How to restrict accessing a website by IP Address or Domain Name

Suppose in an organisation there is a scenario that they want the website to be
accessed only by certain IP Addresses and wants to restrict others from accessing,
we can use the feature in IIS for that.

In IIS 6 :

Right click website - Properties - Directory Security tab - Grant or

deny access to this resource using IP addresses or Internet domain

names as fig 1

Create Report using ReportViewer

Reports can be created using third party Applications like Crystal Report but if we are
using Microsoft's report we will get the flexibility as it avoids deployment issues
regarding versions and license.

In this article I will explain how to create a report using Visual Studio Report(.rdlc)
and display using ReportViewer Control in Local Processing mode.

ReportViewer Control can be used in two processing modes, Local and Remote.

In Local processing mode, report processing takes place in the client Application
where as in Remote processing mode, processing takes place in Reporting Services
Report Server of MS Sql Server 2008 or above.

Display report using ReportViewer Control in Local Processing mode can be used
as an alternative to Crystal Report or other Softwares.

For this DataSets can be used.

I will summarize the steps below:

1. Create one typed Dataset as follows :

Right click in Solution explorer -> Add New Item -> DataSet
It will be created by default in App_Code folder.

In DataSet Designer-> Right click -> Add DataTable.

In DataTable -> Add Column
Define all columns with definite DataType in the DataTable as per the fields
required as shown in the figure below :

2. Create Report Wizard as following :

Right click in Solution explorer -> Add New Item -> Report Wizard- Click Add

-> Click Next -> Choose the created DataSet as the Data Source

-> Click Next -> Choose the report type as tabular

-> Click Next -> Choose the available fields

-> Click Next -> Choose the table layout as stepped

-> Click Next -> Choose the table style

-> Click Next -> Click Finish

Report will be created as the following :

We can design the report as per our need.

If we want to add a header image, we have to do the following :

Click on the top toolbar menu, Report -> Embedded images
New Image -> Add

Drag Image control from the report's toolbox and select in properties window,
source as Embedded and value as the image name from the dropdownlist.

Now the report wizard is ready.

3.  Create a function that returns the typed dataset created above and the code for
it in Business Layer and Data Layer Classes is as the following :

App_Code/AgentBLL :

public DataSet1 getAgentReportData()

{

   return DAL.getAgentReportData();

}

App_Code/AgentDAL :

public DataSet1 getAgentReportData()

{

        string connectionString =            ConfigurationManager.ConnectionStrings["conn"].ConnectionString;

        DataSet1 ds = new DataSet1();

        using (SqlConnection dbConnection = new SqlConnection(connectionString))

        using (SqlCommand dbCommand = new SqlCommand())

        {

            string commandText = "SELECT AGN_ID,AGN_NO,AGN_Name from Agents order by AGN_SEQ desc";

            dbCommand.CommandText = commandText;

            dbCommand.Connection = dbConnection;

            dbConnection.Open();

            SqlDataAdapter da = new SqlDataAdapter();

            da.SelectCommand = dbCommand;

            da.Fill(ds, "DataTable1");

            dbConnection.Close();

        }

        return ds;

}

4. Create webform and place Microsoft ReportViewer Control in it. The code for it is :

Report.aspx :

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Report.aspx.cs" Inherits="Report" %>

<%@ Register Assembly="Microsoft.ReportViewer.WebForms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

    Namespace="Microsoft.Reporting.WebForms" TagPrefix="rsweb" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

    <title></title>

</head>

<body>

    <form id="form1" runat="server">

    <div>

        <rsweb:ReportViewer ID="ReportViewer1" runat="server" Width="882px">

        </rsweb:ReportViewer>

    </div>

    </form>

</body>

</html>

Report.aspx.cs :

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using Microsoft.Reporting.WebForms;

using System.Data;

public partial class Report : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

        if (!IsPostBack)

        {

            ReportViewer1.ProcessingMode = ProcessingMode.Local;

            ReportViewer1.LocalReport.ReportPath = Server.MapPath("~/Report.rdlc");

            DataSet1 ds = new DataSet1();

            AgentBLL bll = new AgentBLL();

            ds = bll.getAgentReportData();

            ReportDataSource datasource = new ReportDataSource("DataSet1_DataTable1", ds.Tables[0]);

            ReportViewer1.LocalReport.DataSources.Clear();

            ReportViewer1.LocalReport.DataSources.Add(datasource);

        }

    }

}

The output will be as the following :

Tips for common Issues :

Inorder to show width and height of the table columns and page of report correctly

while printing and while exporting to pdf we have to follow the rule that 

Body.Width <= Report.Width - Report.Margins.Right - Report.Margins.Left.

If we follow the above rule it will avoid blank pages coming in between in pdf

and also while printing. While printing we have to adjust the report page size 

both width and height according to the paper size and also according to the 

print Layout we require,either Portrait or Landscape.

