I built a small website and there will be only one admin, so in the admin panel I am asking for a password with a value that I do not retrieve from a database, I just hard coded it in the function in code behind, I know this is wrong though I don't know why.
So is hard coding it in web.config the right thing to do? and how?
As far as it being wrong... the problem is that if you ever need to change it, and it's hardcoded in your codebehind, you need to recompile,republish, re-deploy your website, whereas a change to the web.config can be done without doing this.
You could put it in an AppSetting in the web.config like so.
<appSettings>
<add key="AdminPassword" value="ASDF1234" />
</appSettings>
and use this code to retrieve it
System.Configuration.ConfigurationManager.AppSettings["AdminPassword"].ToString()
Though I'd have a look at this.
https://web.archive.org/web/20211029043331/https://aspnet.4guysfromrolla.com/articles/021506-1.aspx
It covers encrypting sections of your web.config
Nothing wrong with Eoin's suggestion for tiny projects but if your project may someday need more than 1 admin and different types of users roles. I would take the hit and setup ASP membership.
http://msdn.microsoft.com/en-us/library/ms998347.aspx
You can use integrate it into windows or use a database and it's not too hard to setup. Especially if you use the built in config tool in IIS.
Related
This is an odd question, in that I'm not trying to display a page in EnterpriseMode - I'm trying to prevent it from displaying in EnterpriseMode. I'm assisting the Webserver team, so my access is limited to only changes in the page itself.
The twist is that the rest of the domain has to be displayed in EnterpriseMode, save for this one page.
I've tried utilizing an XML document and changing HKLM\software\microsoft\internet explorer\main\enterprisemode -- setting SiteList to my file location on the local machine, and Enabled to blank. The page ignores this and loads itself into EnterpriseMode anyways.
Example of my Site.XML. Note: I've changed the server name to protect the innocent. Also I'm having to use the escape characters so the note quits trying to interact with my example. I could've sworn code block should've stopped that.
<rules version="1">
<emie>
<domain exclude="false">internalportal.ExampleServer.com<path exclude="true">/OperationsRecap/</path></domain>
</emie>
</rules>
I've tried the same thing in the HKCU key, and even checked gredit for anything that might be pushing it to default. No such luck. This should be a fairly simple procedure, but it's stumping me. I'm starting to wonder if the Webserver team has a customHeader stuck in web.config, but I don't have access and I've been waiting for an answer from them for a few days now. And by 'waiting' I mean 'continually hounding'.
Compatibility mode doesn't seem to make a difference, whether its on or off. I've several sites with different settings that get the same problem - and then several sites with different settings that do not get that problem. There does not appear to be a rhyme or reason in terms of configuration on the local machines. So while it's tempting to call it an issue with IIS7 web.config and dust my hands of the whole thing, I have to be absolutely certain.
I've dug at the source code, and literally the only difference is in the META tag. Those that load correctly load X-UA-Compatible as IE=Edge, like they're supposed too. Those that do not load as IE=8, despite all my attempts to force them to stop that. In fact, when it fails to load I can go to tools on the IE11, de-select EnterpriseMode, and it reloads just fine. The META tag changes as well in the source. Again, whether compatibility mode is on or off, whether there's a list in play, utterly ignoring any changes I make to EnterpriseMode key.
Thoughts?
Found the answer. I was looking in HKLM\software\microsoft\internet explorer\main\EnterpriseMode
I should have been looking in hklm\software\policies\microsoft\internet explorer\main\EnterpriseMode
Lesson learned, stupid mistake.
I have used Intellegencia UrlRewriter for a while now.
I used it with VB class that looks up the product Name and gets the relevant ID number to use for the querystring.
It works great.
How can I do the same thing in Umbraco?
I have thought of 1 way:
To use url structure of ~/products/product_name/ (which is really ~/products/product.aspx?id=XX) and add ~/products/* as a reserved folder and basically take this entire page out of Umbraco.
The problem is that my client would like the site structure to be ~/product_name/ (not in a subfolder). My problem is that I don't think I have any way to tell Umbraco not to handle these pages.
Can anyone help me?
You can inform umbraco to ignore paths with the following appSettings key in your web.config:
<appSettings>
....
<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/product_name/" />
This key is included in the web.config by default so you can search umbracoReservedPaths and you will find it. Simply add your path and umbraco will ignore it. You may also specify individual pages with the umbracoReservedUrls appSetting key.
Of note, you will see that in the /config/ folder there is a UrlRewritting.config for the urlrewritting.net rewritter already integrated into your umbraco install.
