.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

question about multi user website and security

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :ASP.Net


i am developing a multi-user website using Dynamic Data and wondered if someone could answer the following or provide advice:

what is the best way of protecting data so someone (who has a login to the site) cannot see records intended ONLY to be viewable by another valid user?

as far as i can see a user can simply tamper with querystring or url values (if using routing) and bring up the details of records they should not.


any help qould be gratefully appreciated. i am drawing a blank so far and the easiest option may be to back to a traditional asp.net site where i can control things simply by use of a Session variable (UserID)



View Complete Post

More Related Resource Links

Newbie User Import Question re: One way external trust & Security



There is a business initiative to install a Dev Sharepoint 2007 server in our Trusting Domain. My internal corp network will be Corp.COM. The 3rd party network will be 3rd.COM.  Currently 3rd.COM has a Oneway External Trust pointing inward to Corp.com.  Corp.COM Domain and Forest levels are WIndows 2003. 3rd.com Domain level is Windows 2000 Mixed and the Forest is Windows 2000.

The Dev sharepoint server is located in 3rd.Com domain and the consultant is trying to import Corp.com users by pointing the user profile connection to Corp.com active directory. Needless to say this will fail because there is a one way trust in place so 3rd.com users are allowed to read Corp.Com active directory. Not to mention there are no firewall ports open for this anyway. My questions are...

How can we securely allow this sharepoint server to import in 3rd.com to import users from Corp.com?

Ideally we would like to use a service account from Corp.com to import the accounts. We would also like to either

(A) encrypt the sharepoint servers communication to our Corp.com active directory. because there are Two firewalls between the trust ports would be specifically opened from Sharepoint server <-> Corp.com DC

(b) some how use the existing trust to facilitate this procedures. no additional ports opened on the firewalls.

Any ass

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Creating a user friendly alias for the website path


 Hello mates,

I am hosting my ASP.NET application on a Windows 2003 Server.

To browse to my application one has to type the path :http://serverName/applicationName

I want users to only type  applicationName on the web adress area.I believe there is something to do with alias and CNAME on DNS records that can adress this.

Any help on how to go about doing this will be highly appreciated.

Change Button Text in Multi Language Website


Hi i developing multi language website

using Master pages

everything fine

Page_Load i set the Text property of Button Control from Resource file

like this

Button1.Text = GetLocalResourceObject("Button1")

then in the button click event i cnage the text of the Button control

Button1.Text = GetLocalResourceObject("Button1_new")

but the text doesn't change and no error messgae

what is the problem how to solve this


For Multi-Language website which process is better in asp.net


 I want to build multi-language website in asp.net 2008 and asp.net 2010. So, which process is better for building application? Using either Local and Global Resource or New Folder to make separate according to language?


Application performance should be good and also easy manageable.


Please suggest me in which way I will build the application either using resource or folder. If there is any other better solution then please share.

A Challenging Question for Advanced user....


Using  dot net How will you release .exe applicattion for 1000 clients.this question was asked by manager but i could not answer him.tell me if you can!!!

How Restrict and Allow user to Pages of Website.


i have 4 pages of website

2 pages are authorized to used by USER and 2 pages are restricted for user

admin can authorized to go all 4 pages


i need coding for Login window from which Admin/User Login



Moving a website - URL aliasing question


Hi we are migrating a website from a proprietary system  to a new system built inSQL 2008.

The old  system has about 6,000 pieces of content with individual hard-coded aliases. How could we go about creating a match table to ensure these resolve with our new system (based on Intellgentsia URL rewriter)?

Any pointers would be helpful.

Question about user used to execute code from app_code


 Hello. I would like to know something about code execution  in App_Code folder.

Under wich user executed code from app_code.

I'm using impersonate in web.config

stsadm Import command + include user security



When I move sites from test to staging to production, I am using the stsadm –o export command with the –includeusersecurity option in the staging environment.  In production environment, I then use the stsadm –o import command with the –includeusersecurity option.  I was assuming that this option was bringing over the security on the exported site only.  This does not seem to be the case.

Last night I exported one sub site to produtction.  Today, I was notified that the security groups on other sub sites have been altered.  


So why is it when using the –includeusersecurity option effect all sub sites and not just the one sub site being moved from staging to production

output cache to be used only when parameter has changed + old question of user control not answered



i have 2 questions about output cache:

1.is it just me , or does it seems that it is used only after the second time that the user reaches the webpage? if so, why, and how can i tweak it to my needs? my guess is that it wouldn't be logical to cache every time a user reach a webpage, but only when it happens enough times.

