There is a lot of discussion about todays fix for ASP.NET to prevent an attack that can be used to get the encryption keys from an application. In one discussion I read that it could also be used to make the WebResource.axd handler return any file in the application by forging the request parameters to point to a known file location (where /web.config would be the most obvious choice).
View 1 RepliesI have a VS 2008 web application that I need to capture the full file path (directories and file name) from the selected file. So user selects a file and then clicks on one of the buttons which transfers control to my code for processing. So how do I get the file path? I can get the file name, but not the path.
View 2 RepliesI'm working on an ASP.net web application. I'm getting errors on some of my pages where I get runtime JavaScript errors. I've narrowed the problem down to a single ASP Menu control on the master page. I created a blank page with just the ASP Menu control. The ASP Menu control is bound to Web.sitemap. The page intermittently gives runtime errors. However, if I refresh the page, the error may or may not appear on any given page load. Sometimes, it works; sometimes, the browser throws runtime errors when loading the page or when I mouse over the ASP Menu control.
When I catch the error in Visual Studio, the message is "microsoft jscript runtime error 'sys' is undefined". When I Google for this message, I find that it is usually associated with AJAX. However, the ONLY thing on the page is a single ASP control. There is absolutely no Javascript on the page except for what gets generated by the .net framework. What could be causing this problem? UPDATE I've found out that my environment actually has load balancing with a web farm of three servers servicing the URL. When I access the application on any one of the servers individually by IP address, everything works fine.
To clarify, I understand that when a user hits the public-facing URL, it resolves to x.x.x.1. x.x.x.1 is the address for a switch which routes the request to either x.x.x.2, x.x.x.3, or x.x.x.4. When I use the public-facing URL, I find that some of the axd file requests are intermittently rerouted to Error.aspx! WTF? I'm told that this is the result of a security feature that is meant to protect me from cross-site scripting and other assorted bad stuff. What can I do? Update After taking out some error page auto-redirects, I get a more meaningful error message: ASP.NET Ajax client-side framework failed to load.
I am rendering custom control. I rendered the css file on the prerender. When i rendered more than one control in the aspx page, the css will loaded the number of times the controls in the page. I want to load the css file only one time. How to check the webresource css file on rendering whether it is loaded or not.
View 1 RepliesI have a web control and it needs to inject JavaScript content into ASPX page using RegisterStartupScript. But I don't see a way of doing so. If I use this.Page.ClientScript.GetWebResourceUrl it will return URL which can be used for RegisterClientScriptInclude, but I need the content of the file injected and not reference.
View 6 Repliesi have two application suppose wwwroot/one and wwwroot/two.
there is one .aspx page on "one" application into which i want to get file(.xml) from application "two" and do some work on that file like save,edit,delete etc..
and than save that file into "two" application.
like
wwwroot/one/MyFile.aspx --> this is file into which i want to access aaa.xml file from application two/File where File is a folder. all file operation is here.
wwwroot/two/File/aaa.xml --> this is xml file which is reside in another application
I need to make an autoupdater for my application. This has been done, and it is working perfectly. However, my application currently downloads version.txt, and reads it to work out whether it needs to download the new application. This is hideous, and slow, and was only supposed to be very temporary. It is also very annoying that we have to update this file every time we release a new version.
My boss wants me to create a webpage that reads the version data from the uploaded .exe, and then returns that to the Desktop application. Therefore, I would be able to call www.example.com/version.aspx, and it would return the version number, such as 1.1. I could then compare to the current version (don't worry, it is generated on the fly, and not hard coded) and then I could download the application if required.
Here comes my question. How would I go about this? I have heard of CGI scripts, and asp.net. Which one of these has the power to solve my problem. If you could just tell me that, then I will be all sorted, as I could read up on it, learn, and broaden my knowledge.
If this is not possible, or not easily possible, is there any way of reading the file version of a remote .exe, without downloading it. This would also be preferable in many ways.
P.S. I did try to explain this to my boss, and suggested that maybe he could either do it, but he is not very good at web applications, and refused, saying that it would broaden my education in this matter.
EDIT: Somehow forgot to add: I normally program in C#, although this application should be so small, that it would not really matter. Also, C# code would be ideal, if there is a way to check the version of a file on a remote server.
How to return a script file in MVC3?
This is not working.
