Security :: Editing Content And Concerns?
Jul 2, 2010
I needed a way to let the people who use my websites edit certain content.
I had no luck in dealing with DotNetnuke, Umbraco and other CMS packages out.
So what I did instead was, I used labels to hold the content of certain pages, and I allow users, only if they have administrator rights, to edit that content by using a free text editor called FreeTextBox, which is an state of the art control.
it works like this:
If (admin)
{
textEditor.visible = true;
lblContent.text = textEditor.text;
}
It does what I want it to do.
Since I'm not very experinced I'm worried that this approach may expose my web application to security risks, or there might be a better way of doing this.
View 1 Replies
Similar Messages:
Oct 5, 2010
I have a third party company that we need to allow they users to pass into our website without loging in. TO keep it easy I was thinking of having them post to a custom login page on my site.
So their code would be something like this:
[Code]....
My landing/login page would do soemthign liek this.
[Code]....
My question is whether there are any security issues when using this kind of method? I am not sure yet what their site is written in. I figured that they could figure out how to do the post as long as I have the landing page for them and there is no security issues.
View 4 Replies
Feb 11, 2011
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
View 1 Replies
Jul 3, 2010
I have a MasterPage.master and default.aspx content page From the contetn page I'd like to edit a style property of an Html tage that is in the MasterPage.
[Code]....
But error:
Object reference not set to an instance of an object.
View 6 Replies
Nov 3, 2010
I have been working on this project for a few months in VS2008.. now that we are getting closer to the end, one of the other programmers has been working and doing his in VS2010, so when i try to open his projects in VS2008 it just shows up as XML.. so i have to open in VS2010.. thats fine..
But if i try to open my project in 2010, it prompts to use the conversion wizard.. Should i be concerned or are there any issues with doing the conversion? Being the end of the project, i dont want to cause issues at this point.. So would like to know if converting the project file at this stage in our project a good idea? Will there be any issues using his code with mine since they were developed in 2 different versions..
View 1 Replies
Sep 20, 2010
i have used createuserwizard control in my project (v.s 2010 ) using c# and i want to do some modifications like i have to set user roles automatically while registering,
View 1 Replies
Oct 3, 2010
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 Replies
Feb 20, 2011
I am trying to edit and update a selected users details, following the tutorial [URL]
I get the following errors in the Error List in VS 2010:
Error 6 'Comment' is not a member of 'System.Security.Principal.IPrincipal'. C:projectsFPOS_v2FamilyAdminedit_user.aspx.vb 21 9 C:projectsFPOS_v2
Error 5 'Email' is not a member of 'System.Security.Principal.IPrincipal'. C:projectsFPOS_v2FamilyAdminedit_user.aspx.vb 20 9 C:projectsFPOS_v2
Error 2 'FamilyAdmin_edit_user.Private Sub DeleteUser(sender As Object, e As System.EventArgs)' is not accessible in this context because it is 'Private'. C:projectsFPOS_v2FamilyAdminedit_user.aspx 140
Error 1 'FamilyAdmin_edit_user.Private Sub UnlockUser(sender As Object, e As System.EventArgs)' is not accessible in this context because it is 'Private'. C:projectsFPOS_v2FamilyAdminedit_user.aspx 138
Error 7 'IsApproved' is not a member of 'System.Security.Principal.IPrincipal'. C:projectsFPOS_v2FamilyAdminedit_user.aspx.vb 22 9 C:projectsFPOS_v2
Error 8 'UnlockUser' is not a member of 'System.Security.Principal.IPrincipal'. C:projectsFPOS_v2FamilyAdminedit_user.aspx.vb 88 9 C:projectsFPOS_v2
Error 4 Property 'User' is 'ReadOnly'. C:projectsFPOS_v2FamilyAdminedit_user.aspx.vb 11 9 C:projectsFPOS_v2
The code for the edit_user.aspx is:
[Code]....
