Security :: Add An Expiration Token To A Existing Querystring?

Jul 2, 2010

I don't know if the following is possible or not but in brief, here is what I'm trying to achieve:

1. When a user requests to view a document, they click on a link (could be other) which contains an encrypted query string containing data required to retrieve the relevant document. i.e.[URL]

2. I want to ensure that if after x minutes the user goes back to their history and select the link again or re-type the same url as above that it will not request the document and redirect them to a page letting them know that the requested document "link" is no longer valid.

I don't want to rely on cookies or sessions, so thought that maybe there would be a way to add a datetime token at the end of the existing url but this needs to be done at run-time as the url is already predefined when the link is created, so I'm not sure how can I do this?

ideally, I'd like something like this [URL] where the token would contain the date & time when the link was clicked.

Once re-requested, I would decrypt the token and validate it again the server time and if it was over the x minutes defined, it would redirect me to the "link is no longer valid" page.



ADVERTISEMENT

Security :: Storing A Token In Browser Or In Querystring?

Feb 17, 2010

We have developed a system to allow users to access another one of our web applications by placing a token in the db and then when they redirect passing this token in the browser to the new apop and using that as an authenication method. However I am thinking that it might be better to simply place this token in the browser cookie as then the user doesnt have to physically click a link they can simply do straight to it because the token wont be in the query string anymore....

Will it add much of an overhead doing it via cookies are there any disadvantages?

View 4 Replies View Related

Security :: How To Security Token Transfer To J2EE Web Application

Mar 6, 2010

Here is 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest ) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?

View 3 Replies View Related

Security :: How To Set A Trial Expiration

Aug 12, 2010

I am not sure if I am asking this question correctly. Sometimes when you don't know enough, you may not know what to ask. I want to set up memberships with an ASP.NET website. The memberships will have a 14 day free trial period. After that, the user will need to pay a fee if they wish to continue to access the website. I am not sure how to accomplish this. After adding a membership database to the website, setting up roles ect., what do I do next? Do I need to make adjustments to the tables of the database, or write some code somewhere in the application? I have never done this exercise before, Logically, I know that I need to implement something that keeps track of expiration date. Also, how do I prevent a user from just making up new user names and credentialing?

View 4 Replies View Related

Security :: Use Token Based Authentication?

Mar 2, 2010

How to create Uniue Token with properties like expiration time,

Any standars method provided by Microsoft,

View 2 Replies View Related

WIF Security Token Service Not Staying Logged In

Aug 27, 2010

I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in.

Here's what occurs in my login.aspx on the STS
var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket);
if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(cookie);
var returnUrl = Request.QueryString["ReturnUrl"];
Response.Redirect(returnUrl ?? "default.aspx");

Which was taken almost directly from existing application using normal Forms Auth.
From my web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="2880"
name=".STS" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="default.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>

Looking at the cookie after I sign in I can see the expires time on the cookie is set for 14 days in the future and that the cookie is NOT a session cookie. When I'm required to log back into the STS I can see that my original cookie is still there. Is there some kind of time stamp functionality that the STS embeds into the cookie that is invalidating my cookie even though as far as I know it should still be valid?

View 2 Replies View Related

Security :: Token Login Don't Keep Session With Two Applications?

Jun 15, 2010

I've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.

To this way, by token, I create a new session and save the relative auth cookie.

But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.

Both the two application are behind an reverse proxy.

View 3 Replies View Related

Security :: FormAuthentication Ticket Expiration Check?

Jan 26, 2011

I have a asp.net application where i am using FormAuthentication Ticket when user Sign in....on each page I want to check if FormAuthentication Ticket has expired ...how to do this ?..

View 6 Replies View Related

Security :: Force Password Expiration After Number Of Days?

Aug 23, 2010

Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?

So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?

View 5 Replies View Related

Cookies - Windows Identity Foundation - How To Get New Security Token

Feb 1, 2010

I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.

In ASP.net, security tokens are stored as cookies.

I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.

How do I remove the token so that the user can log in again and get a new token?

View 2 Replies View Related

Security :: Apply Expiration Date To A Membership On A Pay Site?

Mar 2, 2011

I am developing a new website that is membership based with yearly subscriptions. Using VS2010/asp.net4/c#. I have my site up to the point where all my content is ready to go and i can add members to the database to access all the premium content.

However, I have no idea how to impliment a start date and expiration date for that membership. I have been following along with Wrox Beginning asp.net 4.0 from beginning to end and this isn't covered at all. I also have Apress Pro asp.net 4 as well and I cant find anything dealing with that in there either.

What I would love to be able to find is some book or tutorial that i can follow along with and learn from so that this doesn't happen again to me.

In short what I need to do is this.

1. Add new user to defined membership role

2. Apply start/end date to that user

3. When the end date has passed I need to reasign them to a new role and then redirect them to another page with a notification

4. I guess lastly some way to add/manage members as an admin on my deployed site. Durring development i was using the built in Web Site Admin Tool but I just found out that only works on my local machine.

I have a feeling this this will be a very simiple fix but because of my total lack of experience it has been driving me crazy for three days tyring to hunt down info.

View 12 Replies View Related

Security :: Forms Authentication - Users Logged Out Before Cookie Expiration?

Jun 16, 2010

For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?

[code]....

View 1 Replies View Related

Security - Securing Forms Authentication Token On Client Side?

Jul 16, 2010

In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

View 1 Replies View Related

MVC - Html.BeginForm(). Can Post Back To A Different Route And Keep Existing Querystring Values

Sep 16, 2010

I have a post-only action that has a different route. In my form, I need to post to it, but also keep the querystring values I currently have.

