I have an ASP.NET MVC application that use the default ASP.NET Membership Provider. My customer asked to implement a feature that prevent users to log in (for example for users that resign and leave the company). I cannot use the IsApproved flag of the Membership table because that field is used to confirm user egistration. Is there any built in functionality for doing this? What are your experiences in scenarios like this?
View 1 Replies
I'm developing a MVC2 application and using Forms Authentication on it. The scripts, images and styles are all blocked to unlogged users and, consequently, the login page looks awful. It works well local, the problem is when I publish to the server. Does anyone has any idea WHY? The server IIS is version 7.5
<configuration>
<system.web>
<globalization culture="pt-BR" uiCulture="pt-BR" />
<httpRuntime requestValidationMode="2.0"/>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="Admin.Models" />
</namespaces>
</pages>
<authentication mode="Forms">
<forms name="AGAuth" loginUrl="~/Home/Login" timeout="120" />
</authentication>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<connectionStrings>
<add name="DBContainer" connectionString="metadata=res://*/Database.DB.csdl|res://*/Database.DB.ssdl|res://*/Database.DB.msl;provider=System.Data.SqlClient;provider connection string="Data Source=thewebserver.com,5158;Initial Catalog=thedatabase;Persist Security Info=True;User ID=theuser;Password=thepassword;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
I have built an online CMS that is forms authenticated. The CMS allows administrators to upload files to the website. These files are stored outside of the Forms Authenticated section of the site so that they can be accessed from another site I have built. This other site is also forms authenticated, so users must log in and then they can access the files on the CMS site. site1.com: CMS for administrators only. Site stores all the files. site2.com: Access site.
My second website (The access site), is basically an empty shell that is filled with all of its content through the CMS using an SQL database and then displayed on the page. This works fine as only authenticated users have access to the interface used to view and download the files. My problem was, even though there is no public interface to find the files, someone could surely type [URL] and the video would be available to them. I dont really know what to do here, is there any way that people could be blocked from retrieving the files like this?
I can't use RegisterStartupScript('window.open...), because Chrome blocks the popup without even informing the userI can't use "onclientclick=window.open(..." in the markup, because I have to invoke code in the button click event handler before opening the popup window.I can't expect every user of the website to add the site as an exception in Google Chrome's popup blocker, since they'll assume it's an error on the website and not with the popup blocker
View 5 RepliesIf multiple users access a web-form at the same time, how can I allow that using my code? Essentially each user reads and writes one variable in the application, and concurrent access is causing problem there.
View 5 RepliesI need to log every user-action taken on a database using the username of the person logged into my ASP.net application as the identifier in the log. What is the easiest way to do this? I guess that for every method call to my data access layer I need to log the parameters of that call and the username and then call a new "log event" method that writes the details of the call to a table. Am I on the right track?
View 2 Repliesi am new to asp.net programming i am trying to connect asp.net web application with ms access 2007 database. i have taken with two text boxes and when i enter some data in it and press submit button the data must load in access db i created with same fields.
my code is :
[code]....
Syntax error in string in query expression what is the correct way of inserting data into access db and what is the Syntax error in string in query expression.
We have an ASP.NET 3.5 Web application in which we have faced the below issue:
The application is working fine but suddently at one point application URL prompts for the authentication. When we (the support team) checked the server, we were able to identify that the access was denied for some of the main files (like web.config, default page). When we enabled the access the application started working fine.
I need a way to block users from their IP if necessary. What's the best way to approach this? Can I use Request.ServerVariables["REMOTE_ADDR"] and store the ip address as a string in the DB?
View 3 RepliesI have a client who wants me to block his site from certain countries. Each month I add all the new IP address ranges for these countries into a sql database. If the user has a blocked IP address, the site directs them to a phoney 504 error page. This way it doesn't appear that the site is being blocked, but rather is just having difficulites. Thats the way we want it.
It works fine however, there are some users (5%) who get a 500 error. No rhyme or reason. It works across all browsers and operating systems. I have no way of finding out why from my hosting service. I can't dupliate it. I have the following code that runs at Page_Init
[Code]....
I am encountering issues in the navigation defined in a master page which are being blocked by validators pages that inherit from the master. How can I disable these validators so that they do not prevent my button actions in the master page?I am using AJAX controls in child pages.
View 2 RepliesI want to increase the security of my website, does creating http module that block certain ip address will increase security?
Since IP Address can be manipulated if I'm not mistaken, I'm not sure that creating HTTP Module will help.
We have a page that makes a request to a 3'rd party web service. When under heavy load this response time extends significantly, however the 3'rd party reports back that there times for processing remains constant. There timings show that from the time they receive a request to the time they send it back is always around 1.5-2.0 seconds. Now we are experiencing wait times of over 20 seconds. My understanding of ASP.NET is that each request will run on a IIS thread pool thread and make the request to the 3'rd party service return and process. So I don't really understand what could be blocking on our end. Is there something I am missing?? Is there a threshold limit beyond IIS that is blocking?
