we are making a project to run in ASP.Net on Mono/*nix Our problem is that we develop on Windows, and we just build and test it every so often on Mono. So we have been having a lot of trouble recently with case sensitive filenames. Everything seems to work good in Windows and then we move to Mono and it's silently broken.(as in, it builds but won't run or parts of it don't work)
How would you recommend that I detect this while we are developing on Windows? Basically, how do we make the case-sensitive filenames look wrong in our code where the code works on Windows but not *nix?
To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.
The path is [URL]
Admin is a virtual directory configured in IIS.
The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.
This is my first time working on a secure website. It's for a pet project I have.
For security purposes, where is it best to store information like SQL connection strings, database encryption keys, etc? Is it better to use web.config, store them in a class that accesses a database (like dataBaseHelper.cs or something), or somewhere else?
I intend to obtain an SSL cert as well. When communicating with the database, should I always use the secure connection?
I have a validator on a textbox that validates against a list to ensure that the user doesn't input the same name. When testing it, if I type in the same name including the same case structure, it returns an error. If I change one letter to a different case, it doesn't return an error but rather my SQL server returns a duplicate error. How do I change the server-side validator so that it picks up duplicate names regardless of case?
i'm trying to host an .net framework4.0 application in IIS7. i got an error while clicking on the manage module in modules .like ("Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive. ") .I changed my application poll to .net4.0.I am able to browse my application
I installed Microsoft Visual Studio 2010 Ultimate Trial and converted existing asp.net 2.0 web application and I am getting this error: znrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive. It's coming from this section in the web.config which was auto-generated by VS2010 when I converted the project:
I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...
I use some session variables to get the job done(shopping cart, etc) but it is not stable..manytimes I get no items in session object and other times(refreshing the page) I get missing data...I downloaded the entire site code to my local pc and debugged it and run it succesfully without any session data missing...When I run it in the server, I get bad session again: no products in shopping cart or products with missing quantities...
The same website runs smoothly in our production server too....The problem is with our development server...
I have some code in my page load event where I just want to fire once when the user opens the Browser. The only issue is if you open a new tab with the same website the session variable does not reset. Is there a way to reset the session variable when you open a new tab or do you have to take the whole web browser down for it to clear the session variable.
There are reams of info out there about things causing InProc session to drop session objects, but that's not what's happening here. We're missing individual variables within stable InProc session objects, and are not sure whether they're not being written or being lost after a successful write. I've confirmed with WinDBG that the sessions are live and contain some, but not all, of the data written to them.
This code is pretty straightforward, and it works flawlessly in Test. In Production, under heavy load, though, it fails ~1% of the time. If Mr Smith visits the site and attempts to display 4 pieces of image data, 2 of them might be saved in his session and two of them be lost. The InProc session object for Mr. Smith exists. The traffic logs show he clicked 4 times, each with a different id param. But there are only 2 guids in his InProc session object, instead of 4. The 2 session objects we did capture do correspond to 2 of the id's shown in the traffic log (his 1st and 3rd clicks.) The traffic logs for his 2nd and 4th clicks, though, show a guid id that's not in his InProc session object.
Lines 1&3 of the above code obviously worked for those 2nd and 4th clicks, or he'd not have had the id in the URI for him to click. Line 2, however seems to have failed silently in some way. If any exception had been thrown, I'd expect we'd not ever have arrived at line 3. I can't see any way for the user to receive the guid id, but the session to fail to have it. The other possibility is line 2 worked successfully, but the variable later disappeared, how I cannot even imagine.
Details: ASP.NET v3.5 IIS 6 No Web Gardening
We're running a web farm, but users constantly return to the same server. I'm researching now whether there's any way users might be slipping off to the other server.
I have my project set up with the virtual path "/MyVirtualPath", create the virtual directory in IIS 6 (W2003) and everything works fine. Then to work better with Google Analytics I change the virtual path "/myvirtualpath" and change all redicecciones and links to lowercase. also applies the class "lowercase route urls in aspnet mvc" and works perfectly.
The problem I had to modify the virtual directory in IIS, delete virtual path "/MyVirtualPath" and I created the new "/myvirtualpath", but in all cases I use tilde "~" or where I make a "RedirecToAction" (which should take "LowercaseRoute"), continues to maintain the virtual path "/MyVirtualPath". For example, if I see the HTML source code in the browser, see "/MyVirtualPath/Content/Site.css" instead of "/myvirtualpath/Content/Site.css. "
Am trying to design login page for my website and I am looking for methods other than forms authentication. The way in which I am trying is to have a table in the database that stores user information and check for the user validity.
The point where I get struck is how do i set cookies and session variables and how will I carry it through out the system. Can anyone tell/suggest me where I can relevant material so as to move forward. And also is my idea of negating traditional forms authentication and going for a model I described, is it good also does any other better method exist?
I want to password protect an area of a website by a login/registration form.
I'm using session variables to check wheter the user is logged in or not. I already have a database with users/passwords... so I thought that the membership approach wasn't an option... (correct me if I'm wrong)
in the constructor of the controller of the area I want to protect I've added the following:
but this throws an error:
Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace or more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Line 28: this.productsRepository = productsRepository;Line 29: Line 30: if (Session["user"] == null)Line 31: RedirectToAction("List", "Products");Line 32: }
In my .NET web app, I keep basic user info in a user session object. I also usually keep a director class in the session; which is basically just has info about whatever thing it being worked on on that screen (like a customer id).
I am trying to keep from adding a ton of sessions. I also want to make sure at any given time ONLY the sessions that are necessary are in memory.
This means I need an effective way of managing my session variables.
I have a situation where my session variables seem to get corrupted. I Page_Load I am calling 2 subs. Each of them fills a GridView with data from a table. I am saving the content of each Data.DataTable into Session Variables:
After I call the 1st sub and I debug the session variable "mySqlDataTable1" contains all the data from the table. After I call the 2nd sub and I debug the session variable "mySqlDataTable1" has been changed and contains a mix of data from the 2 tables.
I'm trying to pass some variables from one page to another via the session state and then post those variables to labels on page 2. When I try to write the code for my labels on page2, I get an error of "Declaration expected"Here is my code from that page:
Partial Class Default2 Inherits System.Web.UI.Page Dim firstname As String = CType(Session.Item("FirstName"), String) [code]...
Am I missing a page_load event handler or what am I missing?
I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]).
I've heard that such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc.