Vs2008, Windows 7, IIS7, SSL using a self signed Cert. On my dev machine I'm not seeing a problem, but on a client machine it pops up the "this page contains both secure and nonsecure items" dialog on a page. In IE8, I have the local intranet / display mixed content option set to Prompt, but it isn't making a difference, what else needs to be set for me to see the problem?
View 4 Replies
I'm trying the above - Visual Web Developer 2008 express edition with SQL Server 2005 express using VB code behind on ASP.net 3.5 framework. I need to incorporate and amend some externally supplied classic asp pages, so switched to local IIS7 for compilation/run. I can run these pages, but am unable to amend them and have the changes reflected in what I see. Is this possible with this setup? Is there a configuration setup that I may need? Has anyone successfully done the above before?
View 2 RepliesI want to debug EditPanel.debug.js file of HTML Editor, but it never shows in VS 08 and Im sure it executes to that line.What I did to enable debuggingUnchecked both 2 checkboxes for disabling the debugging
Set ScriptMode="Debug"
Change following line
[ClientScriptResource("AjaxControlToolkit.HTMLEditor.EditPanel", "AjaxControlToolkit.HTMLEditor.EditPanel.js")]
to
[ClientScriptResource("AjaxControlToolkit.HTMLEditor.EditPanel", "AjaxControlToolkit.HTMLEditor.EditPanel.debug.js")]
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
On my web form, I have a RadioButtonList nested within a ListView as follows:
Nested RadioButtonList, and Inconsistency between Debug and Run without Debug
Debug-Start Debugging/Debug-StartWithoutDebugging OR Project ASP.Net Configuration launches Dreamweaver. It started lastnight, I had both Deamweaver and VWD 2008 express open at the same time - (I was looking at JQuery in the Microsoft and Dreamweaver enviroments simultaniously). After the first tie this happened, I closed down Dreamweaver (CS3) and it opened when I tried to run my VWD project. I reinstalled VWD 2008 express, IIS and disabled Dreamweaver (renamed the exe). Dreamweaver still came up.
View 4 RepliesI am using MVC2 on VS2010 Express edition. I followed a post by Dino Esposito on UI with JQuery passing data to a dialog from strongly typed views. I can't make the dialog work with modal:true option.Here I have a simple page that includes RenderPartial for a dialog. The dialog is supposed to pop up when a button is clicked. However, if I include modal:true as one of the dialog options, then when the button is clicked nothing happens. The dialog does not pop up. When I remove modal:true from the dialog options then dialog pops up as expected and closed as expected.
View 10 RepliesI've got a div on Page A.When an event happens (whatever I define, a click, whatever), I do a div.Dialog, set its properties and open itThe data inside is returned from an async .ajax call that grabs the data from a url and appends it to the div by calling div.html(data) inside the .ajax callback, so it's essentially loading a PageB by getting the data (content) and appending it to the div that's calling the dialog("open")...nothing special here I don't think.
My question: In Page B, how do I reference the dialog so I can do some things to it? For instance in Page B's content that I received back from that .ajax call and added to the div via .html(data), there is a button and when clicked I need to close the dialog.Right now my buttons are not working inside the dialog because one of them closes out the dialog and the other should redirect to a new page but both do not work now because I have no reference to the dialog that it's in to manipulate it. So I need reference so I can close the dialog via some jQuery that will reside in PageB (data).
I am getting an error saying "ASPNET account is not present in this machine" when I try to install Sitecore on my machine after I installed visual studio 2008..
- My machine is running on windows XP sevice pack 3
- I installed Visual Studio 2008 and .NET framework version 3.5 SP1 on that machine
- I can see that ASPNET User group account Under Users and Groups and it doesn't have "Account is locked out" ticked under general tab
- Also I ran aspnet_regiis -i many times but didn't help; actually I red in one post that I should delete ASPNeT account first and run the script but still didn't help
- when I view http://localhost on IE I can view the ASP home page without any problem but Firefox asks me to enter user name and password.