2.i know that i can use "varybyparam" for using the output cache when the parameter doesn't change , but it seems that it would use the output cache even if there is no parameter , or if the specified paramter is not there. is there a way to overcome this?

3.an old question that somehow marked as "answered" , yet i didn't solve : suppose i created a user control and i gave it values through the CTOR via the aspx file . is it possible to show the values from within the split/design mode? remember that i've talking about ASP.NET and not simply C# winforms . i write this because this question was on :


and the answer that i got was for C# and winforms . i've tried to do the same for ASP.NET , but i've failed.

can anyone please help me?

Share Point Designer 2007 Workflow (Sequential) - multi-collect data from user

I am currently building a multi-step workflow using ShrePoint designer for MOSS2007. I am getting a bit confused as to if I have an error or if I am doing something incorrect. Here is what I have going. My workflow consists of something similar to the following New document comes in, a collect data from user routine is ran and assigned to a reviewer. My understanding when I create a collect data from user WorkFlow step is any data I request is saved in the "Tasks" list. Therefore I need to grab the workflow task ID in order to later lookup what the reviewer submitted... I understand this...   However, I have one more collect data from user workflow step and I have one more item to collect. Even though this is a brand new collect data from user workflow step - does the collected data still go into the "Tasks" list? In other words, if I have two steps in a workflow and both of these steps are "collect data from user", does the data from both steps go into the same "Tasks" list?  I could see how this might be possible as long as the Task list columns contain all the items for all the different "collect" data from user steps.  I don't see two different Tasks lists representing or named "Reviewer" or "Final" or anything, so I assume the items are all in "Tasks"   However..

How to create website with multi-langauge support in sharepoint 2010?

Hi Folks, I am tried to create the website with multiple Language support  in sharepoint 2010. i did not able to build the website . But I can create the website with different language at the time. kindly give me some valuable details thank you Regards Immanuel C  

Question about URL security

Hi I'm creating a website where I want people not to be able to create link to certain pages. The site work like this: The user do a serch for a document and click the link to view it, then he can view the document. If the user somehow adds the URL to favorites he should not be able to view the document when he at some time later tries to view the document. In addition if the user sends the URL to other people they should not be able to view the document. Any suggestions how to implement this?  

current user identity in custom security trimmer

The crux of my problem is that I want to impersonate  a user’s NTLM credentials in the context of a SharePoint custom security trimmer to execute HttpWebRequests to check user access to URLs.  When accessing WindowsIdentity.GetCurent() in the security trimmer, the System.Security.Principal.WindowsIdentity object returns the identity of the application pool running the search query service, NOT the currently logged in user.   When accessing System.Threading.Thread.CurrentPrinciple.Identity in the security trimmer, the Microsoft.IdentityModel.Claims.ClaimsIdentity object of the current logged in user is returned.  However, there is a catch.  …   If I execute the following code in a .NET web application, the cast of the ClaimsIdentity to a WindowsIdentity succeeds because the identity has the authentication type of NTLM.    WindowsIdentity winId = (WindowsIdentity)System.Threading.Thread.CurrentPrincipal.Identity; WindowsImpersonationContext wic = winId.Impersonate(); request.Credentials = CredentialCache.DefaultCredentials; //access means a response comes back when a request is made to the url using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) { returnStatus = true; } wic.Undo(); However, when I execute the same code in the context of the SharePoint security trimmer (the search query service li

Dynamically adding User Controls -- newbie question!

I am new to ASP.NET (coming from ColdFusion, thank goodness I'm away from that!).  And I am have THE hardest time understanding how to work with forms in ASP.NET.  Here's what I am doing:Dynamically add User Controls to a PlaceHolder based on some int value (which currently is passed in a HiddenField).Fire an event if the WebControls inside of the User Control change, then handle that event in the Main Page (i.e. save the input to DB)When the user clicks the "Next/Continue" button, the next controls for the next page are loaded.And I guess maybe I just can't seem to get how things work in ASP.NET, because I am really struggling with the general idea of how ASP.NET flows.  Should I be dynamically loading the controls in Page_Init, or Page_Load?  Or should I load the controls when the buttonclick event is fired?Do I have to add the axCtrl.OnDataChange += new EventHandler(HandleAxControlDataChange); line on Page_Load?  Or should I put this in When I first load the UserControl, I need to initialize some WebControls within the UserContorl.  Is there a way to know if I have loaded new user controls into my placeholder?  I can't use Page.IsPostback, because after the first page, every page is a postback from the buttonclick.Any help for this confused newbie would be GREATLY appreciated!!Here's what I have: pu
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend