This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Limiting User to a single view ID / URL

derekcsmith over 5 years ago

I was given a request to create an account without a password so that anyone in the company can view a single noc view that I have limited to show very specific information.

The account is created without any permissions, a homepage view and default summary view as that noc page and no other access. However if the user were to change the view id in the url they can view other noc views which have a wide variety of information depending on the view. This is obviously a security risk. I have seen older posts on this issue but I have not seen any resolutions.

Anybody have any ideas how to lock down the users view so that it only shows the one id/url?

Thanks for your time.

Top Replies

conguir over 5 years ago in reply to derekcsmith +2

Hi Dereck there are two options here: you can use IIS feature URL filter. This will allow you to only allow specific URL only: Deny URL Sequences <denyUrlSequences> | Microsoft Docs Or you can use another…

0 d09h over 5 years ago

Have you tried the DirectLink account with a limitation? https://support.solarwinds.com/Success_Center/Network_Configuration_Manager_(NCM)/NCM_Documentation/NCM_Administrator_Guide/180_Configure_automatic_login/030_Using_the_DirectLink_account
Cancel
Vote Up 0 Vote Down

Cancel
0 derekcsmith over 5 years ago in reply to d09h

Yes, the DirectLink account is the one we are using. The limitations are set but a user can still adjust the url to see different views (ex. .../Orion/SummaryView.aspx?ViewID=104 to .../Orion/SummaryView.aspx?ViewID=108). I would like the user to get an error message or get immediately directed back to their one view should they change the url.
Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 conguir over 5 years ago in reply to derekcsmith
Hi Dereck
there are two options here:
you can use IIS feature URL filter. This will allow you to only allow specific URL only:
Deny URL Sequences <denyUrlSequences> | Microsoft Docs
Or you can use another IIS feature, URL Rewrite. This will give you a more granular level of control and will hide the URL to the end user.
URL Rewrite : The Official Microsoft IIS Site
The problems with both is that you can differentiate user, therefore all users will be impacted, however what we recommend is to get an Additional Web Server for that group of users that you want to limit the URLs.
Use an Additional Web Server
Raul Gonzalez
Prosperon - UK SolarWinds Partners
Installation | Consultancy | Training | Licenses
Cancel
Vote Up +2 Vote Down

Cancel
0 bradleynielson over 2 years ago in reply to conguir

ASP.NET Core controllers use a routing middleware to match incoming request urls and map them to actions. Route templates:

Defined at startup in Program. CS or in attributes.
Describes how to map URL paths to actions.
Used to generate URLs for links. Created links are usually returned in responses.
Actions are either directed by convention or routed by attribute. When placing a route on a controller or action, it is forwarded by attribute. For more information, see Mixed Routing.

This document https://sirinsoftware.com/:

Explains the interaction between MVC and routing.
How regular MVC applications use the routing functions.
Both are considered:
Regular routing is commonly used with controllers and views.
Attribute routing, used with RESTful APIs. If you are primarily interested in routing for REST APIs, skip to Attribute Routing for REST APIs for Remaining Components.
For more information about routing, see the Routing section.
Refers to the default routing system called endpoint routing. For compatibility purposes, you can use controllers with a previous version of routing. See the migration guide 2.2-3.0 for instructions.
Cancel
Vote Up 0 Vote Down

Cancel