.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

ASP.NET MVC: Using NonActionAttribute to restrict access to public methods of controller

Posted By: DigiMortal     Posted Date: April 10, 2011    Points: 0   Category :ASP.Net
 
 

Public non-action methods in ASP.NET MVC controllers are source of problems because they can be called by user when not handled carefully. Same time you may need public methods on controllers for some other reasons (some UI framework, testability problems, things you cannot change etc). In this posting I will show you how to handle controller methods properly.

Calling controller methods

Public methods of controller are called controller actions and these actions are mapped to URL-s using routes. Take a look at the following code.


public Acti


View Complete Post


More Related Resource Links

Cannot access public methods on MasterPage

  
Hi All, maybe someone can help me with this one. I have a a public method in my code behind on the site.master pagenamespace PROJECT { public partial class Site : System.Web.UI.MasterPage { protected void Page_Load(object sender, EventArgs e) { } public void applyUserRole(string userID) { } } } I  wish to call applyUserRole() from Default.aspx On Default.aspx I have .. <%@ Page Language="C#" MasterPageFile="Site.Master" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" Title="Project- Home" %> <%@ MasterType virtualPath="~/Site.master" %> But when I go to Default.aspx.cs and type Master. the method is not appearing. I've seen other post where people are having this issue but I can't find an answer. If anyone has any good pointer and you please let me know, thanks 

Restrict public access to webservice

  

I have this Internet web service page(webservice.asmx) being consumed jquery ajax call.

And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).

The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.

So users can't just type www.mysite.com/webservice.asmx to access my webservice. 

I'd appreciate any advice about securing web service.



How to restrict folder access to users and theirs only

  

Hi. I created a web application using "Forms Authentication". 

There is a folder name "uploads", and it creates subfolders as username when they register. Web application stores users' files and images under their folder ("uploads/username")

I tried to find a way to restrict users to download and upload files to their folder only and couldn't find a good one. 

Then I came up with this idea that stores "web.config" file each time user registers and the web.config should look like below. Username will be changed dynamically according to username.

This method actually works but I am little worried if this is a good practice as far as performance wise. Because it'll create web.config files as many as users and there might be other holes that I don't recognize. 

I appreciate any advice or better suggestion for this problem.


--------web.config in "/Root/uploads/username directory"--------------

<location path="HRpages">
  <system.web> 

is there any impact of using static methods in Business Access layer in 3 tier applciation

  

is there any impact of using static methods in Business Access layer in 3 tier applciation,


Please suggest me what are the best practices and standards


Who to restrict access to only one view.

  
What is the best way to grant access for a user, to select from only one view, not the actual tables?

How to restrict to call Web Methods

  
 Scenario is, I have a tab container inside which I placed 5 tabs and each tab having 4 Cascaded dropDown. Now for changing the tab page everytime refreshed and calling all 5 parent control dropwdown to fill. But can I prevent it in that manner so that for changing the tab only that parent webmethods will be called to populate. In page load itself it will call only the active tab parent Cascading dropdown web method.

Unable to access Entity in controller

  
 Problem is that when i do like :- Right-click the Models directory and select Add?New Item?Data?ADO.NET Entity Data Model. then generatemodel from a database, it creates OopsData.edmx. and creates entity named OopsEntity. When i try to access this entity in Homecontroller it gives me error like broken reference something. But if i do same thing by right -clicking the project (solution explorer) then i am able to access OopsEntity in HomeController. Reason for asking that is coz i was following the MVC Music Store tut and in it, its done by creating OopsData.edmx in model folder but in my case its not working. Other question is that what is that difference between creating same thing by right clicking on (using) model or solution explorer (project). 

Not able to access Class methods when deployed on a remote server?

  
I have a web service project. In the project I have a class named "Piper"In testing the web service in localhost mode in the VS IDE, I can access membersof the class, such as my method "Proceed" and property "Comber" The problem I am having is that when the web service is deployed to the serverin staging, or the deployment server, I am not able to access any methods of my class. Onlythe properties. This is very strange? As they are both public and I can access them when I run the project in local host in the IDE. Does anyone know what the problem might be?Here is a simplified example of my class. Public Class Piper Public Sub Proceed() End Sub Public Property Comber() As Boolean  Get   Return True  End Get  Set(ByVal value As Boolean)       _comber = value  End SetEnd Property End Class

Access Public Function in MasterPage

  
Hi,I need help in accessing the function in my masterpage.I have a.master and b.aspx with the content page.Now in the page load of my content page, I want to execute the an sql query which is in a function in my master page.How can I access the function in my master page??code in my master page:public function info () as string'SQL Queryend function

Need help: "Adding Parameterized Methods to the Data Access Layer"

  
Hi all, em all new in C# and .NET.I am following this tutorial: http://www.asp.net/data-access/tutorials/creating-a-data-access-layer-csAnd i am at step 3: Adding Parameterized Methods to the Data Access Layer - i have No problems in getting out all information from my database.But when i try to get a specific item by CategoryID i get a Error.This is what i type in my Query in the table adapter:SELECT     ProductID, ProductName, SupplierID, CategoryID, QuantityPerUnit, UnitPrice, UnitsInStock, UnitsOnOrder, ReorderLevel, DiscontinuedFROM         ProductsWHERE CategoryID = @CategoryIDHere is the error i get when i click finish:The wizard detected the following problems when configuring TableAdapter Query "FillByCategoryID":Details:             Generated SELECT statement.              Error in WHERE clause near '@'.              Unable to parse query text.Can anyone help me with this problem?Someone who knows what i am doing wrong?Thanks

Restrict folder access in Report Server

  
Hi There, I am creating folders each of our end users in Report Server, who upload their reports to their respective folder. I want to allow users to see and access only their folders and they should not be able to see others folders available on the Report Server, it is possible? If Yes, how do I do it? Thanks for your help. Regards, Suresh

Controller Methods and Views in MVC2

  
In MVC2 does every single controller method have to map to a DIFFERENT view? Or can I make two methods map to the same view?

public web methods...how to make private? Security question

  

I understand how to set security for a ASP.NET web page, how to encrypt a Silverlight page, and a WCF application, but my question goes to this:  given a web method, which by definition must be public, how do you keep people from accessing it outside of your client program?


If your program (client) is the only way to access this web method, then there's no problem.  But it is impossible to make a web method private--it won't compile--so how to keep people from using it?  The only thing I can think of is that if you call your web method by an obscure sounding name, it's likely nobody will guess the URL, and if you set your server so it cannot be searched (dir *.*) by the public, it's unlikely anybody will ever guess the name of the web method.  But this is hardly 100% secure.  And what if you call your web method "DoWork", which is the default OperationContract name in Visual Studio?

What am I missing?


PatHens

 

//what I have in mind

public interface IService1
    {
        [OperationContract]
        string DoWork();
}

//

public string DoWork()
        {
//secret stuff in here
string SecretStuff = "S

restrict access for a single group to a single folder in a list

  

Hello and Goodmorning,

I have one list, organized with 3 folders.

I can create a group(s), add user(s) to this group(s). 

Now i need to assign access like this:  group1 can only see and 'readonly' folder1, group2 can only see and 'readonly' folder2, group3 can only see and 'readonly'...folder3!

Im sure this is possible, from similar non-programming posts on the forum.

I have been looking into SPRoleAssignment and SPRoleDefinition to define Group permissions but its the mapping them to specific folders that I am missing...

Enjoy your tea.

 

max

 

 

 

 


Public Access to Reports

  

I'm designing some reports to summarize recently compiled research findings.  These reports are going to be posted on an ASP.NET page (via the report control) on the web site.  I do not want to authenticate users, as the findings are meant to be public and requiring users to register and authenticate would add a barrier and is likely to decrease traffic.

I've seen similar posts where reports are meant to be viewed by everyone on an intranet and permissions could be set using a designated workgroup.  I need alternative solutions to the problem of making a report viewable by everyone who visits a site.  I'm also currently unfamiliar with Kerberos (and I know that will probably pop up as a potential solution), so if there's a convenient way outside of that it would be great.


Public Access to SSRS Reports

  

I'm designing some reports to summarize recently compiled research findings.  These reports are going to be posted on an ASP.NET page (via the report control) on the web site.  I do not want to authenticate users, as the findings are meant to be public and requiring users to register and authenticate would add a barrier and is likely to decrease traffic.

I've seen similar posts where reports are meant to be viewed by everyone on an intranet and permissions could be set using a designated workgroup.  I need alternative solutions to the problem of making a report viewable by everyone who visits a site.  I'm also currently unfamiliar with Kerberos (and I know that will probably pop up as a potential solution), so if there's a convenient way outside of that it would be great.


Sitemap: why can't sub nodes further restrict role access?

  

I have a menu in my application (created from the sitemap) which I want available to two user roles.  However, there are items on that menu, I want available only to one role or the other.  So I have created the following in my sitemap.


	  <siteMapNode title="My Account" roles="TimeUser, Client" >
		  <siteMapNode title="My Profile" url="~/TimeTracker/ClientUserProfile.aspx" description="" roles="Client" />
		  <siteMapNode title="My Profile" url="~/TimeTracker/EmpProfile.aspx" description="" roles="TimeUser" />
		  <siteMapNode title="Change Password" url="~/TimeTracker/EmpChangePassWord.aspx" description="" roles="TimeUser, Client" />
	  </siteMapNode>


Essentially, I want employees with the "TimeUser" role to see the "My Profile" link that goes to the EmpProfile.aspx page, but not the link to the client profile page.  However, when an employee logs in, they see both.  I am guessing this may be because the "My Account" node which contains them allows both roles.  Is there a way around this without duplicating the "My Account" node?


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend