How to set the web.config ?

[Raghu Raman]

Hi ,

we r using c#.net and we r open the public IP to our web server,so that
our client from other country could easily log in and see the deatils.

For some security reasons,i need to restrict my client(ex :user
name:client1,domain=domain1) to access my public IP .all other outside
users except the one i specified above should be denied to access my web
server.


How to do this.

with thanks & regards
Raghu( a drop in the ocean)

 

[Mark Sandfox]

If you are talking about server access, simply setup user account in active
driectory.

If you are talking about website access look at the following:

Key elements here are the preload (At top), Submit_UNPW, the asp code within
the body, and the page_load routine on each page you wish to protect.


Login page


<%@ Page Explicit="True" Language="VB" Debug="True" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>YourHomePage</title>
</head>

<Script Runat="server">

Sub Submit_UNPW(Sender as Object, E as EventArgs)
If page.isvalid then
Dim cnUsers as OleDbConnection
Dim daUsers as OleDbDataAdapter = New OleDbDataAdapter
Dim dsUsers as DataSet = New DataSet
Dim drUsers as System.Data.DataRowView
Dim dvUsers as DataView
Dim ConnectionString, SelectStatement as String

SelectStatement = "Select * From Users Where Username = '" &
tbUsername.Text & "' AND Password = '" & tbPassword.Text & "'"
cnUsers = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data
Source=C:\Inetpub\wwwroot\YourWebSite\fpdb\Users.mdb")
daUsers.SelectCommand = New OleDbCommand(SelectStatement, cnUsers)
daUsers.Fill(dsUsers, "Users")
dvUsers = dsUsers.Tables("Users").DefaultView

'Check for Matching User
if dvUsers.count = 1 then
lError.Text = ""
drUsers=dvUsers.Item(0)
Session("UserID") = drUsers("ID")
Session("UserName") = drUsers("UserName")
Session("PassCode") = "valid"
Session("AccessCode") = drUsers("AccessCode")
Session("FirstName") = drUsers("FirstName")
Session("LastName") = drUsers("LastName")
response.redirect("staff_menu.aspx")
Else
lError.Text = "The Username and Password you have entered do not match
our records.<br>Please try again."
End If
End If
End Sub

</script>

<body stylesrc="../bg.htm" topmargin="0" leftmargin="0">
<form Runat="Server">

<div align="left">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:
collapse; border-right: 1px solid #000000" bordercolor="#111111" width="629"
background="../images/EmSB.jpg" height="100%">
<tr>
<td align="center" valign="top"><font face="Arial"
size="1">&nbsp;</font><font face="Arial" size="5"><b><br>
Please Login Below</b></font><p>&nbsp;</p>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="300">
<tr>
<td width="150" align="right">
<p style="margin-right: 5"><b><font
face="Arial">Username:</font></b></td>
<td align="left" width="150"><b><font face="Arial">
<asp:TextBox ID="tbUsername" Columns="18" MaxLength="10"
runat="server"/>
<asp:RequiredFieldValidator ControlToValidate="tbUserName"
Display="Dynamic" Text="<br>Required Field" Runat="Server"/>
</font></b></td>
</tr>
<tr>
<td width="150" align="right">
<p style="margin-right: 5"><b><font
face="Arial">Password:</font></b></td>
<td align="left" width="150"><b><font face="Arial">
<asp:TextBox ID="tbPassword" Textmode="Password" Columns="20"
MaxLength="10" runat="server"/>
<asp:RequiredFieldValidator ControlToValidate="tbPassword"
Display="Dynamic" Text="<br>Required Field" Runat="Server"/>
</font></b></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="300">
<tr>
<td><b><font face="Arial">&nbsp;</font></b></td>
</tr>
<tr>
<td align="center"><b><font face="Arial">
<asp:Button Text="Submit" OnClick="Submit_UNPW" Runat="Server"/>
</font></b></td>
</tr>
</table>
</center>
</div>
<p><font face="Arial" color="#FF0000">
<asp:Label ID="lError" Runat="Server"/><b>
</font></b>
<p>&nbsp;</td>
</tr>
</table>
</div>
</form>
</body>
</html>






Place this on each page you wish to protect.

<Script Runat="server">

Sub page_load(Sender as Object, E as EventArgs)
if NOT(Session("PassCode") = "valid") then
response.redirect("http://www.YourHomePage.com")
else
'Session("UserName")
'Session("AccessCode")
lFN.Text = Session("FirstName")
lLN.Text = Session("LastName")
end if
End Sub

</script>

 

[Kevin Spencer]

Don't allow anonymous access. Require a login to access the web site. And
for additional security, use HTTPS.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Neither a follower
nor a lender be.

 

[Rajagopal Pasupuleti]

check here

http://support.microsoft.com/kb/815151

 

[Raghu Raman]

Hi,Mark

Your first line could be the solution to my probs.Because i want to
restrict other users to access my public Ip webserver.

i need to create the user a/c for the directory.


Thanks a lot

 

[Raghu Raman]

HI , thanks for that.


but i need to protect my server having the Public IP .So first i should
go for the active user a/c. after that i can put the authorization a/c.


Since the intruders know the public IP , even they could copy our
folders.

So , we proceed with mark's view in this case

Thanks &regards
Raghu

 

[Raghu Raman]

Hi thanks . i ll see that