Building asp.C# shopping app that is using a hosted payment page to process payments (using posting of data to a hosted payment page). SSL certificate is signed and installed.
Flow:
Prelim) (HTTPS) Users authenticate using asp Login control
1) Users add items to cart.
2) (HTTPS)Users go to checkout page.
3) Users finalize their order, then click pay now after agreeing to T&C.
4) Server gets cart data (from MSSQL2005) and sets a transaction cookie (expiry set to 20 mins).
5) (HTTPS) Server Response.Redirects to an html page (in the same folder as the login protected pages).
6) Html page reads transaction cookie data and generates form fields.
7) (HTTPS) Html page posts data to hosted payment page (php).
8) User enters payment info and clicks pay now.
9) (HTTPS) hosted payment page posts info back to a .aspx page that checks if payment OK.
10a) If payment !OK, redirects to a declined page.
10b) (HTTPS) If payment OK, sets a verification cookie (expiry set to 20 mins). Then redirects to another html page.
11) Html page reads cookie data and generates form fields.
12) (HTTPS) Html page posts data to hosted verification page (php).
13) Verification page verifies (of course), if transaction ok.
14) (HTTPS) verification page posts data to a .aspx page that checks if verification OK.
15) If verification OK, process orders and do receipt stuff.
Issue:
This control flow was tested on an unsigned dev environment. SSL was being enforced, if needed on the unsigned SSL certificate. So we'd get prompts that certificate may be bad, but the control flow worked seamlessly.
However, now live with a signed SSL certificate, going from step 5 to 6, we are encountering a situation where some users (not duplicated every time, but verified that it does occur) when they click pay now and are redirected to the html page, they are forced back to the ~/login.aspx page (as if they were logged out).
Things to note:
a) The session did not time out.
b) The browsers have cookies and javascript enabled.
c) I can process the entire flow seamlessly on the same machine with other accounts, and occasionally, the same account.
So, basically, I'm stumped... Is this a viewstate error? A login control bug that won't let me redirect to an html page because it is now using a real SSL? Anyone have any experience with this kind of deal? I'm at a loss for solutions at this point.
I was wondering when a user logs in using the login control for ASP.NET, how do we choose where the user goes after? Do we configure this in the web.config file?
i am developing one application in mvc my problem is after login it will redirect to some page if i copy url and paste it in another browser its showing error in application but i need to display home page?
This is what I have in the RegisterUser.aspx and yet when the admin registers a new user, then on clickiing the register button, the site logs in as the user who was just created.
how can i make next or previous button in asp.net? for example, in collection will display all product that i sell...and i want the URL appear like this "/collections/other-fashion?page=1", when user click next, the URL change to "/collections/other-fashion?page=2"..is it i have to make many form? i just want to use 1 form...im using vb languange
Nowadays having activity logs of the system is needed for history and if someone who is trying to mess your site, it is easily to define who is it and when it happen. And even Facebook have it.
how to add notification facility same as facebook in our c# website, clients get the notification on their profile whenever any new feature is aaded to website..?
i'm using ASP.NET membership for a silverlight application that makes use of Wcf Ria Services.
my problem is that i don't want multiple logins on the same account and i need to logout the user when he logs in on another machine. (I don't want the account to be used by many people at the same time, and the last who logs in must kick out everyone else)
I want to log out the user when he (or someone else) logs in from a diferent computer using the same user name.
Basicaly i want to prevent multiple individuals from staying loged in under a single user name by signing out the previous users. Any ideeas about how i can acomplish that ?
I am using built-in asp.net Role and membership provider in my website. when user login to my system they are redirected to hompage. how should i code it. that when he click on login button page check its role and then decide where to redirect. Suppose user login with name John and "john" is "Admin" then application Redirect him to AdminPanel.aspx and if User john is normal "RegUser" Role then redirect him into Home.aspx.
Using Role based (Active directory groups) authorization, I am able to control the access to various web pages. If an unauthorized user reaches a web page, a small popup comes up (as shown in the attached bit map) asking for credentials. If the user clicks on "Cancel" button on the popup, it shows "Access denied" error.
Instead of showing the standard "Access denied" error, I want to redirect to another .aspx page with a more meaningful message.
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
This works fine - I have now added to the page a LoginStatus as when they arrive they are loggen in. The problem is when the user clicks the Logg off link I get the error on the page below -
Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
[Code]....
Is this because the page load is trying to get the logged on user ID
but they have just logged out?
How can I allow the User to logg out without getting the error?
I've been trying to work out this error for a while now and i still dont understand it because i have been following a tutorial online step-by-step but i recieve this error when i log in ?
What i am trying to acheive is when the user logs in then they are able to view their 'profile' such as their name, address etc. The login is validated against a table in a database, ...this is the error i am recieving:
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
I have an web application which requires login. When users finish their activities they simply logout. What I need is to clear browser history when user click logout button. This should disable BACK button in browser.
I am trying to redirect a user to a member only web page after the login page. I have the following web forms. LoginForm.aspx PublicForm.aspx (anyone can see) SecureForm.aspx (members only) In the Web.config, I included
Code:
<authentication mode="Forms"> <forms name="Login" loginUrl="LoginForm.aspx" protection="All" slidingExpiration="true" path="/"> </forms> </authentication> <authorization> <deny users="*"/> </authorization> <location path="PublicForm.aspx"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="SecureForm.aspx"> <system.web> <authorization> <deny users="guest"/> <allow users="member"/> </authorization> </system.web> </location> </authorization> For the Login button in the LoginForm.aspx, I used this
Code:
FormsAuthentication.RedirectFromLoginPage(txtID.Text.Trim, False) This code directs me to the Default.aspx which has nothing in it. I will have a 404 if I take out the Default.aspx.
i created a web application which has a media player in between,but when i open the application on my ipad or ipod, the video doesnt play as the video player doesnt support ipod and ipad,,
i found out a way with which i can play it but how can i redirect the page based on the client side.
i would like to know a C# code to know what kind of browser the user is using.