I am learning to use asp.net to design a web site and i am not quite sure if the way i access the data base is appropriate. could you guys give me some comments ?
----------------------------------------
in web.config , i have a connection string like this,
<add name="MyDBConn"
We have a swf file that we want to secure and make available only to authorized users.
I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example.
However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure.
I have read that the best way to secure images from being access would be to place them into a database rather than into a file system or virtual directory. Is this correct? I am creating a site that needs to have the images the user upload be secure as possible. I initially programmed the images to be uploaded to a database then I reprogram the site to have them store in to a file system/virtual directory. I'm still up in the air in terms of which one to use. Again, security is my primary concern.
View 4 Repliesprovide secure online access to documents and reports for their customers which entails creating a secure login for clients to access PDF documents to view and print. Aslo to display all reports available on web server.ould this be as simple as making sure username & password match an entry in a username table using select parameters(of course) theninstituting a Session("loginokay") = True along with something like Session.Timeout = ?
View 5 RepliesI have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. If I use the back button after logging out and hit the browser refresh it does show I'm logged out and refuses me access to the secure page. Am I missing something important? It seems like it could be a really big security issue.
public ActionResult LogOff(string ReturnUrl)
{
FormsAuth.SignOut();
if (!String.IsNullOrEmpty(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index", "Page");
}
}
We need to secure how our web application access our SQL 2008 database on our hosted server. Any pointers where this is covered in detail? We have the following questions:1. right now the network service account runs the application pool containing our application in IIS. Should we define a local windows user account to run this application in IIS 6? Should we switch to Windows authentication?
View 3 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
Is there anything missing in IIS 6.0 that prevents me from (Insert into table) using MS-Access?
Explain: The application works fine under Visual Studio 2008 IDE the insert into table works fine with no error, Also I tested with hosting provider and works fine with no problem. but now I have published the same exact app in a dedicated server windows 2003 with
IIS 6.0 .NET framework 2.0 with latest service pack I gave IIS_WPG write/modify access to the folder where MS-Access database is located and database but at the time of insert an error pop-up. I need to install in the Server or settings in the IIS to recognize my MS-Access db is it some office runtime that I am missing. (BTW I am using OLEDB connection string in my C# )
Using System.Data.OleDb;
I can retrieve data off of it with no problem but when I try to insert is when it fails I thought the problem was Access Rights but I do not think is the case.
how can secure credit card number in database
using Encryption technique. using stored procedure instead of inline query and what more....
How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 RepliesI have an ASP.Net site using Forms authentication. One of the aspx pages loads a WinForms user control hosted in IE. That control must connect with a WCF service located in the same ASP.Net web site.How can I make the WCF service secure? Currently I have set the WCF service to use AspNetCompatibilityRequirements mode but the user control hosted in IE can't connect to the WCF service as it isn't logged in.
View 1 RepliesI have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I want a piece of code for asp.net 3.5 using visual basic. and i am using MS access database.
I have two three text boxes and 2 image upload controls and a submit button.
I want a piece of code in which a user can upload images and store it in our database . i want an asp.net visual basic working code. also i need query behind the submit button.
I have to display data (names) in a random order on the website. The data is stored in a MS Access database. The names must be displayed in a GridView and DataList in different places. I have created a query in MS Access "zorder: Rnd([MarinaAccommodation]![ID])" which works fine in MS Access giving me a different order each time.
The problem is that when I try run it on the website the order remains the same, it does not change each time the page is loaded.
I have a situation where I am accessing a database multiple times and I'm wondering if it is necessary.
I have a GridView with a template column with a hyperlink to "Get Results" and on the RowDataBound event I have it check the batch number against the database and see if results exist and then if they don't, hide the link.
So when viewing the page if there is 20 rows in the gridview it is effectively doing 20 queries.
I was wondering if it is a better idea to query the database once with all "batches" and load it into a datatable, then on the RowDataBound event query the datatable. The only issue I see with this is there is currently 40,000 batches and grows daily.
I am using ajax html editor to write a text. I can view it without having problem but I am incapeble of storing it in a Ms Access database. which type do I need to use for this? I tried memo and OleObject type and both didn't work. I used the blow code for that.
View 6 Repliesi am using the following code for a retrieving a image stored in access database
View 12 RepliesI have a data type mismatch while inserting into a number field in an access database using a parameterized query.I think this should be pretty simple but I am still learning a lot.
[Code]....
I have some commented out as I am working one field at a time. The working fields are textboxes and the non working ones are dropdown lists. But I think it may be the field that the list is drawing from? Not sure.
I have one question here.I created a registration form using asp.net and c#.
when I entered all the fields in that form and hit the register button the data will be inserted in to the database table called xyz table
in that table I have an id field which is a text field in access database consists of guid starting with letter P
when I inserting the data from aspx form...the guid is not inserting into the table.
one of my datarecord in that table with the id field is like this.(.P11111111-1BBB-4444-A9D1-111111111111)
need to insert anoother record in that table that field must be generate with the ID starting with P..its an guid.. the creating guid in the aspx.cs page..??
I have a form wilh couple of Drop downs and text boxes and a Data Grid View which displays data from Access Table. When I hit add button on the form, I can see the data being added to the Grid View. But when I close the form and open the Access Database File (.mdb), the respective table is empty. The Access Table is not being updated. Second time if I open the form, the Grid View is also empty.I am pasting my code here.
Public Class Home
Shared OleDbConnection As System.Data.OleDb.OleDbConnection
Shared ExpensesDataAdapter As System.Data.OleDb.OleDbDataAdapter [code]....
I want to retrieve a single column from a table in a database(ms access) and then the value retrieved has to be converted to a string!!
View 4 Replies