If there is issue of Print button not displaying in ie, add the url of the website to
compatibility view settings.

While printing if it displays the error "Unable to load client print control", install
Microsoft ReportViewer 2008 SP1 in both web server and local pc, if we are
using ReportViewer of VS 2008 otherwise install SP1 of the appropriate version.

IIS Security and Permissions for Websites

IIS uses both built-in accounts of IIS as well as built-in accounts of windows for the
security.

While deploying an Application in IIS we should be aware of rights of each account
and prevent providing high access privileges to the files or folders in order to avoid
security risks.

IIS built in users and group accounts:

IUSR :

IUSR is the default built-in account (in IIS 7 and above) that is used by the IIS when
the anonymous access is enabled. Any unauthenticated visitor (basically normal visitors)
uses this Internet User account.This account must not be given high or privileged
permissions for critical files of the Website or Application.

In earlier versions of IIS, IUSR_MachineName was used for anonymous authentication
requests. IUSR account does not need a password and hence user does not have to worry
about password expiration. Before IIS7 each account and group has unique SID or Security
Identifier and is different for the different computer and hence cannot use 'xcopy/o'

to copy files along with their Access Control List and Ownership information to different
computer. This problem is solved in IIS 7 since SIDs of each built-in user or group account
will be the same on all systems that is using Windows Server 2008 or above.

IIS_IUSRS :

IIS_IUSRS is a built-in group from IIS 7 which has the minimum set of user rights
and permissions required to run an Application. It facilitates the convenient way that
if any user account is added to this group, it can be used as an Application Pool identity
without having to manually assign user rights and permissions to that account. In
previous versions of IIS, this group was called IIS_WPG (IIS Worker Process Group).
If any permission has to be given to any file resource for all accounts that run ASP.NET
Applications, we can give access of that resource to IIS_IUSRS in general instead of 

specifically assigning separately.

IWAM_MachineName (of IIS 6 and below) :

In IIS 6 there was IWAM_MachineName (Internet Server Web Application Manager)
account which is used for starting out of process Applications like COM or DCOM
in IIS 5 isolation mode. Out of process Applications are applications that runs in a
different process space compared to the one using it where as In- process Applications
runs in the same process space as the one using it. For In-process, local method call is
used for communication but for out of process, remote procedure calls are required for communication. Examples of out of process are Java's RMI and Microsoft's COM
component.

IUSR and IWAM should only be given permissions to what they need and should 

not be given permissions to access anything critical.

From IIS 7, IUSR will handle the functionalities of IUSR_MachineName and 

IWAM_MachineName.

In short IUSRS is the replacement of IUSR_MachineName and IIS_IUSRS is the
replacement of IIS_WPG in IIS 7.

ASPNET (of IIS 6 and below) :

In earlier versions of IIS there is ASPNET user account which is used for running the
ASP.NET worker process in IIS 5.0 isolation mode.This account doesn't exist from
IIS 7 onwards.

LocalSystem :

This account has the highest privileges of Administrator and if any worker process
identity runs under this account, it will have full Administrative privileges of the
entire system and hence if given it can be a security threat. Therefore it should be given
only in unavoidable circumstances.

Network Service :

This account has less access privileges than LocalSystem but it can access network
resources and remote databases using  the local computer's credentials or Windows
Authentication. In IIS 6 this is the default identity used by the ApplicationPool.

LocalService:

This built-in user account has the least privileges than Network Service and its access
level is limited to the local system and doesn't have network permissions.This is used
in case of scenario where access outside the server is not required.

NTFS permissions :

Basically there are two types of Access Controls, NTFS permissions which is controlled
by the Operating System and Website permissions controlled by the IIS. NTFS permissions
can be used only for drives that are formatted in NTFS (New Technology File System) and
not for FAT (File Allocation Table) which is a legacy file system.

Various NTFS Permission levels are :

- Full Control - Users have full control over the file including taking ownership of it.
- Modify - Users can view,modify file and file properties, delete and add files to the
  directory. Users cannot take ownership of the file or change file permissions.
- Read and execute - Users can view and run executable files including scripts.
- Read - Users can view files and file properties.
- Write - Users can write to a file.
- List folder contents - Users can view the list of files inside the folder.

While assigning permission we should take care that write NTFS permission is given
only for the file that needs to be modified by the Application on run time and it should
not be given for remaining files or folders inorder to avoid unnecessary data uploading
to the web server.

How to secure FTP Sites?

In case of FTP sites , credentials are passed over the network and are not encrypted or
encoded and hence are vulnerable to malicious users. In order to make it more secure we
can use it over an encrypted channel like VPN secured with PPTP (Point To Point Tunneling Protocol) or Internet Protocol Security (IPSec).