Initial response: /my/first/path/?val1=hello
Needs to post to: /my/other/path/?val1=hello

It seems when I specify a route, it of course only returns the route and doesn't append the querystring values of my original page (for obvious reasons).Is it possible to cleanly append querystring values to my the action attribute of the form tag?

View 3 Replies View Related

Security :: How To Redirect The User Automatically To Login Page After Session Expiration

Mar 10, 2010

How i redirect the page to Login page automatically if session Expires .

View 7 Replies View Related

Security :: Automatic Expiration Of Forms Authentication When User Closes The Browser Windows Without Signing

Aug 28, 2010

can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.

View 1 Replies View Related

Security :: Encrypt Request.querystring And Descrpt Request.querystring

Apr 24, 2010

Encrypt request.querystring and Descrpt request.querystring

View 1 Replies View Related

Security :: How To Add ApplicationName To Existing Website

Mar 25, 2010

I have a (internet) web site with the below web.config (everything works fine). How would I alter this to include an applicationName attribute. I wish to eventually have multiple web sites using the same ASPNETDB database.

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Server=myserver.com; Database=MyDB; Uid=MyUser; Pwd=MyPassword; Trusted_Connection=False;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Error.aspx"/>
<roleManager enabled="true"/>
<authentication mode="Forms"/>
<compilation debug="false"/>
<pages theme="Standard"/>
</system.web>
</configuration>

View 6 Replies View Related

Security :: Adding Existing Membership To A Project?

Mar 6, 2010

I have DB (my.mdf ) with already created membership (aspnet_db tables). There are defined roles and users.

I would like to integrate it in my project.

I dropped *.mdf into App_Data folder. When I open app.net configuration (under menu Project) I can't see neither User nor Roles.

What step am I missing?

View 2 Replies View Related

Security :: Send Existing Password By Mail?

Jun 12, 2010

Is it possible to send the existing password from a user in stead of a new password ?

For example : Membership.GetUser("USERNAME").password

View 6 Replies View Related

Security :: Migrate Existing Users / Trying To Use GetPassword()?

Dec 9, 2010

I need to migrate existing users, I will be creating the users account and setting a dummy password for the first time login... My problem is that by doing this they will not have their security question and answer filled in... I am trying to create a page that will force the user to set up their question and answer at first long ... The problem that I am having is when i try to get the password i get the following error..

here is the code that I am using:

[Code]....

[Code]....

View 9 Replies View Related

Security :: Login Facility In Existing Website?

Mar 6, 2010

I have an existing application that has 50+ html pages and 20+ aspx pages. The website is running smoothly.

Now the client came up with a new requirement, he says he wants a single sign on functionality(login based) in the website.

few htmls to be open for anomymus users few htmls need compulsory login few aspx open for anonymus users few aspx need compulsory login

What will be the simplest ways to do this in the above existing website.

View 3 Replies View Related

Security :: How To Create Roles For The Existing Users In Database

Jun 10, 2010

I am newbie to asp.net.I want to create roles for the existing users in my database. I dont want to use the membership provider database n roles provided with it.(i don't want to use aspnet.mdf at all)

I am create roles for my existing users n assign i wanted to assign the particular roles to a particular assign.

View 2 Replies View Related

Security :: Adding Membership Tables To Existing Database?

Feb 22, 2011

I am running windows 7 and NET Framework 4.

Problem is I dont know how to locate the asp.reg.sql tool that will do this using windows 7.

how to do this?

View 1 Replies View Related

Security :: Can Use An Existing SSL Certificate Of Virtual Directory To A Sub-domain

Dec 30, 2009

can i use an existing SSL certificate of my virtual directory to a sub-domain??I am removing the virtual directory and moving it as a sub-domain... so can i use the SSL certificate which I am using to the new sub-domain

View 1 Replies View Related

Security :: How To Retain Querystring Values In ReturnURL

Oct 21, 2010

I've got a couple pages in my web app that are used by external applications. They will link to the pages, and pass in various querystring values to allow my app to do the searching and return the results in the page. The problem is, if the user is not yet logged into the web app, they are sent to the login page, and the ReturnURL is truncated to include only the first QueryString value. I lose the rest of the values. So far I haven't figured out a solution to this. Here's a quick example:

The external application links the user to:
[URL]

If the user is not logged in they are sent to the login page, and the current URL looks like this:

[URL]

View 4 Replies View Related

Security :: Splitting Querystring And Searching Profile?

Oct 19, 2010

How would i go about searching for data in the profile system?

I am looking to make a page with a search bar - type in a name, and this goes to searchresults.aspx?id=what you just searched.

How then do I select the Profile.FirstName and Profile.LastName within the profiletable?

Because it is the auto generated profile system, these values are stored withing the Profile table but not as seperate columns..

Also, how do i split up the querystring into a first name and last name to match to the seperate profiles?

View 1 Replies View Related

Security :: Unable To Use Existing Database Users And Roles, In New Web Application?

Jul 13, 2010

I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.

I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.

I can I make the new application to recognize the users and roles of the existing database?

View 9 Replies View Related

Security :: How To Authenticate Users With Existing Login Control Mechanism

Feb 5, 2011

we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.

We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using

Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.

View 4 Replies View Related

Security :: Customizing Membership Providers / Modify The Existing Sp's In Sql08

Jan 12, 2010

This is the first time i would be using .net membership providers and i need to add some extra columns and chage a couple of existing datatypes of the exising columns.

my Q is:

1)can i do this without having to suffer down the road.

2)can i modify the existing sp's in sql08 or would i need to use additional sp's for the new columns that i add.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved