Using Or Extending ESAPI.NET V0.2?
Nov 30, 2010
I've been recently tasked with leading an effort to improve our input (and output) validation with OWASP recommendations and PCI compliance in mind. In the process, I'm trying to assess the value of the ESAPI.NET project which does not appear to have seen any activity since the spring of '09 and as it stands is incomplete.
Does anyone have experience using or extending ESAPI.NET v0.2? Is it a good starting place today for building out an infrastructure to address the targeted vulnerabilities?
FYI: I am looking at MS AntiXSS which, of course, only addresses a portion of ESAPI's scope. We already do a good job with SQL injection though there are improvements we need to make.
View 1 Replies
Similar Messages:
Jun 3, 2010
The GetRolesForUser() method in the RoleProvider takes the user login name and returns the list of roles for that user. But in my application this is not enough, I need a few more pieces of information to be able to get the user's roles. How can I get this extra information into the method? I have it in the Session, but I found out that Session is not available in the RoleProvider.
What I had in mind was putting this extra info in some class that extends MembershipUser, assuming I can get to it inside the RoleProvider. But I don't know how to create the CustomMembershipUser and make it part of the MembershipProvider. Is this even possible? The easy way out would be using cookies, but I'm trying to keep away from it.
View 1 Replies
Aug 23, 2010
Is it possible to Extend Textbox to have a Unique Name ? I have tried using UniqueID poperty,but this is not accessible with Request.Form("UniqueID")
View 2 Replies
Aug 15, 2010
When people talk about extending a control are they just talking about inheritance?
View 1 Replies
Apr 18, 2010
I have a rather large application that has literally a hundred DDLs with Yes / No ListItems. In an attempt to save myself some time, I created a custom control that extends the standard DDL.It all seems to work fine but I am having some issues when assigning the SelectedValue property in code where the selected value does not seem to have an affect on the control. I wonder if I should be adding my items during Init or PagePreLoad? Should I be calling base.OnInit before or after I add the list items? This mostly works but not 100%. (v3.5)
public class YesNoDropDownList : DropDownList
{
protected override void OnLoad(EventArgs e)
[code]...
View 1 Replies
Mar 5, 2010
When you create a webpage in ASP.net, the codebase inherits System.Web.UI.Page
Now when I extend the page object to check for SessionExpired for example, I create a new class and inherit from system.web.ui.page, and overwrite some functions.
The problem then is that on each page, I have to replace system.web.ui.page with my custompage class.
Is there a way to extend a class by adding methods or modifying its methods directly (e.g. add the sessionExpired check to System.Web.UI.Page) ?
I'm using .NET 2.0
View 2 Replies
Sep 30, 2010
I use two different collapsiblepanelExtenders with similar colapsedControlID which is not a matter here. ince both of them working but with some misbehaviour, for example if the first one is open and I click wherever on it , the second one extends. also by clicking on the second one it collapses.That means that some how an event triggers and makes them collapse or extend.I have a kind of editing panel inside each extandedPanel which are used to update something on the page. the problem is that by clicking on eachtextbox or fileupload, the second panel collapses again. before any other action. So that I can not enter the textboxes. I can do that if I use tab button on keyboard. but that sucks really.
[Code]....
it might be because the second extender is inside the collapsible panel itself. but why it doesn't stay in extended state?
View 1 Replies
Nov 17, 2010
I have been developing a pure MVC CMS for fun and have run into an annoying bug/feature of ASP.NET routing.Each dynamic managed page in my CMS is associated with a particular route that is pulled from the database. These are loaded at app start. When a user adds a new page or edits the Url of an existing page I need to be able to edit the RouteTable to insert/edit route accordingly.The problem is that the new route does not need to be simply added to the end of the RouteCollection, instead it may need to be inserted into a particular position. Seems logical enough except that the RouteCollection contains only a standard Insert(int idx, RouteBase route) method inherited from Collection<T> which doesn't contain the route name. The name of the route is important as I use it throughout to generate action links.Looking at reflector I can't see an easy way to extend this collection as the _namedMap dictionary is marked as private. I tried chopping the collection at the point of insert and re-adding each item again, however because there is no method to reverse lookup a route's name from the RouteCollection I cannot re-add them with the name they may have had before. So frustrating!!!Why is the name of the route not a property of the route object?Why if MS is serious about us extending MVC and Routing do they make crucial classes hard to extend?Any suggestions as to the best solution here?Edit :Ok maybe I should have been much much clearer here. I am not looking for a critique of my CMS design. I appreciate the comments but this is not what I am asking.
