I'm using a FileUpload control in a website which should only be able to upload images. To that end, I'm checking its MIME type before accepting the upload.
Whether the FileUpload.PostedFile.ContentType property comes from the file itself or the request? The latter is insecure, since the request can be spoofed. If that's the case, any good way to validate a file securely?
best way to let users upload pix to your website is to use the FileUpload control?
View 4 RepliesI tried to use the asp.net fileupload control for uploading a picture or music file, from blackberry device to server. But, What happened is ; the file is uploaded , ie, the file is created with 0 bytes in it. That is, file is actually not uploaded. Since blackberry browser doesn't support other fileformats, the device contains only .png & .m4a fileformats in its samples. I have used these sample in blackberry for uploading. The same has occured in the case of .m4a files also... Why is it so...? One more thing... The blackberry browser which I am refering here is the blackberry browser simulator, bold 9700.
View 7 RepliesFileUpload works OK on my local site. When I moved my web application to a web host server, I tested to upload a file with this application, It's OK to upload file to the server before login. But after login, the FileUpload kept redirecting to login page without uploading.
View 10 RepliesI'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
I have not been able to uplaod a file to my web page although the code I am using works if I copy it locally. Perhaps I am missing something in the path or I need to change some security setting on the web page?
[Code]....
I have Fileupload control in my page
1-i want delete the text that is beside of fileupload button text: no file choesn
2-i want change text of file upload button( I want change Choose file text)
How to get data (read file) chosen in FileUpload control without FileUpload.SaveAs Method on the server? Is it possible write it at once to some object?
View 2 RepliesI have a FileUpload control in an UpdatePanel and when user select a file, the full file path will will be stored in a hiddenfield, and during postback, i would like to assign the full file path in the hiddenfield back to the FileUpload control textbox, possible to achieve that?
View 1 RepliesI m using FileUpload Control , when i click the fileupload text box , Choose file window have to open.
View 6 RepliesI am trying to upload a file Into a MapPath but I am getting a error 'C:/WebSite/userimages/' is a physical path, but a virtual path was expected. My code is:
[Code]....
Hopefully someone can give me some pointers to get this working properly.
I have a webpage which I would like the ability to upload files to be stored in a database. Here's the layout of the page:
[code]....
The update panel is configured as such:
ChildrenAsTriggers="True" EnableViewState="True" RenderMode="Block" UpdateMode="Always" Visible="True" Runat="Server"
The reason I have the update panel outside the Tabcontainer is so that when switching between tabs, the screen doesn't flicker with refreshes, etc. But as a result, I can't get the FileUpload working properly. The FileUpload1.Filename is blank, so it errors out.
Is there anyway to get this working properly? I've tried the latest AsyncFileupload within the control toolkit, but this caused all kinds of problems with my pages so that's out of the question. I tried an iFrame too, but this also didnt work properly.
I want to provide different security aspects to the admin and customer to a single website with a different home pages..
View 3 RepliesI am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password.
When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing).
My question/problems are:Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue?
Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2.If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load?
i almost finished my website
but i am afraid of sql injection to my website
how i can protect my self against this injection ...?
I want to get the certificate information of a website. I means that i've a textbox on a page. When i enter a url in that textbox and press the button. The certificate information of that website should be returned.
Say, i've entered the [URL], Then it should return the Certificate authority, Validation period etc.
We have an ASP.NET 2.0 site in which we use ASP.NET login / authentication controls.
Our users currently timeout after approx 20 minutes, forcing them to log back in, and this appears to be causing downstream errors in our application.
I have tried increasing the SessionTimeout value to 120 mins (<sessionState timeout="120" />) in the site's web.config file, and the "<membership userIsOnlineTimeWindow="5000" >" value in the web.config is set to 5000 minutes.
These are the only values / settings I can think of to affect this behaviour.
I am trying to use ProfileCommon inside a DLL. this DLL is being called by ASP.NET web application.
I am getting this:
Error 15 The type or namespace name 'ProfileCommon' could not be found (are you missing a using directive or an assembly
What I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
I have a (internet) web site with the below web.config (everything works fine). How would I alter this to include an applicationName attribute. I wish to eventually have multiple web sites using the same ASPNETDB database.
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Server=myserver.com; Database=MyDB; Uid=MyUser; Pwd=MyPassword; Trusted_Connection=False;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Error.aspx"/>
<roleManager enabled="true"/>
<authentication mode="Forms"/>
<compilation debug="false"/>
<pages theme="Standard"/>
</system.web>
</configuration>
i have taken the editor from ajaxcontroltoolkit, now how to get the text . as we get the text from textbox as textbox1.text.
View 7 RepliesI wrote a code using VB.Net that passes the login information to website in order to do the login process automatically.
The code worked with some site and didn't with others specially this site [URL]
I analyzed the login <Form> of the site in the login page [URL] and it looks like this:
<form name="frm_Login" method="post" action="login.cfm">
<input type="hidden" name="Go" value="Reg">
<b style="font-family:Verdana;font-weight:bold;color:#3975B0">Digital Library+</b>
<label id="lbluname" for="username" style="width:150px">Username</label>
[Code].....
So, when i don't use Response.Redirect, the login succeeded, but all the links in the Response data refers to my development server, for example if i click on "support" link, it'll redirect the page to ("http://localhost:3506/support.cfm")!! which will rais of cource "The resource cannot be found" error
And when i use Response.Redirect, i'll loose the session, mean it'll not keep my login for the site.
I am developing an ASP.NET website and wanted to add another layer of protection to my users.
When they login from a new machine then they would need to setup that new machine with my website after answering 3 security questions.
How can I do this?
I have an ASP.NET application that can be installed with either Forms Authentication or Windows Authentication. All of my customers install using Windows Authentication. I use Forms Authentication in-house as it is easier for me to work with different clients. But enough about that.
I have a module as part of my application for Mobile Users. It displays a very simple HTML interface for low bandwith phones and air cards. It seems that some phones when going to this type of site that is Windows Authentication, it throws an error saying that you aren't authorized to view the page. From a computer, it will ask for credentials.
What I would like to do is use Windows Authentication Or Forms for my Main Application, but in the MOBILE folder, it would be nice if I could use FORMS Authentication. Can I mix the two? Can I just add a Web.Config to the folder for the Mobile Files and put FORMS Authentication?
The only other way I thought of doing this is:
1) create a seperate installable application that is always FORMS Authentication that is not part of the main application. Which sucks, as I now have to manage two applications.
2) In the main Web.Config I can set that folder to have no authentication and it will be avail to anyone, and then enforce my own authentication on the few pages it contains.