Net Framework 2.0 Net Framework 3.5 and above, but not addobjects that I use when I use ajax added. Why can not I add the NetFramework 2.0.
View 1 RepliesSo bit the bullet and installed vs2010 finally. However, when loading an existing vs2008 project, I am getting this error: "The project type is not supported by this installation." the only thing special about this project is that it's a "web application projects" type. what I've tried so far are these steps, but none of these solve my problem:
(1) run "devenv /setup"
(2) regsvr32.exe "%ProgramFiles%Microsoft Visual Studio 10.0Common7IDEProjectAggregator.dll"
I have created a MSI file for my windows service but at the time installtion it is prompting set Service login for login name, Password and confirm password. So I am not able to install that service.
View 1 RepliesSQL Server Express 2008 R2 installation is failed...plese see the error log ...i gave the password "sa"..please guide me Overall summary Final result: SQL Server installation failed. To continue, investigate the reason for the failure, correct the problem, uninstall SQL Server, and then rerun SQL Server Setup. Exit message: The specified sa password does not meet strong password requirements. For more information about strong password requirements, see "Database Engine Configuration - Account Provisioning" in Setup Help or in SQL Server 2008 R2 Books Online.
View 1 RepliesI changed my OS from Windows XP to Windows 7. I installed .net Framework SDK v2.0. Now i am trying to configure Asp.net Quick Start Tutorial. When i run ConfigSamples.exe in the Log file following details available.
AM 6:57:22 19 March 2010: [Begin Samples Configuration]
AM 6:57:23 19 March 2010: [Info] ConfigSamplesDll_DoTasks: Starting
AM 6:57:23 19 March 2010: [Info] Config_NETSDK_Detect: .NET Framework SDK installation (detecting): SOFTWAREMicrosoft.NETFramework
AM 6:57:23 19 March 2010: [Info] Config_NETSDK_Detect: .NET Framework SDK installation (found): SOFTWAREMicrosoft.NETFramework
AM 6:57:23 19 March 2010: [Info] ConfigSamplesDll_DoTasksWithGUI: Starting
AM 6:59:51 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (detecting): IIS://localhost/W3SVC
AM 6:59:51 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (not found): [Info] Config_ASPNET_Detect: ASP.NET installation (not found)
AM 6:59:51 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (not found): IIS://localhost/W3SVC
AM 6:59:51 19 March 2010: [Info] Config_SSE_DNLD_Detect: SQL Express service instance (detecting): MSSQL$SQLEXPRESS
AM 6:59:52 19 March 2010: [Info] Config_SSE_DNLD_Detect: SQL Express service instance (found): MSSQL$SQLEXPRESS
AM 6:59:52 19 March 2010: [Info] Config_SSE_INST_Detect: SQL Express service instance (detecting): MSSQL$SQLEXPRESS
AM 6:59:53 19 March 2010: [Info] Config_SSE_INST_Detect: SQL Express service instance (found): MSSQL$SQLEXPRESS
AM 6:59:53 19 March 2010: [Info] Config_IIS_Detect: IIS (Internet Information Services) installation (detecting): IIS://localhost/w3svc/1/root,IIS://localhost/w3svc/AppPools
AM 6:59:53 19 March 2010: [Info] Config_IIS_Detect: IIS (Internet Information Services) installation (found): IIS://localhost/w3svc/1/root,IIS://localhost/w3svc/AppPools
AM 6:59:54 19 March 2010: [Info] Config_QUICKSTARTDB_Detect: Quickstart Database and User Registration (detecting)
AM 6:59:55 19 March 2010: [Info] Config_QUICKSTARTDB_Detect: Quickstart Database and User Registration (found)
AM 6:59:55 19 March 2010: [Info] Config_QUICKSTART_Detect: Quickstart Samples Previous Build (detecting): SOFTWAREMicrosoft.NETFrameworksdkQuickStartSetupRun
AM 6:59:55 19 March 2010: [Info] Config_QUICKSTART_Detect: Quickstart Samples Previous Build (not found)
AM 6:59:56 19 March 2010: [Info] Config_NETSDK_Detect: .NET Framework SDK installation (detecting): SOFTWAREMicrosoft.NETFramework
AM 6:59:56 19 March 2010: [Info] Config_NETSDK_Detect: .NET Framework SDK installation (found): SOFTWAREMicrosoft.NETFramework
AM 7:04:39 19 March 2010: [Info] Config_ASPNET_Install: ASP.NET QuickStart registration (installing)
AM 7:04:57 19 March 2010: [Pass] Enabling ASP.Net for QuickStart virtual directory. Command: C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe -ir -enable.
