.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Restrict access only to the homepage

Posted By:      Posted Date: October 18, 2010    Points: 0   Category :SharePoint


I want to allow all staff to access only the home page of the department. If I grant read permissions to Domain/Department/SitePages/Home.aspx I can access the landing page using full url, but if click on the department name in the breadcrums or go to Domain/Department/ i get  Error: Access Denied

This is happening because when one goes to Domain/Department/  one is redirected by default.aspx to Domain/Department/SitePages/Home.aspx but I can't grant read access to default.aspx

Do you have any suggestions on how I could accomplish only allowing read access to the home page?


View Complete Post

More Related Resource Links

How to restrict folder access to users and theirs only


Hi. I created a web application using "Forms Authentication". 

There is a folder name "uploads", and it creates subfolders as username when they register. Web application stores users' files and images under their folder ("uploads/username")

I tried to find a way to restrict users to download and upload files to their folder only and couldn't find a good one. 

Then I came up with this idea that stores "web.config" file each time user registers and the web.config should look like below. Username will be changed dynamically according to username.

This method actually works but I am little worried if this is a good practice as far as performance wise. Because it'll create web.config files as many as users and there might be other holes that I don't recognize. 

I appreciate any advice or better suggestion for this problem.

--------web.config in "/Root/uploads/username directory"--------------

<location path="HRpages">

Who to restrict access to only one view.

What is the best way to grant access for a user, to select from only one view, not the actual tables?

Restrict folder access in Report Server

Hi There, I am creating folders each of our end users in Report Server, who upload their reports to their respective folder. I want to allow users to see and access only their folders and they should not be able to see others folders available on the Report Server, it is possible? If Yes, how do I do it? Thanks for your help. Regards, Suresh

restrict access for a single group to a single folder in a list


Hello and Goodmorning,

I have one list, organized with 3 folders.

I can create a group(s), add user(s) to this group(s). 

Now i need to assign access like this:  group1 can only see and 'readonly' folder1, group2 can only see and 'readonly' folder2, group3 can only see and 'readonly'...folder3!

Im sure this is possible, from similar non-programming posts on the forum.

I have been looking into SPRoleAssignment and SPRoleDefinition to define Group permissions but its the mapping them to specific folders that I am missing...

Enjoy your tea.







Sitemap: why can't sub nodes further restrict role access?


I have a menu in my application (created from the sitemap) which I want available to two user roles.  However, there are items on that menu, I want available only to one role or the other.  So I have created the following in my sitemap.

	  <siteMapNode title="My Account" roles="TimeUser, Client" >
		  <siteMapNode title="My Profile" url="~/TimeTracker/ClientUserProfile.aspx" description="" roles="Client" />
		  <siteMapNode title="My Profile" url="~/TimeTracker/EmpProfile.aspx" description="" roles="TimeUser" />
		  <siteMapNode title="Change Password" url="~/TimeTracker/EmpChangePassWord.aspx" description="" roles="TimeUser, Client" />

Essentially, I want employees with the "TimeUser" role to see the "My Profile" link that goes to the EmpProfile.aspx page, but not the link to the client profile page.  However, when an employee logs in, they see both.  I am guessing this may be because the "My Account" node which contains them allows both roles.  Is there a way around this without duplicating the "My Account" node?

Using , want to restrict access to file .wmv


Hi all,  I want to secure a particular set of files in a folder by role type.  I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type..anyone can access the file).  I've read that I need to map the .WMV extension to the ASp.Net DLL.  Can somebody give me some details on how to do that?  (I'm a newbie).


Thanks in advance.


<location path="media/mymediafile.wmv">
        <allow roles="MediaRole" />
        <deny users="*" />



Restrict login access to website from specific machine


Not sure if this is the correct forum section but I need to restrict access to my website by physical PC.  When a user signs up I want to be able to restrict access to one machine for that account so it cannot be shared round, if, for example, somebody else in the same office wanted to access the system on their PC they would need a seperate sign in.

I have done some investigation and I "think" the only way is installing an ActiveX component (which isn't an issue that is restricts to IE only) and then read the users MAC address.  Am I trying to over complicate things or is that the only way?  I realise that MACS can be spoofed but this is not much of an issue.


