I am developing a web site using ASP.net MVC. There are pages that are locked down and are only accessible by logged in users. If the user isn't logged in when trying to access these locked pages, then they are redirected to the login screen.
My question is, can search engines crawl these pages even though they are locked down to authorized users? If they can, should I be adding the meta tag rel="nofollow" or is there a better solution in MVC to block whole folders and its contents from search engines?
No the secured pages will also deny access to any search engine crawler.
the google bot will not be able to load the HTML in side the secured pages, however if there are links from the site to the secured page and if its loading the HTML, that could be index by google.
Related
I'm using cookies on my ASP.NET MVC site.
Recently I've noticed that there are many pages */(X(1)S(ofezdiyg5ae5veyvmylvjkgd))/***
shown in Google and Yandex.
I've investigated and found out that they are pages with cookieless authorization.
I turned cookieless off in my Web.config.
Now my site requires cookies to operate.
But neverthess these pages are still working and have code 200.
I want to stop them working - and redirecting to normal pages.
How can I do that?
I have a website (example.com) that is a WordPress site hosted on WSYNTH.
I am redesigning the site, same domain (example.com) in ROR hosted on Heroku.
I have been told that for SEO purposes, once I point my domain to the ROR app on Heroku, all the old pages from the Wordpress site will go dark. (Makes sense.) But this would be very bad for SEO, since example.com will now have many URLs associated with it (created from the WP site) that are no longer valid.
I've heard that a 301 Redirect for those WordPress URLs will take care of this SEO issue. But how and where should I do this? Should I be installing a plugin in WordPress that will automate the redirects to the pages I want to send them to in the ROR/Heroku app?)
Also, is it possible to keep some of those old WordPress URLs live?
DNS
The 301 redirect is not the issue - you can use Wordpress itself to redirect to specific pages (using the simple 301 redirects plugin), or a better way will be to redirect your domain (with your DNS) to your Rails app, and then use the routes to handle any stray pages
The world of "SEO" is highly overrated - Google is just a system which
follows links. If it cannot find a page, it removes it from its
rankings; if it can find the page, it judges its on & off-site
optimization to determine its relevance.
This means the only thing you need to concern yourself with is ensuring you don't have any "holes" in your URLs. The redirections essentially mean you will tell Google to follow a link to the new page
--
Redirections
The first thing you need to do is ensure you have the new pages you wish to show on your site. Preferrably, you'll want to make as many of them as identical to your previous URLS as you can.
Secondly, you can introduce redirects in your Rails routing system to give Google real pages when it visits the links for your Wordpress site:
#config/routes.rb
get '/your-old-post-name', to: redirect('/your-new-post-name')
This will mean you will have to create redirections for every wordpress post in your new Rails app - but should give Google the knowledge that those pages have changed, to which it will update
I have a technical requirement to start from a "public" (non-secure) physical ASPX page and then bridge into an MVC 3 application. I have figured out the changes to "routing", but the MVC [Authorize] does not seem to recognize that the user (cookie) is authenticated. It keeps taking me back to the ASPX login page.
Has anyone successfully used a standard, physcial page as login, and then transfer into secure MVC? This is part of a larger SSO design effort.
I want to create another logon page for external direct link(multiple projects need identity Logon page appearance.)
Is that possible to create another view for logon controller or I need to create another controller? I tried to create another controller, but I can not access at all.
Is there someone get some good ideas about that??
Cheers
If you are using same authentication mechanism, you can just pass external URL as parameter
http://yourwebsite/Account/LogOn?returnUrl=<external url>
and then redirect the page to the return URL after authentication.
It's a bad idea for your logon to return to an external link. don't do that. See Ch7 of the Wrox Professional ASP.NET MVC 3 book.
This is known as an open redirect attack. There's code in ASP.NET MVC 3 internet template for the Account Controller which prevents Open Redirect, but the risk of allowing it is that anybody can give out links to your site's login address with a malicious url in the return url query string. By allowing this Open Redirect, you make your site's visitors prone to social engineering. A hacker could send out links to your site to your users. They click, it looks like your site, address bar is right, the site appears secure, cert good and all. They logon, then they're redirected by your site to an external url. The external url may have any code running at all, and could make your users vulnerable to any number of attacks/ javascript attacks.
I know I mention MVC in particular, but the same holds true for any site.
If you need a logon page for another site, then you need to copy in the controller and views to that project, as well as setting up the config in that project (you can view your existing project for the appropriate settings).
Are your sites all related, with the same users and such? or are they separate disparate sites? If they are all related, can you put them in one project? That way you could just use the one membership provider and db, and different controllers/view folders for the different sections of your site?
Or are you in a domain where you can use Windows Auth and skip showing a logon page?
Or do you want to go with a single sign on application like ACS in Azure or STS server, or something. (look for good/modern book on WIF, which discusses ACS 2.0, if so)
I'm learning the difference between these to concepts.
I want to build a public Sharepoint site, and is one better than the other for this use, or is it too general of a question?
At a very general level; application pages are stored on the web server's file system (also known as the "12 hive") and run in a more priviledged security context. You tend to use these to create administrative interfaces.
Site pages (such as default.aspx) are user-targeted, and available for customization via SharePoint designer.
Site Pages can contain one or more webpart zones each zone may contain one or more webpart zones.
Site pages can customized
Site Pages not supprot code behind file.
Application pages such as Create.aspx,Themeweb.aspx.
Application pages Can't customized
Application pages support code behind file.
Site Pages:-
Site Pages are Site or Web Scoped,
User can customize Site Pages,
Site Pages are stored in Content Database,
You cannot have custom code in Site Pages,
Site Pages are Un-ghosted Pages.
Application Page:-
Application Pages are farm scoped,
No customization can be done by the user,
Application Pages are stored in WFE(Web Front End) in _layouts folder,
You can have custom code in your Application Pages,
Application Pages are Ghosted Pages.