AM 7:04:57 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (detecting): IIS://localhost/W3SVC
AM 7:04:57 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (not found): [Info] Config_ASPNET_Detect: ASP.NET installation (not found)
AM 7:04:57 19 March 2010: [Info] Config_ASPNET_Detect: ASP.NET installation (not found): IIS://localhost/W3SVC
AM 7:04:57 19 March 2010: [Fail] Config_ASPNET_Install: ASP.NET QuickStart registration (failed): ASP.NET QuickStart registration component could not be detected after installation
AM 7:04:57 19 March 2010: [Begin Samples Rollback]
Why am i getting Config_ASPNET_Detect: ASP.NET installation (not found)?
I've encountered a problem while installing Visual Studio 2010 on Windows 7, I've tried to modify the privileges of the destination folders to no avail, I've also tried to delete everything related to it with a removal tool. The problem is that the installation is always unsuccessful at the same point, providing me a Blue Screen of Death (twice) and the following error message (infinite amount of occasions):
[Code]....
Does anybody know the cause of the error? Is there an easier and less time consuming solution than reinstalling the whole system?
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
installed IIS on WinXP and created a virtual directory, placing all required files and setting access permissions for it, but I keep getting the error message:
[Code]....
It happens for every page I try to load, even the simplest "Hello world" ones. Could you give me some pointers on this one ?
why this no-secure message comes on my site's homepage in Internet Explorer
Following is message:"The web page contains content that can not be delivered using secure HTTPS connection"
message box comes with yes/no option.
I want to post my login form to a secure url.
I figured the best way to do this would be bust open the HTML helpers for BeginForm with reflector and create my own extension method called BeginSecureForm. The problem I ran into was that it uses internal method UrlHelper.GenerateUrl and and the private method HtmlHelper.FormHelper.
Apart from hard coding URLs into a form what is the best way to generate forms that post to a secure url and then have that action redirect to a non secure action after login?
I've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with new marker data, I use setTimeout in JavaScript to regularly call my 'UpdateMarkers' JavaScript function. 'UpdateMarkers' makes a call to a web service which performs the database query and returns a list of markers back to the JavaScript, which in turn updates the map.
The main issue I have with this method is that my web service requires that I pass it the name of the company so that it knows which table in the database to access. As you can imagine , this poses a security risk as anyone can pass a different company name to the web service and be able to retrieve the data from other companies, as well as their own.
In order to avoid this problem, I am restructuring my program as follows: When the system administrator creates users for my application, they can also assign a company ID to this user. The company ID is stored using the Profile object in ASP.NET. I am moving the web service code into a class with shared functions so that they can be called only within my pages (but not by anyone, like with web services). The functions will still require a company name passed to be passed to them. However, rather than the JavaScript making direct calls to these shared functions, the JavaScript will call a set of page methods (which as I understand it, are not public like web services). These page methods will then use the Profile object to retrieve the company name attached to the user currently logged in and then make a call to my shared database functions and return the info back to the JavaScript.
I think that this second method is more secure than the first, because I don't allow the client to pass different options to my code and retrieve unauthorized data. The server side code works out the parameters that need to be sent. However, I am wondering if there is a better way of doing this that I am missing out?
