We use Captcha control in a registration form that we make full client validation for all fields in JavaScript ( JQuery ) beside server validation .. I tried a lot of ways but all will write the Captcha value in JavaScript that can be accessed by anyone :( I search if is there any way that allow me validate Captcha value in client side using JQuery in secure way or it can't be done ?
View 3 RepliesI am working on Screen Scrapping, I was able to do, but some of the website have captcha and need to enter captcha information to proceed further
Is there anyway to read captcha information and submit those values that are in captcha or how can we handle this scenario?
I don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?
View 1 RepliesI have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesI would like to do the validation work using javascript or jquery in onclientclick and then show blockUI, next page using server click. But, I have a captcha validation in server click and I don't know how to validate the captcha in jquery or javascript.
protected void btnRegister_Click(object sender, EventArgs e) {
lblMessage.Text = ""; if (Page.IsValid) { if (txtUserName.Text == "") {
lblMessage.Text = "نام کاربری را وارد نمائید";
txtUserName.Focus(); return;
} if (!BLL.IsStrictPassword(txtPassword.Text)) {
lblMessage.Text = "طول کلمه عبور حداقل باید 5 کاراکتر باشد";
txtPassword.Focus(); return; } if (ddlYear.Text == "<سال>"
|| ddlMonth.Text == "<ماه>" || ddlDay.Text == "<روز>") {
lblMessage.Text = "لطفا تاریخ تولدتان را وارد نمائید";
return; } if (!chk_Low.Checked) {
lblMessage.Text = "برای عضویت می بایست قوانین سایت را بپذیرید"; return; } if (txtSecurityCode.Text == String.Empty) {
.Text = "کد امنیتی را وارد نکرده اید";
txtSecurityCode.Focus(); return; } secCode.ValidateCaptcha(txtSecurityCode.Text);
if (!secCode.UserValidated) {
lblMessage.Text = "کد امنیتی نادرست وارد شده است";
return; } try { //some code } }
I've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with new marker data, I use setTimeout in JavaScript to regularly call my 'UpdateMarkers' JavaScript function. 'UpdateMarkers' makes a call to a web service which performs the database query and returns a list of markers back to the JavaScript, which in turn updates the map.
The main issue I have with this method is that my web service requires that I pass it the name of the company so that it knows which table in the database to access. As you can imagine , this poses a security risk as anyone can pass a different company name to the web service and be able to retrieve the data from other companies, as well as their own.
In order to avoid this problem, I am restructuring my program as follows: When the system administrator creates users for my application, they can also assign a company ID to this user. The company ID is stored using the Profile object in ASP.NET. I am moving the web service code into a class with shared functions so that they can be called only within my pages (but not by anyone, like with web services). The functions will still require a company name passed to be passed to them. However, rather than the JavaScript making direct calls to these shared functions, the JavaScript will call a set of page methods (which as I understand it, are not public like web services). These page methods will then use the Profile object to retrieve the company name attached to the user currently logged in and then make a call to my shared database functions and return the info back to the JavaScript.
I think that this second method is more secure than the first, because I don't allow the client to pass different options to my code and retrieve unauthorized data. The server side code works out the parameters that need to be sent. However, I am wondering if there is a better way of doing this that I am missing out?
In my web site i'm using Asp.net web service (using javascript) to update certain values to DB. I'm concered about the security threats. How can i secure ASP.net Ajax web service using javascript
View 6 RepliesI m using textbox inside the gridview with 5 rows. when user click on submit button it should be display alert message if all 5 textbox field is empty "you cant submit message".If user any one of the textbox value he/she submit the data
View 5 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I WANT to make a signup with the help of Detailview....I also want to add a captcha control in detail view to stop spamming...
View 4 Replieshow to read selected node and its parent node values for treeview in asp.net in JAVAscript.
View 3 RepliesI have to set dropdownlost to read only. I can set enabled =false. But I cannot set font color to regular dropdown text. It will show like blur. The samething I did textbox.readonly=false. There we can see font same as regular text, no change. The same way I want read only for dropdownlist. Is there any way we can do with CSS or javascript or jQuery ?.
View 1 RepliesI'm trying to add some share this javascript in between the head tags of an asp.net page but only if the page is not secure (!Request.IsSecureConnection). How do I get the code in the head tags to check for secure connection and then write the javascript if not secure. I've tried using <% %> blocks and RegisterStartupScriptBlock and it's not working UPDATE: Was able to get it to work using this in the Page_Load
if(!Request.IsSecureConnection)
{
HtmlGenericControl Include = new HtmlGenericControl("script");
Include.Attributes.Add("type", "text/javascript");
Include.Attributes.Add("src", "http....");
this.Page.Header.Controls.Add(Include);
}
When the user clicks on it, another .aspx page should pop up. I used the code below and it works fine. But when we deploy this .aspx page, the IP address of the target IIS server will be different. So I am thinking of saving the IP address of target IIS server in web.config file and load it into the Window.open method of Javascript code (below).Qusetion 1: Is that right way to do? If so, how I can read web.config file from Javascript?
Code:
<script type="text/javascript">
function open_win() {
window.open("http://10.999.1.86/WebUI/HistoricalRuns.aspx", "_blank", "toolbar=no, location=yes, directories=no, status=no, menubar=yes, scrollbars=yes, resizable=yes, copyhistory=no, width=1000, height=500");
We have a flash video that was created for our project, we dont the source so we have to work around the compiled flash file. We are going to host the video on our domain and the video creates a sol cookie (flash cookie) file to store how far the user has proceeded though the video. So my plan is to access this cookie to see how far the user has progressed and then fire an event when they have finished the movie.
I have been googling for some help but haven't found to much. I have found out that its possible to do in javascript and I have found some .net sol file viewers but haven't seen any examples I can get my mind around. I have watched the traffic that gets created with fiddler and every time the next button is clicked a new request is fired with the swt file that is being accessed. I would also be happy with tracking every time one of these swt files has been accessed as well.
I have a C# class method that return a xml document not file. How to read C# method output from javascript? I don't wont to use script manager.
View 2 RepliesAfter includeding file.js in ny webpage This script will create a variable within the current javascript context called "Status". This variable can take three values : "On", "Off", "Unknown".How can I read this value on code behind? I am planning to check if the variable is false and if so, make some changes on page.
View 4 Replies1)How I can read a value of a text control in javascript on the usercontrol ?
2)also how I can assing a value of a control to another control via javascript function .
So at the moment I have a literal to which I assign a value to from database. I.e an Introduction to a programme.
What I am looking to do is i.e if the text is larger than 100 Characters, to only display the first 100 Characters and then display a javascript link "Read More" which when clicked displays the rest of the content.
How to read the Textbox which is inside Ajax tab container. This is my design
<ajax:TabContainer ID="TabContainer1" runat="server" >
<ajax:TabPanel ID="tbpnl1" runat="server">
<HeaderTemplate>
New User
</HeaderTemplate>
<ContentTemplate>
[Code] ....
Here is my sample script that I need to call onblur event of text box
<script type="text/javascript">
function alert() {
var value = document.getElementById("TabContainer1_tbpnl1_txtuser").value;
alert(value);
}
</script>
But didn't work for me....
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net