MVC Perform Secured Action - Inserting Row Into Database
Jan 24, 2010
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. Am I missing something important? It seems like it could be a really big security issue.
After a user creates an account on my website, I want to redirect the user to the home page and display a twitter style message bar on top. This is how I have it:
success: function (response) { if (response.Success) { location.href = response.ReturnUrl; } ShowMessageBar(response.Message); },
The message bar does appear but it gets displayed only for a second as it gets canceled by the redirect. What can I do to display the message right after the redirect has completed? Is there a complete event for the location.href?
Without giving away specifics: basically, I have a bunch of users adding content to my site. What happens now is ajax sends the text to a web service which does its thing, sends the info to the DB, Sends the user an e-mail, and then returns a response to the browser to do something.
What I would like to do is change that order. I want to return a response to the browser so the user is not waiting on the e-mail to send before they get their response. Basically, I'm trying to gain every milisecond I can to quicken the response, and there's no reason for the user to wait for the server to send their e-mail before it tells them that everything worked ok. If the info went to the DB, that's all the user needs to know, they'll know the e-mail sent when it shows up in their inbox. I notice this is an issue on my local machine which has no SMTP server and can actually hang the page response up for a few extra seconds because it's throwing errors trying to send something with no SMTP server.
So, I know in my function when I say
[Code]....
it WORKS, but I want to send the e-mail after the return. Is there ANY way to get this to happen?
I am currently trying to make an html submit occur, but using the MVC helper method ActionLink as I do not want it to be a button, I want it to be an underlined link like the rest on my page. This is what I have currently
[Code]....
This jumps back to my action fine, but all the domains that are checked off to be deleted are not sent back. (if I use this,
[Code]....
it works fine so I know it's not something wrong with submitting or retrieving the check boxes)
i have a e-commerce page which send data to last page for the payment...
In this last page, the user confirm his intention to acquire products .... In this moment, i've created a sub which insert a new order in the database...all works!...
The problem born when i try (and user could too) to manually refresh the page...the code will be processed again and a new (second) order will be inserted in the database.....it's not correct...
This page make a postback after confirm button....so control page.ispostback will not resolve problem...
How could i intercept manual refresh of this page in a secure way ?
A web application works with the database. Once a day, the database should be scanned and alerts should be sent to users. From what I've seen out there, additional project has to be created which will be installed on the server and will work with the same database. Executable created by this project has to be installed in Windows scheduler to be activated once a day.This seems complicated and inefficient: starting additional executable and working on the same database.
I am an experienced developer but I am new to web application development. Now I am in charge of developing a new web application and I could really use some input from experienced web developers out there.
I'd like to understand exactly what experienced web developers do in the code-behind pages. At first I thought it was best to have a rule that all the database access and business logic should be performed in classes external to the code-behind pages. My thought was that only logic necessary for the web form would be performed in the code-behind. I still think that all the business logic should be performed in other classes but I'm beginning to think it would be alright if the code-behind had access to the database to query it directly rather than having to call other classes to receive a dataset or collection back.
I am inserting a picture into a database, using the following code.
strFileType = Path.GetExtension(filImage.PostedFile.FileName).ToLower(); switch (strFileType) { case ".gif": strMimeType = "image/gif"; break; case ".jpg": case ".jpeg": case ".jpe": strMimeType = "image/jpeg"; break; case ".png": strMimeType = "image/png"; break; } //Store the content length int iDocLength = filImage.PostedFile.ContentLength; byte[] bDocBuffer = new byte[iDocLength]; //Get stream object Stream streamImage; streamImage = filImage.PostedFile.InputStream; streamImage.Read(bDocBuffer, 0, iDocLength); cmPerson.CommandText = "INSERT INTO photos VALUES(@referenceid, @image, @imgtype)"; cmPatient.Parameters.AddWithValue("@referenceid", iPersonID.ToString("000000")); cmPerson.Parameters.AddWithValue("@image", bDocBuffer); cmPerson.Parameters.AddWithValue("@imgtype", strMimeType); cmPerson.ExecuteNonQuery();
If in case that the user, did not browser for a picture, then, I have to use the nopho.jpg that is stored in the images/folder of my web app. How am I be able to do this?
I have two ddl'a which i insert into a database inform of a grid. Now i will like to make sure the two data i am inserting is not already on the databse and if it exist i want a message to show. I dont have anything right now. I just need ideas on how to go about it.
I have a table memberprofile which has firstname. lastname, gender and physicalstatus. I have written repository class for memberprofile like this.
public void SaveMemberProfile(MemberProfile memberProfile) { matrimonyDb.MemberProfiles.InsertOnSubmit(memberProfile); matrimonyDb.SubmitChanges(); }
[Code]....
now if i click the submit button firstname, lastname, gender ARE getting inserte in to the table. only radiobutton value is not inserting it is showing null value.
During an adaption of a book based example application, to use an access database instead of sql server - I have come up with the final issue: It will not insert into the database! I suspect it might be to do with the OrderID, I do have it set to autonumber,but I am not too sure. This is the class that does the inserts, by adding customer information to customer table, order information to order table and ordeitems information to the orderitems table. When submitting this information on the webpage, there is the custom error that an error has occurred in your order due to this code page code behind
i have problem with adding list values(radio button list box ) to the database.my code seems to be correct.but when i clicked submit i got this error message. "Invalid column name 'Age'.all the filed names shown as invalid.how to solve this problem ?
[Code]....
and i also have another problem with a table.i'm able to insert and retrieve the data.but in sql interface all the coloums are empty.where all the data being stored.why i couldnt able to view the data?
I am having a task that, i need to insert a row in gridview but it should not effect in to database immideately. I am having a submit button in the form, whenever i click that submit button all the data in the form should be inserted into the database in their respective tables.
I have already created add/delete rows.. if i click on addRows new rows will be added and when i click DeleteRows the row will be deleted..BUT my question is when new rows are added n the entered data in new rows need to inserted into DAtabase...
I am using ASP.NET 2.0, C#, SQL Server 2005. I have a gridview which has 10 records. I want to only insert few records(for example: 3 records) to the database. How to insert only part of the whole data to the database.
i got the following error when i tried to inser a recrord from my MVC web application , although the insert will work fine when i tried to inser the record manually from the databse explorer, and i checked all the FK relationship they sound valid:-
The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Articles_Users". The conflict occurred in database "84A669DA0E532BEFAFBE7BE38367071F_IONALNETWORKWEBAPPLICATIONPROFESSIONALNETWORKWEBAPPLICATIONAPP_DATAPROFESSIONALNETWORKDB.MDF", table "dbo.Users", column 'User_ID'.The statement has been terminated.
in my application i am trying to insert the embeded (video) into database, but it is giving error like this.i am using storeprocedure for inserting. Server Error in '/embeded' Application. A potentially dangerous Request.Form value was detected from the client (txtEmbed="
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtEmbed="
I am having a problem in inserting characters such as a name into a mySql database via an Asp.net application.
If I inserted numbers, the app adds the numbers into the database and I can see them, but the case with names, the name column in the database shows no values (keeps on showing null values) along with the numbers added.
