DataSource Controls :: Best Practices To Secure SQL 2008 Access For Web Application
Feb 15, 2010
We need to secure how our web application access our SQL 2008 database on our hosted server. Any pointers where this is covered in detail? We have the following questions:1. right now the network service account runs the application pool containing our application in IIS. Should we define a local windows user account to run this application in IIS 6? Should we switch to Windows authentication?
View 3 Replies
Similar Messages:
Jan 30, 2010
i could write a query and i could debug forms using both sql server 2008 and visual studio 2008,but i could not connect to the sql server 2008 and test could not be succeded
View 2 Replies
Jan 5, 2010
I'm trying to grant permissions to the extended SP xp_prop_oledb_provider in the master DB of my SS 2008 instance but, though I'm an admin on the server, I can't see it in SSMS and it throws an error that says that either the SP doesn't exist or that I don't have permissions to acess it when I run the SQL command aqainst it. Does xp_prop_oledb_provider exist on SS 2008 and, if so, what might be my problem in not seeing it and/or not being able to run sql against it?
View 1 Replies
Mar 5, 2010
I am using SQL SERVER 2008.
Now I want to access the SQL SERVER 2008 DATABASE on the LAN.
So what was the Connection String and can u give me the Example of that.
View 3 Replies
Dec 22, 2010
it's possible to access contrls on aps.net page like textbox from stored procedure in sql 2008.
so I get the value of the textbox on the page direct from stored procedure .
View 1 Replies
Jul 8, 2010
I recently converted a web application of ours to VS 2008 so that we could upgrade to .net 3.51 framework.
I have been making some changes to the layout, to take advantage of ajax and minimize the amout of data needing to be loaded and the number of postbacks processed.
The problem I am having is when I try to save the data.
The page postback calls a local Sub which reads the form data into local variables and then passes these variables to our assembly.
The primary assembly has 70 parameters which are used to populate one of the tables in our database.
So I have 70 local variables just for this call plus a variable reference to the output of the assembly which contains a property for each of the columns in the associated database record.
There are some additional assemblies called to update other tables so, in all there are 121 locally defined variables in this sub.
Bear in mind that this sub is called from the page load event which has 93 of it's own locally declared variables.
Here is what is happening, when I run the code I am using cdate() to convert the value of a text box to datetime and pass it to my assembly. When doing so it throws a conversion error.
So I created a local datetime variable and converted the value of the control to the datetime and passed the variable to the assembly.
No more error, but the proc did not save the data as it was supposed to.
What I noticed in debugging, on the locals tab, is that every local datetime variable displayed the following message:
Cannot evaluate expression because we are stopped in a place where garbage collection is impossible, possibly because the code of the current method may be optimized
I also noticed that on the watch window the same message would display if I attempted to reference any of the datetime controls on the form.
There are only 3 variables and 3 datetime controls that appear to be affected. the controls are all html input boxes. Every other variable and control on the form behaves normally and I can see their values while debugging, it is just these six that are exhibiting the problem, whats more is that they are not new controls to the form.
View 1 Replies
Mar 17, 2010
I would like to write an MVC application that accesses multiple data stores (SQL Server, MySQL, Cloud based, etc.).Most of the examples I see use LINQ to SQL for their data access but I read somewhere that LINQ only supports SQL Server - it may have been an old post.I was wondering what the best way to access these different data stores would be. Can I use the Data Access Application Block from MVC to access these data stores?
View 4 Replies
May 7, 2010
In my experience building web applications, I've always used a n-tier approach. A DAL that gets data from the db and populates the objects, and BLL that gets objects from the DAL and performs any business logic required on them, and the website that gets it's display data from the BLL.I've recently started learning LINQ, and most of the examples show the queries occurring right from the Web Application code-behinds(it's possible that I've only seen overly simplified examples). In the n-tier architectures, this was always seen as a big no-no.I'm a bit unsure of how to architect a new Web Application.
View 2 Replies
Jul 18, 2010
All too often I find myself being required to design pages that flow through a series of steps. 1) Select from a set of options. Submit.2) Populate a page with results. Make changes. Submit.3) Do something based on the previous results. Submit.4) Confirm previous actions. Submit.5) Goto 1.An ecommerce site with shopping cart would be a textbook example of this.Now, there are any number of ways to deal with this. My question is, what is the recommended way to do it in asp.net? In PHP or ISAPI I would just use standard html controls, get the post data and do stuff with it, each on a different page
View 3 Replies
Feb 9, 2011
my page is very simple, one gridviews and one ObjectDataSource.here's my code :
<%@ Page Title="" Language="C#" MasterPageFile="~/site.Master" AutoEventWireup="true"
CodeBehind="default.aspx.cs" Inherits="cHospital._default" %>
[code]...
I also posted my question on another web site, one suggestion I got is move my codes to codebehind
(http://entlib.codeplex.com/Thread/View.aspx?ThreadId=245208)
But this is ObjectDataSources, my understanding is everything have to stay in Class file.
View 1 Replies
Aug 17, 2010
best practices to be followed in deployment of asp.net web application & WCF service in IIS 7 regarding the IIS 7 configuration settings , Security setting, application access level settings..