Function Index() As ActionResult
Return JavaScriptResult(Url.Content("~/scripts/testing.js"))
End Function
I've build a MP4Handler. The Mp4 hander selects a correct file from a url.The system works if you work with 'normal' mp4 files.But the problem is the MP4 files are genrated by another program, so i think there's the problem.Right now i returned a test file, then it woks great!Do i return the other file, i get a 412 error if i use it in IE (he shows a 400 error because i deleted the 412 error in the IIS i thought maybe that solves the problem). In IE it doesn't work, but in firefox it works great!In my Fiddler result, the first movie (guid url) is from firefox, and works great. The second with the text/html result (selected row) is from IIS.How can i solve this problem?Or is this the problem?:This entity tag is not recognized by IIS. It only affects version 7.0 of the IIS software.From: http://www.pc-library.com/errors/error-code/412-0x19C/ As coding i use this as base: http://dotnetslackers.com/articles/aspnet/Range-Specific-Requests-in-ASP-NET.aspx I changed The GetRequestedFileInfo with:
public override FileInfo GetRequestedFileInfo(HttpContext context)
{
return new FileInfo(context.Request.PhysicalPath);
}
ASP.NET automatically includes the following script tag:
<script src="/WebResource.axd?d=8H_C0aee9xE8e9a-3YoRhA2&t=633413907763620168" type="text/javascript"></script>
However the clients site is being proxied through another site. So the URL to the root of their site is:
http://domain.com/somename/
So I need to prefix the WebResource.axd with /somename so the resulting tag will look like this:
<script src="/somename/WebResource.axd?d=8H_C0aee9xE8e9a-3YoRhA2&t=633413907763620168" type="text/javascript"></script>
What I am not sure is how to actually set this? Is there a web.config setting I can set so it has this prefix?
Possible Duplicate: How to create file and return it via FileResult in ASP.NET MVC?
ASP.NET MVC2: How to return a file from a controller? I want to do this so the user can download the file from server.
I've a problem while using ASP.
My situation is I want to convert every documents' contained words into database and upload those document to server.
For example: MS word, MS Power Point, MS Front Page and PDF files.
Those words needed to store into database and let others to search by content.
(probably a bot) sent a request with the following URL to my ASP.NET 4.0 web forms application (running on IIS 7.0):http://ipaddress-of-my-applications-domain/bla1.bla2.bla3.bla4.bla5:)This caused an System.Web.HttpException. I received a logging email from ASP.NET HealthMonitoring I had configured, telling me:A potentially dangerous Request.Path value was detected from the client (:).
System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Why is a colon in the URL "potentially dangerous"? What dangerous things can be done with such a URL? Do I have any security hole here I am not aware of?
On a windows 2008 web server, I get the following error whenever posting a form containing html tags in textboxes:
A potentially dangerous Request.Form value was detected from the client (widget$txtText="
This is a common error and you fix it by either doing Page ValidateRequest = false or in the web.config with pages validaterequest = false. However, on this specific server, it completely ignores the validaterequest = false and throws this exception anyway. Has anyone seen this behavior before and know what else I can do to prevent this error? I've seen it in 2 web apps now on the same server, it's really weird.
I have contact form on my website - but when somebody write html tags in this form or any other form he sees error website:
A potentially dangerous Request.Form value was detected in ASP.NET MVC
On this site:
http://www.coderjournal.com/2009/02/potentially-dangerous-requestform-detected-aspnet-mvc/
somebody writes that we should use [Code]....
[Code]....
[Code]....
I'm getting this error below, but it is in Admin pages so it will never be a potentially dangerous request. Is there a way to override it?
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContentPlaceholder$FormView1$FCKeditor7="<p><p><...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContentPlaceholder$FormView1$FCKeditor7="<p><p><...").
I am generating a System.Drawing.Bitmap on the fly in an ASP.NET Custom Web Server Control, and then I want to serve this bitmap as part of the WebResource, because I do not want to save it on the hosting computer. Is there a way to instruct ASP.NET to serve the generated System.Drawing.Bitmap as part of it's WebResource? (therefore making it an "Embedded Resource")
View 1 RepliesI have developed some ASP.NET server controls which include their own javascript and css files. A lot of these controls use jQuery extensions which, as you know, often include their own css files.
I'm using Telerik's RadScript manager which combines the javascript like a boss. However, I'm using the AjaxToolkit's ClientCssResource attribute to include the css files in my server controls, and I have noticed that the CSS files are not getting combined at all. My pages have 10-15 WebResource.axd requests for css files for my server controls.
Everything I find only is about combining javascript, and nothing tells me how I can combine the CSS files. Does anyone know if there is a way to combine the CSS dynamically (I don't want to manually combine as each page might use a different subset of the server controls)?
My web application [URL] is currently requesting the WebResource.axd file like this:
<script src="/WebResource.axd?d=xxx" type="text/javascript"></script>
As we're using urlrewiting in a Netscaler to forward all requests for the "/social" folder onto a seperate server farm containing this app, the "/" root path won't resolve correctly as it will be requesting the resource from the something.com app.
