Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
  Advanced Search
  HOME    TRACKER    ASP.NET


Advertisements:










Security :: Add An Expiration Token To A Existing Querystring?


I don't know ifthe following is possible or not but in brief, here is what I'm trying to achieve:

1. When a user requests to view a document, they click on a link (could be other) which contains an encrypted query string containing data required to retrieve the relevant document. i.e.[URL]

2. I want to ensure that if after x minutes the user goes back to their history and select the link again or re-type the same url as above that it will not request the document and redirect them to a page letting them know that the requested document "link" is no longer valid.

I don't want to rely on cookies or sessions, so thought that maybe there would be a way to add a datetime token at the end of the existing url but this needs to be done at run-time as the url is already predefined when the link is created, so I'm not sure how can I do this?

ideally, I'd like something like this [URL]where the token would contain the date & time when the link was clicked.

Once re-requested,I would decrypt the token and validate it again the server time and if it was over the x minutes defined, it would redirect me to the "link is no longer valid" page.


View 2 Replies (Posted: Jul 02, 2010 02:50 AM)

Sponsored Links:

Related Forum Messages For ASP.NET category:
Security :: Storing A Token In Browser Or In Querystring?
We have developed a system to allow users to access another one of our web applications by placing a token in the db and then when they redirect passing this token in the browser to the new apop and using that as an authenication method. However I am thinking that it might be better to simply place this token in the browser cookie as then the user doesnt have to physically click a link they can simply do straight to it because the token wont be in the query string anymore....

Will it add much of an overhead doing it via cookies are there any disadvantages?

Posted: Feb 17, 2010 01:06 PM

View 4 Replies!   View Related
Security :: How To Security Token Transfer To J2EE Web Application
Hereis 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?

Posted: Mar 06, 2010 01:52 PM

View 3 Replies!   View Related
Security :: How To Set A Trial Expiration
I am not sure if I am asking thisquestion correctly. Sometimes when you don't know enough, you may not know what to ask. I want to set up memberships with an ASP.NET website. The memberships will have a 14 day free trial period. After that, the user will need to pay a fee if they wish to continue to access the website. I am not sure how to accomplish this. After adding a membership database to thewebsite, setting up roles ect., what do I do next? Do I need to make adjustments to the tables of the database, or write some code somewhere in the application? I have never done this exercise before, Logically, I know that I need to implement something that keeps track of expiration date. Also, how do I prevent a user from just making up new user names and credentialing?

Posted: Aug 12, 2010 09:00 PM

View 4 Replies!   View Related
Security :: Use Token Based Authentication?
How to create Uniue Token with properties like expiration time,

Any standars method provided by Microsoft,

Posted: Mar 02, 2010 04:31 AM

View 2 Replies!   View Related
WIF Security Token Service Not Staying Logged In
I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in.

Here's what occurs in my login.aspx on the STS
var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket);
if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(cookie);
var returnUrl = Request.QueryString["ReturnUrl"];
Response.Redirect(returnUrl ?? "default.aspx");

Which was taken almost directly from existing application using normal Forms Auth.
From my web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="2880"
name=".STS" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="default.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>

Looking at the cookie after I sign in I can see the expires time on the cookie is set for 14 days in the future and that the cookie is NOT a session cookie. When I'm required to log back into the STS I can see that my original cookie is still there. Is there some kind of time stamp functionality that the STS embeds into the cookie that is invalidating my cookie even though as far as I know it should still be valid?

Posted: Aug 27 10 at 15:43

View 2 Replies!   View Related
Security :: Token Login Don't Keep Session With Two Applications?
I've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.

To this way, by token, I create a new session and save the relative auth cookie.

But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.

Both the two application are behind an reverse proxy.

Posted: Jun 15, 2010 09:44 AM

View 3 Replies!   View Related
Security :: FormAuthentication Ticket Expiration Check?
I have a asp.net application where i am using FormAuthentication Ticket when user Sign in....on each page I want to check if FormAuthentication Ticket has expired ...how to do this ?..

Posted: Jan 26, 2011 03:36 AM

View 6 Replies!   View Related
Security :: Force Password Expiration After Number Of Days?
Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?