The client I'm working for has a CMS written in Yii. Currently a part of their business is customizing the CMS to meet the specific needs of each customer. About 90% of the code is reused, essentially by copying and pasting from one directory to another. While I've been working on this project, I've had to merge changes in to the shared codebase several times.
All, or most, of these sites are hosted on the same server, and it would seem that it would make more sense to have a single login, that changed what features we showed based on the login. In some case that means overriding whole or partial views (eg, the _form.php might change from customer to customer) including the controller and model. Most of the time, it means adding a new controller for a bit of functionality written just for that client.
I've read about having both a front and backend site here: http://www.yiiframework.com/wiki/63/organize-directories-for-applications-with-front-end-and-back-end-using-webapplicationend-behavior but that doesn't seem to be the right fit (I don't want everyone coming to a different start php file, for instance)
Ideally, I'd have users log in, and get assigned a site id, which will filter data in the shared MVC objects, and will add in the ones specifically for them, or override the ones where necessary
Intuitively it seems like something like this would make sense:
Shared controllers go here:
/protected/controllers
Overrides and additions for client1 go here:
/protected/controllers/client1
or:
/protected/client1/controllers
But I'm not sure how to get Yii to do this in the most efficient and easy to manage way. Is this something that's going to work with Yii, or am I breaking it in ways unintended? If it will work, what's the best way to accomplish it so that it's clear to me six months from now, or some random developer who replaces me?
Do you know RBAM ?
With Role Based access you can profile your application in more-or-less granular way
I have never worked on authorization in Vb.Net before. So the below question might sound stupid for advanced programmers. Please apologize.
I am trying to get the list of the Active Directory Groups of the logged in user. I was told that Roles.GetRolesForUser() is the best way to achieve it. I wrote the below code in my web.config.
<roleManager
enabled="true"
cacheRolesInCookie="true" >
</roleManager>
and added the below code in code behind.
Dim userRoles As String() = Roles.GetRolesForUser()
I see the userRoles.length is 0. I verified the user is having more than one active directory groups associated with. Either this is because the configuration which I set in web.config is wrong or this is not the way to get all the active directory groups for this user. Any suggestions are appreciated.
Either I am too stupid to understand the Roles.GetRolesForUser() or configuring it is really hard.:)
I solved this problem using IsInRole() method. I knew the possible ADGroups which would access my app and made that as a configurable item in web.config. Then used String.Split() and then manually checked with HttpContext.Current.User.IsInRole() to verify the user can access the app.
Does anybody have any idea if there exists a demo of a Kohana admin system? (i am thinking at one admin system like Django has one). I am building an online store, and i need a quick way to manage the products inside it. Is there any chance for me to be able to use the Kohana admin system in order to perform this task?
thanks!
i don't know any kohana admin.
the kohana auth will help you to create a security log-in but kohana don't have any pre-builded admin or scaffold.
The cause of kohana don't have any scaffold system or admin is because you will spend more time changing or adapting the admin/scaffold to your needs than do it from zero.
Kohana give you very very impressive tools to build and validate the forms.
If you read the docs carefully and you understand the docs you can program your own admin in less than half an our i guarantee you
A few months ago I was looking for something exactly what you are asking about. I was unable to find a finished product but I found many pieces. I have since been glueing them together as I see fit into the night. The project is quite a buggy mess right now but it works for my purposes. Once I get it in better shape I planned on posting it to my website or maybe github if I ever figure it out that is...
Lately however my job has gotten a bit stricter in regards to coming in early... so I can't code away into the night like I used to. Also, the last component: jQuery mobile UI is still in Alpha 3 so I'm in no major rush either...
My main questions are...
The following are the components it utilizes, will those work with your project?
If 1 == true... and this is for a potential project when would you need/like this module by?
Jelly -->
https://github.com/jonathangeiger/kohana-jelly
Formo -->
https://github.com/bmidget/kohana-formo
Formo-Jelly -->
https://github.com/bmidget/kohana-formo-jelly
Jelly-Auth -->
https://github.com/raeldc/jelly-auth
Jelly-Auth-Demo -->
https://github.com/rob/jelly-auth-demo
A neat admin template style -->
http://mathew-davies.co.uk/2010/03/13/free-admin-template.html
A x12 Grid from -->
http://960.gs/
jQuery Mobile UI Elements -->
http://jquerymobile.com/
Posted as answer instead of a message, just in case others are interested... Gauging the amount of interest will likely determine the amount of evening time sacrificed.
Kohana does not have a magical admin system like Django.