If I have users upload images to my web server, and they are simply stored in a folder, how secure are they? This of course is assuming that IIS is configured not to serve image files directly from a browser request, or mods are made in the web.config file to prevent direct access, etc, ex:[URL]
View 5 Replies
I'm using a masterpage on my website and the images appear correctly on all pages except the secure pages. The login page is formatted correctly, its just the page that is held in the secure folder. Both the header and footer images are either not appearing or are formatted incorrectly.
Code from the masterpage is below:
[Code]....
I have read that the best way to secure images from being access would be to place them into a database rather than into a file system or virtual directory. Is this correct? I am creating a site that needs to have the images the user upload be secure as possible. I initially programmed the images to be uploaded to a database then I reprogram the site to have them store in to a file system/virtual directory. I'm still up in the air in terms of which one to use. Again, security is my primary concern.
View 4 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
how to upload images to server(application/images folder) and retrive(display) from and on client PC for asp.net. its just for uplaoding logo directly to server folder and retriving from server to client. i am not getting server path on client pc for image.
View 5 RepliesI get this error on line 39 -"Server does not support secure connections.".
[Code]....
I'm wondering if theres already a combo let say jQuery - Some C# DLL to proive a secure both way communication between ASPX forms with jQuery and a control layer based on ashx files with C# classes...[From comment below]Well I see I have to be more specific. The are things like sniffers on simple network analysis tools even like Firebug that let you see the data transfered via POST or GET. The idea to secure a Server Client application is to ensure that data isn't corrupt and compromised, and to achive that you have to make imposible to an atacker to report false info so the best is to have improved some cryptographyc algorithms both on client and server to crypt decrypt encode decode data...
View 2 RepliesHow do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:inetpubdata. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there.
Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview.
The full path to C:inetpubdata is resolved and loaded in the Page_load event of the viewer page. Now I'm wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won't been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page.
How do I stop anybody hacking this?
I have a graphical user interface for my company product.I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text; [code]....
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I am rather new to asp.net but I have built a couple of apps that do not require users to login. am having some problems moving my secure .net application from my laptop to a production server, however, and I am hoping someone can help me. On my laptop my application's user authentication functions as it should, but when I move my application to a webserver I get an assortment of errors. Forgive me if these questions are a little basic. My first question is this. In a production environment do I move the ASPNETDB.MDF file in the App_Data folder to my SQL server? Is it OK to rename it to something more descriptive?
View 4 RepliesCurrently I am facing a problem to communicate with a server that enable ssl...
normally we are using TCPClient to send and receive data from server, but now the server that I trying to connect to, need SSL and certificate..
I was trying to search at google and most of the solutions i got it is use SSLStream and X509Certificates. and I have another question, Am I need to create Client and Listener in order to communicate with that server? Because I had reviewed all the sample and they didn't attach the private key when send request to server.
I am interested in learning how to set up a secure report server with which I can publish individualized reports to my constituents. I know that banks and brokerage firms can do this, but I am not sure how it is done. I want to publish documents for an academic institution (grades, bills, transcripts, etc). I know some ASP.net and I am pretty fleuent in Crystal Reports. I am considering using a product like pdf-explode to disseminate reports via email, but I would really like to learn how to set up a secure site for my constituents and have them view the reports there.
View 1 RepliesI have written the above code and im getting an error as below-System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at at
System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response) at System.Net.Mail.MailCommand.Send(SmtpConnection conn, Byte[] command, MailAddress from, Boolean allowUnicode) at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception) at System.Net.Mail.SmtpClient.Send(MailMessage message) at smtptest._Default.btnSend_Click(Object sender, EventArgs e) in c:usersadministratordocumentsvisual studio 2010ProjectssmtptestsmtptestDefault.aspx.cs:line 71
Its working on local but when im hosting my application im getting above error
using (MailMessage mm = new MailMessage("myid@gmail.com","reciverid@yahoo.com"))
{
mm.Subject = "test";
mm.Body = "email testing";
mm.IsBodyHtml = false;
SmtpClient smtp = new SmtpClient();
[code]....
IIS 6 installed on Vista (Virtual PC) not member of domain, Visual studio 2008 based website. Active Directory Membership configured in web.config.
Trust level set to Full. Using Login control to authenticate.
[Code]....
Server does not support secure connections. at System.Net.Mail.SmtpConnection.GetConnection(String host, Int32 port) at System.Net.Mail.SmtpTransport.GetConnection(String host, Int32 port) atSystem.Net.Mail.SmtpClient.GetConnection() at System.Net.Mail.SmtpClient.Send(MailMessage message) at MailWebService.SendMail(String fromAddress, String toAddress, String subject, String body)I am using a web service to send my mail and I get this error when smtp.EnableSsl = true;If I change it to false it works
View 2 RepliesI cannot get a successful connectiong to the active directory when logging onto a web form. Here is the code I have in the web.config:
<configuration>
<appSettings/>
<connectionStrings>
[code]...
I am created a from sending mails. I have tried ur code.. But I am getting under error.
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication RequiredÂ
We're having an error similar to the one detailed here. We get the error noted above when trying to do AD authentication from our .net (3.5) mvc 2 app. This is our first .net mvc app ...
http://forums.asp.net/t/1161047.aspx
- We are re-using a forms auth library written for a .Net 2 app
- that library/app/config used a service account with min. privileges for binding to AD
- This error occurs in VS 2008, have not tried deploying the app to a server yet (a little early for that)
- like the other user at the previously referenced thread, I can get the 'unable to establish ...' error to go away and display the log on page by putting *MY* credentials in instead of the service account (but not successfully authenticate)
- moving the service account into the same AD OU as my account does not seem to change it ... only using my account credentials does.
- trust level is set to full
Is this some odd permissions trick that is new with .Net 3.5 (even though the ADmembershipProvider is still a 2.0 libary)? This should have nothing to do with MVC itself.
Config looks like this (very standard, like every one else's)
[Code]....
The line/portion highlighted in the debug/stacktrace is:
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
i'm trying to send email through gmail account
i get this error:
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at
web config is like below:
[Code]....
and my code :
[Code]....
How to fix this error,
"The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at"
[URL].....