So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?

Posted: Aug 23, 2010 11:31 PM

View 5 Replies!   View Related
Cookies - Windows Identity Foundation - How To Get New Security Token
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.

In ASP.net, security tokens are stored as cookies.

I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.

How do I remove the token so that the user can log in again and get a new token?

Posted: Feb 1 10 at 21:46

View 2 Replies!   View Related
Security :: Apply Expiration Date To A Membership On A Pay Site?
I am developing a new website that is membership based with yearly subscriptions. Using VS2010/asp.net4/c#. I have my site up to the point where all my content is ready to go and i can add members to the database to access all the premium content.

However, I have no idea how to impliment a start date and expiration date for that membership. I have been following along with Wrox Beginning asp.net 4.0 from beginning to end and this isn't covered at all. I also have Apress Pro asp.net 4 as well and I cant find anything dealing with that in there either.

What I would love to be able to find is some book or tutorial that i can follow along with and learn from so that this doesn't happen again to me.

In short what I need to do is this.

1. Add new user to defined membership role

2. Apply start/end date to that user

3. When the end date has passed I need to reasign them to a new role and then redirect them to another page with a notification

4. I guess lastly some way to add/manage members as an admin on my deployed site. Durring development i was using the built in Web Site Admin Tool but I just found out that only works on my local machine.

I have a feeling this this will be a very simiple fix but because of my total lack of experience it has been driving me crazy for three days tyring to hunt down info.

Posted: Mar 02, 2011 03:19 AM

View 12 Replies!   View Related
Security :: Forms Authentication - Users Logged Out Before Cookie Expiration?
For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?

[code]....

Posted: Jun 16, 2010 01:53 PM

View 1 Replies!   View Related
Security - Securing Forms Authentication Token On Client Side?
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

Posted: Jul 16 10 at 15:57

View 1 Replies!   View Related
MVC - Html.BeginForm(). Can Post Back To A Different Route And Keep Existing Querystring Values
I have a post-only action that has a different route. In my form, I need to post to it, but also keep the querystring values I currently have.

Initial response: /my/first/path/?val1=hello
Needs to post to: /my/other/path/?val1=hello

It seems when I specify a route, it of course only returns the route and doesn't append the querystring values of my original page (for obvious reasons).Is it possible to cleanly append querystring values to my the action attribute of the form tag?

Posted: Sep 16 10 at 14:06

View 3 Replies!   View Related
Security :: How To Redirect The User Automatically To Login Page After Session Expiration
How i redirect the page to Login page automaticallyif session Expires .

Posted: Mar 10, 2010 10:15 AM

View 7 Replies!   View Related
Security :: Automatic Expiration Of Forms Authentication When User Closes The Browser Windows Without Signing
can u tell me how to automatically sign out a user ifhe/she closes the browser window without signing out. I'm usingForms Authentication.

Posted: Aug 28, 2010 01:32 PM

View 1 Replies!   View Related
Security :: Encrypt Request.querystring And Descrpt Request.querystring
Encrypt request.querystring and Descrpt request.querystring

Posted: Apr 24, 2010 10:12 AM

View 1 Replies!   View Related
Security :: How To Add ApplicationName To Existing Website
I have a (internet) web site with the below web.config (everything works fine). How would I alter this to include an applicationName attribute. I wish to eventually have multiple web sites using the same ASPNETDB database.

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Server=myserver.com; Database=MyDB; Uid=MyUser; Pwd=MyPassword; Trusted_Connection=False;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Error.aspx"/>
<roleManager enabled="true"/>
<authentication mode="Forms"/>
<compilation debug="false"/>
<pages theme="Standard"/>
</system.web>
</configuration>

Posted: Mar 25, 2010 01:10 PM

View 6 Replies!   View Related
Security :: Adding Existing Membership To A Project?
I have DB (my.mdf ) with already created membership (aspnet_db tables). There are defined roles and users.

I would like to integrate it in my project.

I dropped *.mdf into App_Data folder. When I open app.net configuration (under menu Project) I can't see neither User nor Roles.

What step am I missing?

