I designed an MVC app with authorization that works great. In my app, a user can click a link to view a document. The document displays in another tab. If the user saves that link, logs out, and comes back (without logging in), they can paste the link into the browser to see the document. They can also change the parameters in the link to view documents that may or may not be associated with their account. The link is create as:
#Html.ActionLink("View", "CertificatePDF", "Documents", new { wo_nbr = Model.id}, new { target = "_blank" })
This creates the following link:
http://xxx.yyy.com/Documents/CertificatePDF?wo_nbr=1000462209
How can I prevent users from viewing/changing documents unless they are logged into the app?
Add the [Authorize] attribute to your CertificatePDF action. This should require users to be authenticated. You can add the attribute to your controller class if you want everything to require authentication. Also for the opposite you can add the [AllowAnonymous] attribute to bypass authentication.
Related
I am a newbie in C# programming and web development. Kindly let me know how I can find the code files for the login and register page in ASP.NET MVC.
I created this simple web app using this crash course; https://www.youtube.com/watch?v=BfEjDD8mWYg&t=909s.
This is the screenshot of the page I want to locate and alter. I want to change the text next to the login and registration forms.
Looking forward to getting a reply from anyone who can help.
Thanks in advance
I tried looking in all the files, like the css file and all the files in the views folder, but I could not find the file I want to change the text on the registration and login page.
I check the video you provided and find that he created a project with Individual User Accounts, So the project will generate Register and Login page Automatically, But you can't find these pages in your project.
If you wanna find these pages, You need to Scaffold Identity:
From Solution Explorer, right-click on the project > Add > New
Scaffolded Item
.
From the left pane of the Add New Scaffolded Item dialog, select
Identity. Select Identity in the center pane. Select the Add
button.
Select pages you want to create, Here you can choose Login and Register page, Then To use your existing data context, select at least one file to override. You must select at least one file to add your data context.
After you finish these steps and generate page successfully, You will find these pages in Area/Identity/Pages/Account/... ,Then you can edit them.
More information you can refer to this Docs.
I want first page available to everyone and through form (no popup) and Active Directory authentication.
Everything is fine if I use Windows authentication but as I said I don't want popup and I do want first page aviable and with login form fields. Is this possible? If so how to achieve that?
Yes it is possible. You can setup your login controller's login function with [AllowAnonymous] which will make it visible to user even if user is not logged in and rest of the controllers you can specify [Authorize] ... Infect if you create a new template project with type of project as Intranet which will automatically setup your project with windows authentication.
I typed the following code and i got the login sorted.
s2-quickstart com.app User Role UserRole
Now, i want to get the View and Controller for the Login Screen. How can i get it. Should i generate it?
It's suppose to be there in auth/ controller and the action is login.
But i don't even have a auth model class. All what i have is User model class, which has attributes Usernmae, password etc.
2.) After successful login how can i redirect the view?
You are probably using spring-security-core:2.0-RC2, in this plugin version there is no loginController or logoutController in controllers folder like previous version, all about plugin are in target > work > plugins > spring-security-core-2.0-RC2 > spring-security-core-2.0-RC2
There you can find loginController, logoutController and auht view, i order to overwrite auth view, all you need to do is to create in app views directory a new directory and call it just like the plugin view in this case login and inside login a the views auth.gsp and denied.gsp
I hope this can be helpful
About your other question After successful login how can i redirect the view? , grails spring security core has two behaver.
First you can provide a default target it is done by setting grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/someurl
Second and default behaver if someone try to access some url in your app, SSC will intercept the request ask for credentials if user successfully authenticate then user will be taken to that url else SSC will ask again for credentials and so on.
Both behaver can coexist
A simple view example in this repo in github
A simple example how to set defaultTargetUrl in the same repo
i hope it help you
I develop a symfony 1.4 project,my issue with admin panel in backend,so I use the administration generator to do it.
I have a list of members generated automatically in backend,now Im hopping to add some custom action when a memeber edit her profile in backend,then I wish to add in edit page radio dial buttons give simple “Yes” or “No” Options. By default, the radial dial button is set to “No.” However, if the admin selects “Yes” then a popup window will come with the following text: “Are you sure you want to sell a new membership" and If the admin selects “Yes” and then saves the profile, a pop Window will need to display that reads: “New Membership sold"...
the problem is I can't change code because the form of edition page is generated using a plugin (sfguarduser) so It's deficult to make any changes?
Any Idea?
As the plugin documentation says, you can override the plugin module by creating a module with the same name in the application you want and by adding a require_once in the action.
As for your confirm and other javascript, you can override the generated partials by adding partials with the same name in your module, just as described here.
I'm experiencing a very strange problem. The user sees in the browser another content of a subpage than the page editor has defined. I have no idea where TYPO3 gets the wrong content. If I preview the page from the editor it is everything correct. But from the view of a normal visitor of the page I see the wrong things.
Following TypoScript:
config {
// Administrator settings
admPanel = {$config.adminPanel}
If there are some hidden or user restricted elements, they will be shown as long as you're logged in the backend as well (Maybe check the admin panel preferences, take a look here: http://typo3.org/1215.0.html )