If I am missing something a physical book recommendation that covers this subject would also be a very welcome addition to any answer.
My application is showing lots of thread wait events in the GetScriptReferencesInternal method of ScriptObjectBuilder. I am running a load test with 150 concurrent sessions and in 10 minutes I see 1000 thread block events. Each event stalls the execution of the thread for an average of 6 seconds.
View 2 RepliesWhenever I use TransmitFile to send a file, the sirte becomes blocked to the user until the file completes. IOW, the user cannot navigate the site.If the user cancels the transfer, it still blocks until the site either times out OR finishes sending the data. I can't tell which, but I know if for example I cancel a 30MB file immediately after starting the download, it takes longer to recover than a 10 MB file.Here is the relevant code:
Response.ContentType = "application/octet-stream";
Response.AppendHeader("Content-Disposition", contdisp);
Response.AddHeader("Content-Length", new FileInfo(fullfilename).Length.ToString());
Response.TransmitFile(fullfilename);
Response.Flush();
I was wondering whether HttpPostedFile.SaveAs function in ASP.NET C# is a blocking call.
View 1 RepliesI'm generating a file on the server which takes some time. For this, I have a hidden iframe which I then set the .src attribute to an aspx file i.e iframe.src = "/downloadFile.aspx"While this is taking place, I'd like to have a call to a web service return the progress. To do this, I thought I could use window.setInterval or window.setTimeout but Javascript seems to be blocked as soon as I set the iframe src attribute.Does anyone know how to get around this or perhaps try a different approach?I have also tried handlers, but the request never gets to the server so I'm assuming is a browser/javascript issue.
//Function that gets the file
function GetFile() {
setTimeout(GetProgress, 1000);
var iframe = document.createElement("iframe");
[code]...
i m using two grid in both gird i have a text box control on which i apply some java script funtion. my broblem is that when i press a tab key then its block my textbox. it means i m not able to press any key in that box even mouse click is not working.
my both grid in a same update panal but when i set focus out of that update panal and back to my text box they are start working properly.
i m applying a Web method on that text box also which call by javascript.3
I have a bookingwith credit card page in my application and users will enter their crdit card details inside the textboxes. but after they enter them and post it the browser cache the data and after that in the same textbox, it can be autocomplated.
View 1 RepliesI created an active x dll and I am using this dll on my web page. whenever I try to run my web site and perform any action, it displays at the top
"Internet explorer has blocked this site from using ActiveX control in an unsafe manner. As a result, this page may not display correctly"
I tried to add my site in trusted sites, but trusted sites only takes the site that has https: prefix. Is their any way I can add my site to trusted sites. My security level is very low. I want to set up the security only for this site so that users can use it.
I have an acess db which has primal key ID - Customer, and personal data of the customer .
In another db OR the same, to have the username and login of the customers.
I want to make a login form so if u/n & pass of a customer is correct, to have access to modify (insert, delete, update) his data of the db - his ID's only.
I want to modify a Stored Procedure for blocking injection :
This is the original Stored Procedure (working fine) :
[Code]....
And this is my Stored Procedure with variables :
[Code]....
Why this is not working? I got a "Conversion from type 'DBNull' to type 'Boolean' is not valid."
I have a RESTful webservice. This webservice builds some information (which can take upwards of a couple seconds) and caches the contents.
This works well; however, suppose that many of the same requests come in at about the same time. In our current scenario, each request will build the content before caching. This is obviously not desired as it uses CPU time that could be better served elsewhere. What I would like to do is to suspend/block requests to the same url/cachekey until the content has been built and cached, at which time those other requests will be unblocked and simply fetch the content from cache.
I am not sure the best way. The following are options I have thought about:
Use string.Intern on that cache key and lock. Problem is that this could cause a deadlock if that string is used elsewhere. Use a ConcurrentDictionary and WaitHandle objects to allow other request to lookup in the dictionary if a request is being processed and then "wait" for the request to finish. This would at least give me a timeout capability but I am concerned with the performance of creating many wait handles.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I create a NetworkStream from a TCPClient, I then call BeginRead() followed by Thread.Sleep(60000).
It seems that the BeginRead call back function will only ever occur after Thread.Sleep() has completed. Is this expected behaviour?
What I was expecting was for the call back function to be carried out on a separate thread whenever it was ready and that the Thread.Sleep() on the current thread should have no affect on when/how the call back function runs...
I'm currently creating a VT100 terminal emulator, I wanted to created a method that would allow me to make the emulator sleep until a given string is found in the screen buffer. Initially I was trying to call WaitOne() on the IAsyncResult passed back from BeginRead() if the string was missing (this was to allow more data to pass into the system so that the check could then be carried out again until it was passed), after this failed I tried Thread.Sleep instead of WaitOne() but this blocked my BeginRead call back from firing and I'm now I'm starting to think everything is running from a single thread...