Restrict public access to webservice


I have this Internet web service page(webservice.asmx) being consumed jquery ajax call.

And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).

The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.

So users can't just type www.mysite.com/webservice.asmx to access my webservice. 

I'd appreciate any advice about securing web service.

restrict access to views - Secure standalone pages and secure the with IIS?


I need to be able to restrict access to views in a sharepoint list.

I need to create views as a separate page, import the data using a DataView and then secure it with IIS security.

How do I secure the page with IIS?

ASP.NET MVC: Using NonActionAttribute to restrict access to public methods of controller


Public non-action methods in ASP.NET MVC controllers are source of problems because they can be called by user when not handled carefully. Same time you may need public methods on controllers for some other reasons (some UI framework, testability problems, things you cannot change etc). In this posting I will show you how to handle controller methods properly.

Calling controller methods

Public methods of controller are called controller actions and these actions are mapped to URL-s using routes. Take a look at the following code.

public Acti

Restrict access to SharePoint 2007 test farm


Hello all,

I feel like this should be simple and hopefully I'm over looking something.  We have our production SharePoint 2007 environment.  We also have a test farm.  There have been several occasions where I've needed to copy a production content database over to the test farm.  Is there an easy way to deny access to the test farm?  I don't want users accidentally logging into the test farm and updating content not realizing it's test.  We've had this happen on occasion and depending upon how much content they update, it can make moving that content to prod difficult.  Unfortunately, it's not possible to simply restrict by IP.  I basically want to deny all users except for domain admins and possibly our designers.


How to restrict access to a SharePoint Document Form Library while allowing users to fill out and su


We have created a MS InfoPath form with it's corrsponding SharePoint Document Form Library, but would like to restrict the access to the SharePoint Document Form Library. After the user completes and submits the forms then he/she should not be able to go into the SharePoint Document Form Library and view the form. In order to allow users to fill out and submit an InfoPath form, Contributor level access is required to be granted. But Contributor level access allows them to view not only the form he/she has created but everyone else's which is not acceptable in this particluar situation. The solution we've come up with is to grant Contributor access to the SharePoint Document Form Library when the Submit button is pressed using stsadm grant the user Contibutor role. Then remove the access once the submission is completed.

We would be interested to know if there is a better process to accomplish this task. And, of equal importance, the coding that is required to execute this task.

MVC architecture in ASP.Net using C# and Microsoft Data Access Application block

The Model-View-Controller (MVC) pattern separates the modeling of the domain, the presentation, and the actions based on user input into three separate classes [Burbeck92]:

Model. The model manages the behavior and data of the application domain, responds to requests for information about its state (usually from the view), and responds to instructions to change state (usually from the controller).

View. The view manages the display of information.

Controller. The controller interprets the mouse and keyboard inputs from the user, informing the model and/or the view to change as appropriate.

5 GridView Themes Based on Google's Personalized Homepage (igoogle)

One of the silly features I have found that I like about igoogle is how the pages color palette changes depending upon the time of day. So as the day progresses from morning to afternoon to evening the colors on the page change as well. Like I said, I know this is a silly feature, but I like it. And I have asked around a little bit and seems like other people like it to. To get a better idea of how the colors change, here are the background images from a few of the HTML elements.

Store and Display Images from MS Access Database Using C#

There is only the difference of coding syntax to stream the binary data of image content type to upload it into MS Access Database using C#/VB in ASP.Net 2.0

Namespaces required:-
using System.Data.OleDb;

OleDb is used to connect the web site forms with MS Access Database using Microsoft.Jet.OLEDB.4.0

ASP.Net Upload Image to MS Access Database

As you learnt from the previous articles to upload image to the SQL Database in ASP.Net 2.0 and stream that image into the memory to retrieve it from the database and display it on the web page. In this article you will learn how to upload images to the MS Access database in ASP.Net 2.0

First of all create an Access Database and place it in the App_Data folder of ASP.Net web site project. Then create a table "tblImg" with the following fields:

Wrong Account being used to access files - Help - No Impersonation


I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.


I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).


Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend