How To Compare The Security Of Websites
Nov 5, 2010How do you compare the security of websites built in ASP.NET with other websites bulit in other technologies such as Ruby on Rails, PHP..?
View 3 RepliesHow do you compare the security of websites built in ASP.NET with other websites bulit in other technologies such as Ruby on Rails, PHP..?
View 3 RepliesI have 2 web sites both located physically on the same web server, I'll call them siteA and siteB. These sites are accessed by internal users on our intranet as well as external users on the internet.
SiteA is is setup on IIS6 using basic authentication which we connect to an active directory. The web config is set to use Windows authentication mode. The url to site a is etoolbox.xxx.yyy
SiteB is the same setup. The url to siteB is rdow.xxx.yyy
What I want is once the user is authenticated against the active directory when the login to SITEA for them to be able to click the url in siteA which opens SiteB in a separate browser window and automatically takes them to the welcome page without being prompted for credentials again.
Currently when clicking on the url to go to siteB I am being prompted again for my credentials.
Is there any way for both external and internal users to only be prompted once for their active directory credentials and then be able to go to whatever site they want to without be prompted for credentials again? Is this something I have to code for or is it handled automatically by IIS?
i have 2 websites, website1 has window.open link to the website2, authentication is forms (and windows but in web.config is set to forms) for both websites, when i click on the link and debug Request.IsAuthenticated should be true or false? both applications are running on the same machine
View 2 RepliesI have created an xml file. and I want only some websites that I have chosen to reach this file and view the datas of this xml file on their sites.
How can I do that? How can I give permission to some sites for and xml file?
the account we use to copy/publish websites to our web server is not allowing us access to push websites. I've added this account to the permissions in the links listed in the below link, but i don't have success when trying to push remotely. When the account is in the local admins account, everything works flawlessly, but we are not allowed to have it in there. http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/31be047e-4716-4974-b8a1-be0111b50199 I've googled and searched a lot for this particular error, but am not finding an answer that helps. We get this error, 'Unable to create the Web 'http://edea01/test/planning'. You are not authorized to perform the current operation', and the above link is the scenario that matches mine the most. I don't do develompment work, but am asked to figure out this connection problem.
View 3 RepliesI have a scenario with three applications:
1) Portal: where user executes login
2) Site1: after login at "Portal" user is able to use Site1
3) Site2: after login at "Portal" user is able to use Site2
I just need to execute a validation in Site1 and Site2, to validate if they (users) did login at Portal1.
Something like (in site1 main page page_load).
{
if (notFromPortal)
{
//redirect to Denied.apx
}
}
How can I do this in a simple way? With cookies? Does somebody have a url with sample?
My security requirements are almost zero. I just wanna prevent that user put a url from Site2 in browser and see a Site2 page.
We have two different websites that run two seperate web sites (a backend and a front end) for our peice of software. The way we do our authentication is to put the user id into the session when the user logs in, all the pages on the site inherit from one base page if this base page cannot find this value in session it kicks the user out to the login screen.
What we want to be able to do is have a link on the front end after the user logs in and when they click on it it takes them(redirects them) to the back end. However I cannot think about how to do this in a secure and sensible way. I did think of putting the users username and password dynamically generated into the hyperlink that takes them from the front end to the back end. Would this be advisable. It will be clear text but then again we done use ssl in any case just plain forms authentication. I mean I will hash the values anyway but still be sending them. I suppose is there a way to share a session across two app domain without too much dificulty?
i m trying to change my password. the password in database is in hash formatting. the class FormsAuthentication. is using for hash conversion. the password is indicating the same in if condition. but after if applying it suddenly go on else part , even the value on if condition is same.
View 2 RepliesI have authentication in my web application. I want the application to be logged in with the same credentials as of system logged in. Am able to compare the username easily, but don't know how i can compare the textbox content with logged in windows password. Am using .NET 3.5.
View 4 RepliesI created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
I have created a login form through VS 2008 using C#. There are 5 different aspx pages in my application.
1)Default.aspx: It contains only a hyperlink to direct the user to login.aspx page.
2)Login.aspx: This page has texbox for Username and Password, sign in button, textbox for displaying error and hyperlink (Create an Account) if the user does not created an account yet.
Here is Login.aspx code:
[Code]....
Now, I want to do following with my application.
If the user already has an account, he can put his username and password and click on the sign in button. If the username is existed in databse, application should compare the user input with database and if both are matched then the application should redirect the user to "welcome.aspx". If username does not exist it should show that Username does not exist.
Im creating a website with an anual subscription base and im using the default asp.net website mebership tools. in the membership table of my DB there is a CreateDate for each user. I would like to know if it is possible to check from the SQL DB if this condition is true: (CreateDate+365 days)>TodayDate each time a user logs in. If the conditional is true I would like to change the user IsLockedOut = true so i can know that he has to reSubscribe.
View 2 RepliesWhen attempting to place controls in different content areas using Masterpages and trying to use a compare validator, I get the error: Unable to find control id 'txtStartDate' referenced by the 'ControlToCompare' property of 'cvlDate'. I have also attempted to set it within the c# code behind in page load: cvlDate.ControlToCompare = txtStartDate.ID and by using findControl there must be an easy way to achieve this?
<asp:Content ID="Content4" ContentPlaceHolderID="leftForm" Runat="Server">
<asp:Label ID="lblStartTimeEnter" runat="server" Text="Start Time:" Width="100px"/>
<asp:TextBox ID="txtStartTime"runat="server" MaxLength="50" Width="250"/>
</asp:content>
<asp:Content ID="Content4" ContentPlaceHolderID="rightForm" Runat="Server">
<asp:label ID="lblEndDateEnter" CssClass="formMargin labelInput" runat="server" Text="End Date:" Width="100px"/>
<asp:TextBox ID="txtEndDate" CssClass="formMargin" runat="server" MaxLength="20" Width="250" ClientIDMode="Static"/>
<asp:CompareValidator ID="cvlDate" runat="server" ControlToValidate="txtEndDate" ControlToCompare="txtStartDate" Operator="GreaterThan" Type="Date" ErrorMessage="Start Date must be before End Date" > *</asp:CompareValidator>
</asp:content>
So as the title suggested, I'm currently trying to compare the hashed answer in my database against the answer typed in the textfield by the user in the form.
I thought of hashing the answer in the textfield typed by the user first, and after that compare this newly hashed answer to the one in the database (which is already hashed). But when I typed in the SAME answer (before hashing) and hashed it to get the hashed value, by right the 2 hashes (in web form and database) should match? Somehow, it didn't. And I can't seem to get security answer right anymore (even though I typed the SAME security answer).
This is the code behind the button:
[Code]....
I tried in another way too, but still the same thing.
[Code]....
I am using compare validator to compare date... But Its not working ...I have used calendar extender...with date format as "dd/MM/yyyy"...
View 3 RepliesI am trying to check for a condition such that a date in an input control (textbox) is not greater from a date 1 years from current date(exactly) and also it should not be less than a date 1 year back from current date. for eg. if today's date is "21/dec/1990" then usen cannot enter a date in textbox which is less than 21/dec/89 and it should not be greater than 21/dec/1991. for this i first tried to confirm the greater than condition, i wrote the following code:
<asp:TextBox
ID="TxtSessionFrom"
runat="server"></asp:TextBox>
<asp:CompareValidator
ID="CompareValidator1"
runat="server"
ControlToValidate="TxtSessionFrom"
ErrorMessage="CompareValidator"
Operator="GreaterThanEqual"
Type="Date"></asp:CompareValidator>
CompareValidator1.ValueToCompare=(DateTime.Now.AddYears(1).ToString());
but this gave an error: The value '' of the ValueToCompare property of 'CompareValidator1' cannot be converted to type 'Date'.
I will consolidate several web sites into one. I have a brief design in mind. Top row: banner sencon row (main menu): home, Applications (drop down-accounting, employeement, sports etc), Your Account In 3rd big row, at left side, there will be links (or just menu listed down) In the middle, there will be contents displayed related to top and left menu. for example, If a user selects application->Sports from 2nd row, then there will be links of Tennis, Golf, Volley ball appeared in the left. if the user click 'Golf' then the center page will display contents related to golf. I am not sure it will work with multiple sitemaps or database driven menu structure etc. How can I do that? Is it a good design?
View 3 RepliesI get different outputs in different browsers.
[code]....
I'm wondering if I should learn everything in C# like what WPF and Win Forms should learn to be excellent web developer or is there specifc C# for the web?
View 3 Repliesim developing some backends in ASP.NET 2.0 and i have put all the images in Cache, GZIPED my CSS, JS files and everything to speedup the load of each options.
the performance its good and i have no problems with the clients but i want "MORE" fast loads and im looking for some recomendations.
Is important to mention that those websites are using only in intranets so im thinking to implement my next projects using IFRAME for content that way (i think) the options will be loading faster because they not have to load the entire site.
EDIT:
im not using viewstates i wrote HTML (code behing) generated controls and use as less as possible ASP.NET Rich controls, all my static contents are in Static vars (Header, Menu, Footer) but im just looking for speed up a litter more.
After compile my website i compress all the HTML, CSS, JS and use less of those files as possible.
but i was seeying others Backend that loads faster than my and the difference is the IFrame control that they use (i think), we check code, design, etc and we use the same (they use #INCLUDES for static HTML instead STATIC VARS with the HTML)
I am still pretty unkskilled with web design and since I am still learning xml/html/asp.net I wanted to pose the following question: I would like to design a site that will need to be graphically well designed and user friendly. Would it be easier to continue learning asp/xml or find a software package that can do most of the hard scripting for me and just have me select and alter; like frontpage or something better?
View 6 Repliesim very new to ASP.NET and web based applications. I am very interested in building websites though. a friend told me " if you want to build web sites then forget ASP.NET as that is for applications, stick with HTML" .... but HTML is static code and ASP. NET is dynamic and surely better? the oinly one real thing that gets me though is this "if ASP.NET is used to build Web-forms and web based applications then what good is it for building web sites? ... a web based application and web site/ page are 2 different things? so if i want to get into building web sites for me and other people, what should i need to know? HTML, PHP ect?
View 6 Repliesi want to add a search facility to my website. I have many lengthy html files that should be searched. The question is should i insert the text of the html files in a table of my database and search the database or should i search the html files one by one reading them from the disk. Should the search be database based or should i open each file, read it and search it this way using for example regular expressions. What is the usual and best approach?
View 4 Repliesi have a website, i want to place the compile code on the production server, now i took the code on the local machine and trying to compile source code on local machine, but whenever i compile the code, in one of my control(ascx.cs) file i am getting error that the control does not exists in current context, i checked everything, Inherits, CodeFile, even in the code behind(.cs) file, everything is perfect, even i get the control id in the intellisense, when i remove the control and again add the same using intellisense, the errors gets removed but after i publish site, the same error comes again
View 2 RepliesWe have two websites which only difference is in the design (different images, styles, layouts..etc) but the web structure of files and cs code is the same so we want to simplify its maintenance...
The actual structure would be:
DefaultA.aspx
DefaultA.aspx.cs
DefaultB.aspx
DefaultB.aspx.cs
LoginA.aspx
LoginA.aspx.cs
LoginB.aspx
LoginB.aspx.cs
One idea would be changing the design differences at runtime depending of the origin website, but we dont like much this because performance, abstraction in designing them and url confusion...
Another one is sharing the cs (both aspx inheriting and using the same cs) file but we never have done or seen it done in any website before so we wonder if its a good approach...