ASP. I have
the following connect string, but I'm not sure how to specify the
domain in the string, or is there some other way?
<%
Set demoConn = Server.CreateObject("ADODB.Connection")
demoPath="DRIVER={SQL Server};" & _
"SERVER=mysqlserver;UID=myusername;" & _
"PWD=mypassword#;DATABASE=qdb"
demoConn.open demoPath
%>
How can I change the culture/region of the machines ASPNET Account??? In
code, I can set it for the threat manually by using
system.threading.thread.currentThread.currentUICul ture, but there must be a
way to do it global on the machine: Plesk allows to change this for the
machine which works fine, but how do I do it manually when no plesk is
available?
Is it possible to use IIS 5.x software on WinXP/2K OS and VBScript to detect the logged in user account.
ie, we login with our firstname initial, last name (amartone) as well as the domain the computer resides in? My account is under ITU, so I am ITUamartone.
Can ASP detect this? I'm making an intranet app, and I'd rather validate users that way than have them log in over and over.
I want to display something strictly if the value of pid = 4, except anything after this, for example index.asp?pid=4&nid=3.
Still the if statement continues to display I am sure because pid=4 still exists is there a method to be strict, for example not & ....
I am trying to create a form where a user has to enter information such as username, password, last name, etc...
My current code is to look at the recordset to find any existing username, and if not found, it will add the new username.
At what part of the page do I validate the password so I can determine if the user enter the password correctly the second time (to determine the password was entered twice correctly)?
Here are my pseudo codes: ....
I'm looking for some best practices when it comes time to allowing a user to create an account for our web app. For example, a potential customer of ours would fill out an application and then an email would be sent w/further instructions on how to activate and
login to their account. What's the best way to accomplish this? Should our system create a unique password for them (initially) and then require them to create their own? I need a solution that is secure with almost no chance of someone attempting to impersonate.
How do you regenerate the ASP_NET login account? The password got changed which hosed everything. I can no longer see my web services and need to reset the ASP account. How do I do this?
View Replies View RelatedWe have recently upgraded our web server. The web server is in a remote location and is being administered by a contract company. After the upgrade, one of the location of our database (access) has been asssigned the following rights:
Read and Write. There are two more permissions i.e. Read & Execute and List Folder Contents which were not given permssion. With this scenario, I cannot add or update records on a web application tied to this Access database. My Is the Read & Execute not essential in order for me to insert and update or even select record in the web application.
ASPNET profile/account was accidentally deleted on NT/2000 platform. Is there anyway to get it back without reinstalling the whole exchange/IIS services?
View Replies View RelatedHow do you create a form that can be forwarded to an email account. Could somebody please provide me a code.
View Replies View Related