Posted: Mar 06, 2010 06:30 PM

View 2 Replies!   View Related
Security :: Send Existing Password By Mail?
Is it possible to send the existing password from a user in stead of a new password ?

For example : Membership.GetUser("USERNAME").password

Posted: Jun 12, 2010 05:13 PM

View 6 Replies!   View Related
Security :: Migrate Existing Users / Trying To Use GetPassword()?
I need to migrate existing users, I will be creating the users account and setting a dummy password for the first time login... My problem is that by doing this they will not have their security question and answer filled in... I am trying to create a page that will force the user to set up their question and answer at first long ... The problem that I am having is when i try to get the password i get the following error..

here is the code that I am using:

[Code]....

[Code]....

Posted: Dec 09, 2010 07:39 PM

View 9 Replies!   View Related
Security :: Login Facility In Existing Website?
I have an existing application that has 50+html pages and 20+ aspx pages. The websiteis runningsmoothly.

Now the client came up with a new requirement, he says he wants a single sign on functionality(login based)in the website.

few htmls to be open foranomymus users few htmls need compulsorylogin few aspx open for anonymus users few aspx need compulsory login

What will be the simplest ways to do this in the above existing website.

Posted: Mar 06, 2010 03:29 AM

View 3 Replies!   View Related
Security :: How To Create Roles For The Existing Users In Database
I am newbie to asp.net.I want to create roles for the existing users in my database. I dont want to use the membership provider database n roles provided with it.(i don't want to use aspnet.mdf at all)

I am create roles for my existing users n assign i wanted to assign the particular roles to a particular assign.

Posted: Jun 10, 2010 06:56 PM

View 2 Replies!   View Related
Security :: Adding Membership Tables To Existing Database?
I am running windows 7 and NET Framework 4.

Problem is I dont know how to locate the asp.reg.sql tool that will do this using windows 7.

how to do this?

Posted: Feb 22, 2011 11:07 PM

View 1 Replies!   View Related
Security :: Can Use An Existing SSL Certificate Of Virtual Directory To A Sub-domain
can i use an existing SSL certificate of my virtual directory to a sub-domain??I am removing the virtual directory and moving it as a sub-domain... so can i use the SSL certificate which I am using to the new sub-domain

Posted: Dec 30, 2009 08:09 PM

View 1 Replies!   View Related
Security :: How To Retain Querystring Values In ReturnURL
I've got a couple pagesin my web app that are used by external applications. They will link to the pages, and pass in various querystring values to allow my app to do the searching and return the results in the page. The problem is, if the user is not yet logged into the web app, they are sent to the login page, and the ReturnURL is truncated to include only the first QueryString value. I lose the rest of the values. So far I haven't figured out a solution to this. Here's a quick example:

The external application links the user to:
[URL]

If the user is not logged in they are sent to the login page, and the current URL looks like this:

[URL]

Posted: Oct 21, 2010 06:23 PM

View 4 Replies!   View Related
Security :: Splitting Querystring And Searching Profile?
How would i go about searching for data in the profile system?

I am looking to make a page with a search bar - type in a name, and this goes to searchresults.aspx?id=what you just searched.

How then do I select the Profile.FirstName and Profile.LastName within the profiletable?

Because it is the auto generated profile system, these values are stored withing the Profile table but not as seperate columns..

Also, how do i split up the querystring into a first name and last name to match to the seperate profiles?

Posted: Oct 19, 2010 12:43 PM

View 1 Replies!   View Related
Security :: Unable To Use Existing Database Users And Roles, In New Web Application?
I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.

I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.

I can I make the new application to recognize the users and roles of the existing database?

Posted: Jul 13, 2010 12:06 AM

View 9 Replies!   View Related
Security :: How To Authenticate Users With Existing Login Control Mechanism
we have a web site (Web Site 1)which is presently working and authenticates the users using ASP.Net login control.

We have a new site (Web Site 2)which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using

Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.

Posted: Feb 05, 2011 12:19 AM

View 4 Replies!   View Related
Security :: Customizing Membership Providers / Modify The Existing Sp's In Sql08
This is the first time i would be using .net membership providers and i need to add some extra columns and chage a couple of existing datatypes of the exising columns.

my Q is:

1)can i do this without having to suffer down the road.