The code for the edit_user.aspx.vb is which is where I am getting the error:
[Code]....
The problem is with the User. But I don't know how to sort this as im new to all this.
View 1 Replies
Dec 20, 2010
I am doing a project using asp.net/C# in three tier architecture .I have created a gridview with textboxes inside I have to get the name in the textbox by selecting the ID in another textbox. I have done the autocompletion in the textbox for ID using Ajax .Now I have to set the corresponding name to the selected ID retrieved from the database as the content of the textbox for name .I have tried to get the ID but I dont know in which event should i write the coding and how to get it .
View 2 Replies
Aug 25, 2010
I finally got membership and roles setup and seems to be working. I have setup a page to allow the creation of a user and editing of roles for a user. I would like to setup a page with a gridview that displays all users and what roles they are assigned. I remember running across someone else that was looking to do the same thing, but cant find it. Not sure if it was in this forum or online somewhere else.
But i found that i can use the aspnet_Membership_GetAllUsers procedure in my db to get all the users, but how can i add the roles to each person and possibly setup the gridview so that each role they have, is displayed on their row in the gridview So i would like to see something like this maybe more data displayed depending on the client request.
Username Email Last Login Roles
meofcourse me@hi.com 08/25/2010 X Admins X Approvers
themofcourse them@hi.com 05/25/2009 X Approvers
The X indicating a checkbox.. and have it setup so they can uncheck the role, that triggers the update and causes the list to refresh and display the new current roles for the individual users. The procedure listed about does not return the roles, so wasnt sure if i could use that procedure and union it with another to get the combined results im looking for.
View 4 Replies
Jan 5, 2010
When user come to site we know user IP. but how I can know country, reagion, city and etc. about this user.
Example If I know country I need show special content for it.
View 5 Replies
Mar 3, 2011
we want to have a fronend to a custom databasince, since I do have experiance with HTML/CSS and have used VB.NET before, I'm the one that gets to make it.
problem is, the one thing I have not used before is the autentication system in ASP.NET, I want to use single-signon for the system.
and I do have this right now, the only problem I have is how do I check if a user is logged in, and change the page content for autenticated users.
the template does have this:
[Code]....
which does indeed change the login view, problem is, how do I change this to change the pages and menu.this:
[Code]....
has to be a longer menu that also gives options to insert data into the database and/or remove/update the data.
View 3 Replies
Jun 17, 2010
I was wondering if someone could send me a link or tell me how to create a login page for administrators or content managers on a web application. I do not want everyone to have membership. Only certain people will be able to log in and change the content of the site. For others, it will be view only.
View 3 Replies
Dec 18, 2010
When i run my page on https it giving me error Do you want to view only the web page content that was delivered securely?
This web page contains content that will not be delivered using a secure https connection. Which could compromise the security of the entire web page. This error i am getting when running it in IE8 In Morzilla i am having warning...Contains Unauthenticated Content. i have checked my page source code but not find any http content all are having relative path etc.
View 4 Replies
Feb 10, 2010
My site is 100% private (only public facing page is login) I've had the need to open up a page to anon via the <location> node in the web config...and that all seems to work However the issue now appears to be that dynamic resources such as the Telerik.Web.UI.WebResource.axd and imagesjavascript changed via handlers dont load. A firebug of the situation shows that for those dynamic elements, it's trying to re-direct to login to get them Is there anyway around this?
View 3 Replies
Mar 13, 2011
I have a default page which has a content place holder on it...It defaults to the master.aspx page. Anyroad I attempt to put the loginview there but I can't seem to resize it. Is there something I'm doing wrong? I also put an ajax control in the loggedintemplate and I can't seem to resize that properly either.
View 5 Replies
Jan 13, 2011
i need some lessons in how to create admin folder and pages to add user ,content ,authentication, etc
View 2 Replies
Oct 19, 2010
I am having an issue, with the membership and form authentication. I am having a problem where when an logged in user types a url they can see the content of pages they're not suppose to. When the user tries to click on the screen or any ajax fires they are redirected to the main page. What is going on? I have all the items setup in the webconfig properly just wondering what is happening. Also I don't want to use a redirect solution for each page since that is what I thought webconfig was setup for.
View 1 Replies
Jan 4, 2010
I am building a website in which all of the site layout is in Master page and the content of the site is in the inherited pages. I have various links for navigation in which i simple use Response.Redirect to transfer to different pages. Now the problem is that I want to put the content place holder inside Ajax Update panel so that the postbacks are Asynchronous and I want to show the postback by an animated image inside Update Panel progress control. The problem is that I am unable to achieve this result and the entire page is posted back and rendered again. I have placed the content place holder inside the Ajax control toolkit's Update panel but it does not work. Is there any way that I can change the content of the content place holder to a new page with asynchronous postback.
View 9 Replies
Jan 30, 2010
I will be getting data through wcf service coming form commerce server (instead of DB). Data which is coming will be in the form big html content with all html tags or may be a single line sentence. I should display this dynamic data into the placeholder in the content page (master content page). I have been trying but not able to load when the data is in the form of HTML page. html content or may be single lline of senetence.
View 3 Replies
Oct 5, 2010
The WorldPay payment gateway suggests using this HTML to take the customer to the payment page:
<form action="https://select-test.wp3.rbsworldpay.com/wcc/purchase" name="BuyForm" method="POST">
<input type="hidden" name="instId" value="211616">
<input type="hidden" name="cartId" value="abc123">
<input type="hidden" name="currency" value="GBP">
<input type="hidden" name="amount" value="0">
<input type="hidden" name="desc" value="">
<input type="hidden" name="testMode" value="100">
<input type="submit" value="To Payment!">
</form>
How to I put this form on my page? The problem is I have a master page which wraps the content pages content in the ASP.net form, I can't nest the forms.
View 2 Replies
Sep 22, 2012
I am pasting my resume in CKEditor. My resume have some images, Horizontal line, Bullets. When I paste it in CKEditor is not displaying these contents there. Is it any other way to do it? I want to show my resume format as it is as I have on the browser.
I am using asp.net 4.0 ....
View 1 Replies
Oct 17, 2010
how can i add title and meta tags for content pages in a project base on master and content page(dinamically) ?
i used the blow method for master page :
[code]....
and the error is :(in line *)
Error 17 'System.Web.UI.MasterPage' does not contain a definition for 'SetMetaTags' and no extension method 'SetMetaTags' accepting a first argument of type 'System.Web.UI.MasterPage' could be found (are you missing a using directive or an assembly reference?)
View 3 Replies
Feb 26, 2010
I'm in a little bit of a bind and have some weird behavior happening with a multiview control behaving differently between two machines, and of course, the production machine is the broken one. The page renders the correct content on both machines, but if I save the html file the production machine's source is wrong.
For example, if for step 1 the output should be just the letter A, and step 2 the output should be just the letter B, and step 3 the output should be the letter C, here is what happens:
Step 1:
Production - The source and output are both the letter A
Dev - the source and output are both the letter A
Step 2:
Production - the source is the letter A and the ouput on the browser is the letter B
Dev - the source and output on the browser are both the letter B
Step 3:
Production - the source is the letter A and the ouput on the browser is the letter C
Dev - the source and output on the browser are both the letter C
Is this some issue with SessionState? I'm very new to Multiviews and by no means an ASP expert.
View 1 Replies
Apr 9, 2010
I'm attempting to set a class on the body tag in my asp.net site which uses a master page and content web forms. I simply want to be able to do this by adding a bodycssclass property (see below) to the content web form page directive.
It works through the solution below but when i attempt to view Default.aspx the Content1 control loses its content.
Here is how I'm doing it. I have a master page with the following content:
[code]....
View 2 Replies