View 2 Replies
Sep 6, 2010
I am starting to design my own CMS , and i want it to be modular to add more functionality later by me or by any other developer I put my eyes on joomla CMS (very popular ,robust and extensible) I want to make a CMS with asp.net to be just skeleton and all functions are done through components
Functions like :-
User management
Content Management ,editing and display etc.
My main idea is to let the skeleton to know from the query URL the required component and pass all other parameters to it and the component do the rest (parse parameters display results etc.)
the problem is how to achieve this how to call the component and and how to let it render its UI and pass it to the skeleton to put it in the appropriate place in the main site template
View 4 Replies
Apr 4, 2010
Is there a sample application to demonstrate best practices for Asp.Net? I am looking for something like SharpArch (for Asp.Net)?
View 1 Replies
Apr 8, 2010
I have to pass information from a desktop application to Web application and vice versa. What are the best practices that are regularly used? Currrently I'm using Asp.Net and a Winforms. To pass data to Web Site im creating a (POST) WebRequest and posting an xml to the siteTo pass data to Application im using .Net Remoting from Asp.ne(I'm using Winforms is an adminstration and monitoring application.)
View 4 Replies
Dec 15, 2010
I've been out of the ASP.Net arena since 1.1, and I'm starting to get back into it after a hiatus.
In the past, I would generally create SqlDataReaders, wire them up to pull from tables in a database via direct sql or accessing database views (mostly in MSSQL), grab the data, and display it in some datatable, or datalist.
Modifying data would usually be calling a stored procedure in the database to add/modify data, and then retrieve it afterward.
Now that I read up, I see there are alot of new things in ADO.Net world; strongly typed datasets, auto-generated adapters, etc.
My question is, does anyone have a good reference on best practices (or a book recommendation) on how to handle data access, and data manipulation and display now? I'm assuming that there are more automatic ways to show and manipulate data than before, but the new details are quite vast (which is good), but slightly overwhelming for me.
View 1 Replies
Aug 13, 2010
i have a single page that needs to be secure (https) , my problem is i dont know how to do it. Can you give me walkthrough on how to do this?
View 1 Replies
Sep 6, 2010
I am learning to use asp.net to design a web site and i am not quite sure if the way i access the data base is appropriate. could you guys give me some comments ?
----------------------------------------
in web.config , i have a connection string like this,
<add name="MyDBConn"
View 3 Replies
Jan 26, 2010
Hopefully this is a simple question. I am filling in for someone out.
We currently are using 2008 Express. Do I need to remove this prior to installing 2008 Developer, or can I simply just install over.
View 1 Replies
May 19, 2010
is there any difference between sql express and sql client. Actually I have been told to install a sql client using which i will connect to the sql server installed remotely. Also I have sql express edition 2008 installed on my machine. So is it the same. Will I be able to connect to the sql server using the sql server express edition.?
View 2 Replies
Apr 29, 2010
When i tried to attach 2008 database in sql server 2008 it is throwing the error-
"The database 'actitle' cannot be opened because it is version 655. This server supports version 611 and earlier. A downgrade path is not supported.Could not open new database 'actitle'. CREATE DATABASE is aborted. (Microsoft SQL Server, Error: 948)"
When i execute 'select @@version' it gives 'Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 Microsoft Corporation Workgroup Edition on Windows NT 5.1 (Build 2600: Service Pack 3) 'How the version still be 2005 when im in 2008 ..How can i attach my 2008 database back up.
View 2 Replies
Apr 6, 2010
We have a swf file that we want to secure and make available only to authorized users.
I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example.
However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure.
View 2 Replies
Feb 8, 2010
I have read that the best way to secure images from being access would be to place them into a database rather than into a file system or virtual directory. Is this correct? I am creating a site that needs to have the images the user upload be secure as possible. I initially programmed the images to be uploaded to a database then I reprogram the site to have them store in to a file system/virtual directory. I'm still up in the air in terms of which one to use. Again, security is my primary concern.
View 4 Replies
Mar 3, 2010
provide secure online access to documents and reports for their customers which entails creating a secure login for clients to access PDF documents to view and print. Aslo to display all reports available on web server.ould this be as simple as making sure username & password match an entry in a username table using select parameters(of course) theninstituting a Session("loginokay") = True along with something like Session.Timeout = ?
View 5 Replies
Dec 13, 2010
I have a Web Application (C# pages mixed with ASP.NET and some Javascript pages) on a Windows 2008 Server with IIS 7.0. I have just a few users that will hit this externally (not on the server). So in order for them to get a simple Username/Password form to pop up, what must I do? Could the users Usernames and Passwords just be added to a section in the webconfig file so I could maintain it that way?
View 1 Replies
Jan 25, 2010
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. If I use the back button after logging out and hit the browser refresh it does show I'm logged out and refuses me access to the secure page. Am I missing something important? It seems like it could be a really big security issue.
public ActionResult LogOff(string ReturnUrl)
{
FormsAuth.SignOut();
if (!String.IsNullOrEmpty(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index", "Page");
}
}
View 3 Replies