Therefore I need to change the url of the requested script to either request it explicitly:
<script src="/social/WebResource.axd?d=xxx" type="text/javascript"></script>
or to request it using a relative path:
<script src="WebResource.axd?d=xxx" type="text/javascript"></script>
So far I've looked at overriding the render method, using a control adapter and various other things but haven't really got anywhere as of yet.
My website is looking in the wrong place for the scriptresource.axd and webresource.axd. How do I point it at the correct subfolder? Or how do I set it so that scriptresource.axd and webresource.axd are stored in the root of the website?All the ajax is done within subfolders. The web.config is at the root of the website.
View 2 RepliesI have three XML files that are auto-generated and placed into my wwwroot directory. From there, I need to be able to search through these XML files looking for a record by either first name or last name. So, I have three xml files: a_results.xml, b_results.xml, and c_results.xml.
I'm having trouble reading / scanning these files so I really need some hand holding here. Very novice ASP/asp.net programmer here. Basically, I want a "search page" where the user will enter their search criteria into a text box (either first or last name) and the page will search the first and last name fields in all three of my xml files and return the results in a table, including the resulting first and last names plus their extension number.here is an example of one of the xml files
Code:
<response method="switchvox.extensions.search">
<result>
<extensions page_number="1" total_pages="1" items_per_page="500" total_items="3">
<extension number="1111" status="1" can_dial_from_ivr="1" account_id="1446" display="John Smith" date_created="2009-12-23 11:57:36" type="sip"
[code]....
So, as an example... I go to the page - enter "test" into the search box and click "find". The page should search all three xml files for the word "test" in the first OR last name fields and then return ALL of the combined results in a table which shows first name, last name, location and extension number (all available in the XML file(s) as shown above).
When an ASPX page needs to make a call to a potentially long-running operation (lengthy DB query, call to a remote webservice, etc.), I use RegisterAsyncTask, so the IIS worker thread is returned to the pool, rather than being tied up for the duration of the long-running operation. However ASMX webservices don't have a RegisterAsyncTask function. When an ASMX webservice needs to call a potentially long-running operation, how can I implement the same behavior as RegisterAsyncTask? Note: the ASMX webservice is implemented as a script-service: returning json to a direct jQuery/ajax call. Therefore, I cannot use the "BeginXXX" approach described by MSDN, since that implements the asynchronous behavior within the generated client-stub (which isn't used when calling the webservice directly via ajax). EDIT: Adding source code: implemented the BeginXXX/EndXXX approach listed in John's answer. The synchronous "Parrot" function works fine. But the asynchronous "SlowParrot" function gives an internal server error: "Unknown web method SlowParrot"
WebService1.asmx:
[code]....
I am Getting this error
A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtEmbed="<embed src='http://a...").
when i am opening a modalpopup extender on link button click and in code behind i am assigning the textbox
value="<embed src='http://auddia.com/player-viral.swf' height='20' width='200' allowscriptaccess='always' flashvars='volume=100&autostart=false&file=http://auddia.com/Audios/audioStream_1299222864888_19.flv&plugins=viral-1d'/>
and also i set the ValidateRequest="false" in the page directive's. and in code behind i also use HttpUtility.HtmlEncode . but again and again i am facing this error
"A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtEmbed="<embed src='http://a...").".
I have one asp.net application, which has some problems while i am entering the special characters such as ": &#, " in the search box. If i enter this text in search box, i got the exception like this. A potentially dangerous Request.Form value was detected from the client (txtValue=": &#, ").
then i searched on the net, i got one general solution for this that to set the validaterequest to false. But no changes has been made on my application.
We have an array of about 12 servers serving a website. Over the past few hours, one single server has started throwing exceptions for WebResource.axd and ScriptResource.axd requests.
Exception
System.Web.HttpException - This is an invalid script resource request.
Stack Trace
at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Broken server URL
/WebResource.axd?d=S6kjkBsrIKni9uO5HCkv0c8eYObzibWXn9R6A7Yr_Fy7CW4dRFZm1HfcnUTEZ8xBYZDM-5zeTVk1tTgC1hp7d5YYw3o1&t=634308186300177825
All other servers URL
/WebResource.axd?d=yj6PW1hbOvqhMkOh2gYGlw2&t=634207187366247462
I have checked the web.config, machine.config for every server and they're all identical. The only difference been able to find so far is that prior to the problem commencing, the servers were patched, after which, the problematic server looks to be using different version of the System.Web.dll to the others?