View 3 Replies
Dec 9, 2010
I were following the tutorial at this page of how to build my own view engine: [URL] And in hope of just extending the existing RazorViewEngine I made some changes to the code in the tutorial...
[Code]....
The thing is that now when I run my site..I get the following error: CS0246: The type or namespace name 'WebMatrix' could not be found (are you missing a using directive or an assembly reference?) and I just cant find a way to solve this..I have added the references.
View 4 Replies
May 19, 2010
We have an ASP.NET 2.0 site in which we use ASP.NET login / authentication controls.
Our users currently timeout after approx 20 minutes, forcing them to log back in, and this appears to be causing downstream errors in our application.
I have tried increasing the SessionTimeout value to 120 mins (<sessionState timeout="120" />) in the site's web.config file, and the "<membership userIsOnlineTimeWindow="5000" >" value in the web.config is set to 5000 minutes.
These are the only values / settings I can think of to affect this behaviour.
View 3 Replies
Mar 28, 2011
I am trying out ASP.NET MVC2. I have a controller called SearchController and a view folder called Search containing Search.aspx. In my controller I have:
[code]....
In my view I have:
<form action="Search/Post" method="post">
<label><% Response.Write(Model.Title); %></label>
<input type="Submit" Value="First" Name="submitButton"/>
</form>
It works fine the first time I click the button, and the browser shows a url of [URL]. However, when I click the button a second time the browser url changes to [URL] and I get a 404. What am I doing wrong?
View 4 Replies
Feb 23, 2011
am having an argument at work on the asp.net membership provider.One of my colleagues says we should modify the tables and add our own custom columns, and i prefer we create additional tables and add relationships.
View 1 Replies
Jun 23, 2010
1) Extend the CreateUserWizard control to insert additional User fields (eg. Gender, Age, Occupation, Address, Phone, etc...).
OR
2) Create a brand new Custom Membership Provider of my own and skip using the inbuilt ASP.NET membership system.
What is the best way to create a new User system with my own tables of User data as described above?
Should i perhaps still use the standard ASP.NET membership system and then extend my own Registration page to add more User data to my own SQL backend table using the Identity value inserted into the aspnet_users table?
View 3 Replies
Mar 12, 2010
I extend LinkButton and i get this error:
Compilation Error Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
View 2 Replies
Sep 2, 2010
Has anyone extended the Range attribute to be able to have a variable range?I have a similar need but I can't make this work:
public class YearRangeAttribute : RangeAttribute
{
public YearRangeAttribute()
: base(typeof(DateTime), DateTime.Now.AddYears(-100).Year.ToString(), DateTime.Now.AddYears(-14).Year.ToString()) { }
}
There is nothing on the page when it is rendered to the browser and the code above doesn't work.
View 4 Replies
Apr 2, 2010
A user who is browsing the site in french experiences no problems UNTIL they walk away from the site for 20 minutes. The site then defaults to english.
I am assuming - based on what I have seen with IIS and Application Pools - that the sites session variable is expiring OR the application pool is recycling. I have changed their limits to 600 minutes (which is 10 hours) and on a test server this appears to work perfectly fine.
On the live server, however, it does not work.
I have edited the <sessionState> variable on the web.config file to also timeout after 600 minutes, and this still doesn't help.
Is there something I am missing? Is there a way to programatically force the session state to not expire for 600 minutes? If there is, could someone provide a sample code snippet as I am a newbie to ASP.Net prgramming. I am using VB for my pages.