2)can i modify the existing sp's in sql08 or would i need to use additional sp's for the new columns that i add.

Posted: Jan 12, 2010 04:18 PM

View 4 Replies!   View Related
Security :: Convert Existing User Database From Hashed To Encrypted
I've taken over a website which has around 3000 users registered using the standard asp.net membership provider on a SQL database. When the website was set up there were a lot of gaps in the system and we have a lot of tidying up to do of users with the same email addresses etc and invalid addresses so i'm just starting to look at how i can wrap all of this up and make administering the user accounts easier.

At the moment the account passwords are stored in "Hashed" format set in the web.config and obviously this doesn't allow for password retrieval. I want to know whether there is a way of converting all of these passwords from a hashed format to an encrypted format thus allowing me to create a password recovery page that doesn't then send the user a new password which is quite often something like "a*ns7#<3lx"

Ideally i'd like to convert all of these if that is possible so that I do a much simpler password retrieval system. If this is not possible can you tell me how i go about setting the passwordreset value not to contain all sorts of non-alpha/numberic characters?

Posted: Aug 12, 2010 02:30 PM

View 10 Replies!   View Related
Security :: Request QueryString - Change In Id Opens Other Page?
I have completd my project, in that project i used Request.QueryString["id"], its working fine, in this project if change the "id" securities pages also opening now what can i do?

Posted: Jan 20, 2010 04:26 AM

View 2 Replies!   View Related
Security :: Automatically Log Users Into Application With Existing Test Username And Password?
At this website when any user clicks on the host logon menu item: i want to create script that would automatically fill in the username: Test, password: champion, and log the user into the test application.

I have tried a link that looks like this [URL]

Posted: Dec 24, 2009 10:05 PM

View 4 Replies!   View Related
Security :: HttpContext.Session A Potentially Dangerous Request.QueryString Value Was Detected?
I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update="<SETIProducts><Produ...")."}
System.Exception {System.Web.HttpRequestValidationException}

Posted: Sep 29, 2010 06:58 PM

View 3 Replies!   View Related
Web Forms :: Querystring Value / Imagename In Also Want To Send Span Element's Text With Same Querystring?
How can i use querystring for this-

Here in below code i have used querystring for sending imagename from this page to another page. Now i just want that with this imagename in also want to send span element's text with same querystring.How can i achieve this?

[Code]....

Posted: Aug 30, 2010 01:05 PM

View 1 Replies!   View Related
Web Forms :: Retrieve A Value From The Querystring And List It In Querystring
I have a hyperlink in my listview and in there the navigateurl will be

[Code]....

If it is not possible to receive a value from the label, can you just show me how I can request the querystring?

Posted: Nov 24, 2009 12:07 AM

View 2 Replies!   View Related
Static Var Expiration?
I have a class like this:

/// <summary>
/// Summary description for MyBaseC
/// </summary>
[code]...

When does this Guid expire? Could this code be handy to replace a session var?

Posted: Sep 08, 2009 09:59 AM

View 4 Replies!   View Related
How To Set Expiration To Image
I'm creating image (jpg) at run time in my application (ASP.NET/C# 3.0). I need to delete the created image after 30 mins. So is it possible to set expiration to the image after 30 mins when creating the image like setting expiration to cookies.

Posted: Mar 03, 2010 01:32 PM

View 3 Replies!   View Related
How To Set Email Expiration
I'm programatically sending an email and I want toset it to expire after a certain amount of time. I tried using the following but it doesn't seem to work:

message.Headers.Add("Expires", Now.AddMinutes(2))

I can see the value in the header but the email doesn't actually expire.

Posted: Jul 01, 2010 10:24 AM

View 4 Replies!   View Related
MVC 2.0 TempData Expiration?
What happens in Asp.Net MVC 2.0, when next request does not come ever to retrieve value from TempData. Is it stored permanently or expires?

Posted: Jul 3 10 at 10:09

View 1 Replies!   View Related
Copyright 2005-08 www.BigResource.com, All rights reserved