I want to open the MS Access file with user-level Security. I know that if I do NOT setup user-level Security in the MS Access file, and create the table for login in the MS Access file (Put the MS Access file in the server), then it works.
I did that. But, I want to know whether or not we can use ASP code to open the MS Access (MS Access user-level Security setting). This way I can put the MS Access file in the public place.
Can we do it in ASP?
The following code cannot do that:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/try.mdb"
%>
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
I want to decide what should be displayed dependent on what security groups (2k server) the user belongs to. I don't appear to be able to do it with frames.
I am working on a document management system for a client. I am planning to set up the system so that documents are protected, sort of.. A user has an access level and based on that access level, a list of available documents will display as an HTML page and the user can click a hyperlink to download or view the selected document.
I am planning to handle this all through a SQL database and ASP..
What I would REALLY like to do, though, is protect a set of directories so that a user could not just enter a URL and download a document without being prompted for a username and password if he/she hasn't already logged in.
I have done something like this using AuthnetiX from Flicks Software, but this current client is trying to create a solution "on the cheap", and so I'd like to see if I can build the solution using the secuirty mechanisms built into the O/S.
What I'm thinking is that I'll set up the directories and assign a group access to each directory.. My question then is, can I add users to the "Local Users and Groups" for Windows 2000 via ASP?
It has been said that When attempting to load an XML file saved as UTF-7 (a transfer encoding format for Unicode), the XML parser in Internet Explorer generates the following error message: Invalid at the top level of the document. The same error also occurs when using the MSXML parser from server-side or client-side script. I am getting this error when I use MSXML 3.0 as reference in a VB DLL function called by a ASP file.
I have a website that is running perfectly on windows 2000 server and IIS 5. However we are now moving it to server 2003 and IIS6. No problem there however after setting everything up a problem has occurred. My directory structure is websites then webroot within that which contains the site files. Within webroot is also a directory called connections, which contains the database connection asp file.
It is a mysql database. Ok the problem is that I am calling the connection in my asp pages as follows (<!--#include file="../Connections/connLUKTrading.asp" -->). but the server will not navigate up a directory level as the ../ indicates. The site works fine if I place the directory connections in at the same level the site works but then I will have to do this at each of wwwroot's sub directories I should not have to. I believe it is a permissions problem to do with IIS6 but not sure. I have spent hours trying to find it.
In our application, we have noticed on two rare occasion where the data stored in application level arrays has disappeared. We have 3 application level arrays, and many other data types stored at application scope as well. The other data types appear to have been unharmed.
All session level data remained unharmed as well. The data in the arrays seemed to have disappeared all of the sudden. No IIS restarts, for example, were performed. Is there any known issues with arrays being stored at application level.
On our IIS 5 windows 2000 web server we have many .asp's.most of which (When right clicked / security tab / edit authentication) are using Integrated Windows Authentication. Is there an easy way to check ALL of them? Some of the pages require a higher level of security (Our password reset page for example) and I am just auditing everything and want to make sure that only the few pages that require it are using the elevated security level. (By the way this is accomplished by using anonymous access with a domain account that is 'elevated'... I hate right clicking on 1000 different .asps to see the file / directory level authentication methods... is there an easy way to do this? Maybe through resource kit command line tools or some meta edit type tool
I have to create a web base application program, I think to use ASP but I would like to see If it supports comparison Graph. Does it support different levels of access because I have different kind of users or i have to do it manual?
We can simply open a file from our server's folder. Even if someone knows the full path, he can simply open file. Even someone expert can delete pdf file also.
I am using Request.ServerVariables("SCRIPT_NAME") to get the extention from the url and need to know if I am in the root or down a directory. i have two folders, one called 'local' and one called 'group'
how I can make a dhtml menu into a dynamic menu that pulls its links from an access database instead of the hardcoded html.
I would like to know because I'm working on a site that needs such a menu and most of my administrators using my site don't understand html and won't be able to update the menu unless I can give them a simple form that allows them to add links.
I want to display a different message deppending on the amount of stock left. For example if there is no stock i would like to display "out of stock", if the item is in stock display "in stock". Code:
how can i retrict user to only access the web page iif and only if they have the username and password, they neeed to login before can access the certain pages. How is the coding for that web pages?
This is a standard ASP application that has several pages at the root withthe global.asa. I set a session variable session("accountid") = "123456" within an asp page and then response.redirect to the next page and immediately response.write session("accountid") and I get back nothing.
But if I set a session variable session("accountid") = "123456" within an asp page and response.redirect to a page in a sub directory and immediately response.write session("accountid") I get back 123456 on the screen.
I am developing a simple ASP-Access system for invoicing purpose, and the system is in 98% progress. What I want to do now is to add some sort of "control stock levels".
Let say I have set the quantity of an item/product (eg, pencil=100) in my database (in my database it refer to the table tblProducts with the field called PStockLevel) When one customer want to buy 10 pencil, the system will automatically set the PStockLevel to 90. All the calculation will be done in the page called tasks.asp.
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM to manage account users - the site has a page that allows people to create an account (much like any site). The page populates the AD with all the information and the user account but I am unable to enable the account. Microsoft has information on how to do that here --> http://msdn.microsoft.com/library/d...ting_a_user.asp (the sample is for Visual Basic) - and I am unable to complete the bottom portion of the script. Can some one point me in the right direction - or can you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones (System.DirectoryServices) but it is rather confusing - I seem to accomplish one thing with one and another with the other (they did have trouble co-existing however). Anyway my script works very well but I am not able to access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
IIS can handle security on its own without the need for complex scripting and i like the idea of being able to just let the system do it however im not sure how to set such things up and would that mean that if you used something like integrated windows authentication that security is delt with by windows and its users info rather than getting the info from a database of my choosing ?
the whole concept is quite confusing to me but there must be a simple ish way to set up at least some form of secure site area within my web.
I am starting to learn asp and I have IIS installed on my WIN xp pro machine. Do I have to worry about security for any reason at all. I don't believe I have file sharing on at all, then again, I don't know if that has anything to do with this.
How do I run security through all of the pages? The users log in, an asp checks their password, then what do I do to secure the pages from users that do not enter the password?
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web. Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Does anyone know how to implement one way hashing or encryption using ASP 3.0 and no additional components.
I need to secure a intranet application which is being moved online, currently the passwords are stored in plain text, ideally id like to hash the passwords in the database and hash the form data when testing, but I don't seem to be able to find any hashing methods for standard ASP, perhaps someone has a nice code snippet for hashing.
is there a way to login to a particular security group from asp?I use IP addresses and email addresses to identify web users and most have general IWAM_COMPUTERNAME access. Once web users login is there a way to give SOME of them access to a NT security group based on stored NT user/password information?
I am working on a new feature on my website where people can write their own HTML files. They are actaully going to have .ASP extensions, and are hosted on my webserver. So, what security issues can you suggest? So far all I have got is disabling '<% %>' tags. Anything else?