View 2 Replies
Jan 23, 2011
1. How can I extend the create user wizard to include an upload control to allow users to upload their CVs.
2. How can I use/extend the membership provider to save the uploaded CVs into the backend db?
View 1 Replies
Feb 16, 2010
What are the advantages of extending HtmlHelper instead of creating a Custom Class.
f.e. <%= Html.Table(data) %> vs <%= CustomClass.Table(data) %>
View 2 Replies
Mar 23, 2010
I have developed an application using IE8. I set my pages up using tables. I have not developed the css skills to be able to use only css. I realize that is the best way. When I change to browser IE7, all of my tables extend beyond the browser window. Does anyone have an advice?? I have set a fixed width and all elements seem like they should fit within the browser.
View 6 Replies
Mar 15, 2010
What would be the best way to extend the EntityDataSource control? I have a site that implements Entity Framework and I current create my model container and add it to the HTTPCurrent context. When I create EntityDataSource controls on the page I have to go into the code behind and set the OnContextCreating to add MY context to the EntityDataSource instead of the one that EntityDataSource creates. This is because in my model I have extended the Partial Classes to support Validation and custom Save/Delete methods.I would ideally like to create a custom control that I can drop onto a page that has its context already set to the context that I created.
View 1 Replies
May 11, 2010
if it is possible to extend the ASP.NET HtmlTextWriterTag Enum so that it includes HTML 5 tags? Specifically 'section' and aside' tags at the moment.
I'm trying to create a control which inherits from the Panel Control, but instead of it writing a tag I want it to write either a an 'aside' tag or a 'section' tag dependant on a property on the control.
I'm stuck using Web forms and VB.NET, so if the solution could take that into account it'd
[EDIT]
In the past I have changed the outer HTML tag of a panel by using the following code (this would render 'li' tags instead of a 'div' tag):
Protected Overrides ReadOnly Property TagKey() As System.Web.UI.HtmlTextWriterTag
Get
Return HtmlTextWriterTag.Li
End Get
End Property
I'm struggling to make this render a as a 'section' or an 'aside' tag though. I can get the control to render...
<div>
<section>
</section>
<div>
...but the perfectionist in me just wants to render...
<section>
</section>
View 1 Replies
Oct 18, 2010
I am new to ASP.NET security model, I need to perform a RIGHT-based security checking for every actions in my applications (e.g. CreateUser, UpdateUser, SearchUser....etc)
However, the built in ASP.NET security model only support ROLE-based security, and I would like to do something like that, but using RIGHTs.
Is there any idea, experience and post I can read and extends the ASP.NET Security Model to use RIGHT-based security to perform granular control.
e.g. How to I write my own HTTPModule, or make use of IPrincipal object.
If there any details steps/tutorial will be great, as I am very new to the ASP.NET.
View 1 Replies
Feb 23, 2011
below is what I'd like to do (but i cant because cant convert source type string to target type 'System.DateTime'). I want to localize the account.LastUpdated value from DateTime to localized string and have it available to use in my view. Im getting the account.LastUpdated from a service, which I cant control. what I get back is what i get back. do i extend AccountsViewModel to have additional properties in AccountsViewModelFormatted? [Code]....
View 2 Replies
Jan 13, 2011
Are there any ways in ASP.net to fetch data from the server without extending the session timeout? This needs to be done every few minutes without user interaction until the page is closed.
Additional context, as requested:
The pages in my webapp needs to poll the server every few minutes to check for a particular condition (emergency maintenance scheduled for 30 minutes time, in this instance). When the condition is true, the page will display a message to the user. When the condition is false, nothing needs to happen.
As I understand it, postbacks to the server reset the time until the session expires. We do not want the session to be extended/refreshed/reset/whatever the word is every time the page polls the server. I need a way to poll the server automatically without resetting the session timeout.
View 3 Replies
Nov 21, 2010
Currently my code resembles this:
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="CustomPanel.ascx.cs"
CodeFile="CustomPanel.ascx.cs" CodeFileBaseClass="System.Web.UI.WebControls.Panel"
Inherits="MyProject.CustomPanel" %>
...
namespace MyProject
{ public partial class CustomPanel : System.Web.UI.WebControls.Panel
{ ... }
}
However, I'm really not sure how to proceed from here, because this does not appear to follow a logical inheritance path that includes System.Web.UI.UserControl / Am I doing something wrong? How can I inherit Panel and extend standard event-handlers, such as PreInit?
View 2 Replies
