Security :: How To Concerns With Allowing Post Login Information
Oct 5, 2010
I have a third party company that we need to allow they users to pass into our website without loging in. TO keep it easy I was thinking of having them post to a custom login page on my site.
So their code would be something like this:
[Code]....
My landing/login page would do soemthign liek this.
[Code]....
My question is whether there are any security issues when using this kind of method? I am not sure yet what their site is written in. I figured that they could figure out how to do the post as long as I have the landing page for them and there is no security issues.
View 4 Replies
Similar Messages:
Jun 14, 2010
I have a site almost finished that uses ASP.Net membership, forms authentication and roles. There are one or two requirements remaining and I'm not even sure how to properly approach one of them.
The site I've created is going to provide service ONLY through SSL, if that matters. Yes, I'll redirect a request that lands on port 80 but the intent is to encrypt everything.
Is there a "best practice" for creating a session with my site, from another site? In other words the company is building a marketing page that has spaces for a login and password. I can find lots of posts about passing a username and password to another
site to start a session, but very few if any about receiving the username and password.
If anyone can point me to an article or posting with a code sample where the login control of a forms-authenticated site is used as the target of a form hosted as part of a different web page/application on a different host, it'd be awesome.
To be clear, the scenario is essentially "brochureware website on a 3rd-party host" providing the visitor the ability to log in to a secure site on a more "internal" server.
View 1 Replies
Aug 6, 2010
I have an ASP.net application hosted on Win2003 server. When I set the Authenticated Access to just Integrated Windows Authentication, IE7 & IE8 started failing in loging into the site with an error 401.1 ("You are not authorized to view this page"). But Firefox has no issues in loging into the site. why IE is failing to login with Integrated Windows Authentication where FireFox works perfectly?
View 1 Replies
Jul 2, 2010
I needed a way to let the people who use my websites edit certain content.
I had no luck in dealing with DotNetnuke, Umbraco and other CMS packages out.
So what I did instead was, I used labels to hold the content of certain pages, and I allow users, only if they have administrator rights, to edit that content by using a free text editor called FreeTextBox, which is an state of the art control.
it works like this:
If (admin)
{
textEditor.visible = true;
lblContent.text = textEditor.text;
}
It does what I want it to do.
Since I'm not very experinced I'm worried that this approach may expose my web application to security risks, or there might be a better way of doing this.
View 1 Replies
Feb 25, 2011
where the login information is stored in our directory?
View 4 Replies
Mar 3, 2011
I have a website that is associated with a PC Application.
The website uses forms security to restrict access to the Information on the PC Application to users with a specific role.
Is it possible to have a link to a page that has sufficient information contained in it to automatically log in and display a page in a restricted area?
I am thinking of something like the confirmation emails you get when registering with a website. They often have encrypted text as part of the link and automatically log you back in to the website when clicked.
View 5 Replies
Jul 27, 2010
I have created a login form through VS 2008 using C#. There are 5 different aspx pages in my application.
1)Default.aspx: It contains only a hyperlink to direct the user to login.aspx page.
2)Login.aspx: This page has texbox for Username and Password, sign in button, textbox for displaying error and hyperlink (Create an Account) if the user does not created an account yet.
Here is Login.aspx code:
[Code]....
Now, I want to do following with my application.
If the user already has an account, he can put his username and password and click on the sign in button. If the username is existed in databse, application should compare the user input with database and if both are matched then the application should redirect the user to "welcome.aspx". If username does not exist it should show that Username does not exist.
View 9 Replies
Aug 2, 2010
I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .
Is there any way to passing user information across secure connection??
View 2 Replies
Feb 11, 2011
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
View 1 Replies
Jan 23, 2010
i have a secure ASP.net application ,login page and all these stuffs, i want to create a windows desktop application for some resones but i want to use the same security of the asp.net , is there anyway to get the login information of the asp.net to login to my windows desktop application?
View 1 Replies
Feb 11, 2010
It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
View 1 Replies
Feb 13, 2011
My employer would like me to create a login page with our logo that:
1.User enter their login and password on our page
2.posts the login/password to the form on one of our client's login pages
3. Takes them user to the client's site, logged in.
I tried searching but most examples don't show how I can then bring the user to the client url, logged in. Any suggestions? Thanks.
View 3 Replies
Aug 27, 2010
What is the best approach to allowing users to create accounts and allow them to login later?am thinking of passing all the user information into an attached SQL database, so that when users login l can lod their profilee and allow them to add data on their profile
View 1 Replies
Jan 21, 2010
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
View 2 Replies
Feb 26, 2010
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
View 4 Replies
Jul 9, 2010
I've noticed that setting ValidateRequest="true" on the page blocks input of the form • but not • - which are the same characters. Does anyone know why the first type is not allowed but the second type is?I really could not find a place where it defines what is meant by dangerous script and what is actually blocked when the ValidateRequest is set to true.
View 3 Replies
Jan 30, 2011
I have a CMS page that allows the user to paste in or type HTML code into a TextBox in a FormView, then do an INSERT or UPDATE operation to an nvarchar(MAX) column in an SQL table. This is using an ObjectDataSource that refers to an insert or update method in a TableAdapter in my dataset.
When testing, the server initially warned me when I tried to input or update text containing HTML code; so I set the validateRequest="false" in my page header.
I gather this can be a serious security risk. What's the proper way to "validate" the string being input? Am I opening the database to SQL injection?
Only the site administrator has access to the CMS, but malicious could theoretically bust their way in...
View 1 Replies
Dec 28, 2010
The Register action gets called in the Account controller, showing the RegisterViewModel in the Register.aspx view. The form in Register.aspx is submitted/posted with answers to all of the form questions, except for the security question answers. If the user is created successfully, then I'd like to go to the GoToSecurityQuestions view using the code - return RedirectToAction("GoToSecurityQuestions", "Account"); I need to be able to keep track of the user name or ID of the newly created user so that I can persist the security questions to the database records related to the user. What's the best way to keep track of the user info between the [HttpPost] Register( ) and the [HttpGet] GoToSecurityQuestions( ) ?
[HttpGet]
public ViewResult Register()
{ return View(new RegisterViewModel()); }
[Code]....
[Code]....
[Code]....
[Code]....
View 2 Replies
Mar 28, 2011
I have a Dialog (Modal), where I'll register one (or several) contact.
the contact goes to a gridview, where they may be edited or deleted.
the data in the Gridview, can only be saved in the database at the end of the process.
How can I achieve this?
Modal code
[Code]....
OBS.:
I don't have a good sample of CSharp or html code, 'cuz i don't know how to achieve this. All my code look messy atm (trying a lot of things already) My GridView is an ascx, and the modal is in the same ascx. I belive some temporary table, or something like this will help, but i never did something like it (looks like a shop cart software), and i don't even know how look for it.
EDIT:
i did this code:
CSharp code:
[Code]....
i create one temporary gridview, but the data is empty, i tried pull it from my text in the modal, but i was not able to, i'm i'm not familiar in how i'll get the data from gridview to my database. (i believe this is the easier part, then i not focused at it in the moment)
View 1 Replies
Apr 12, 2010
After reading a book I brought on ASP.net I fould the login controls to be very nice.I have set it up in my application so that customers can login using the standaard login controls and things were going smooth.But in my schema for my application I also have a table for customers (firstName, LastName, DOB, etc).And of course the customersID is used as a foreign key to tables such as Orders, Addresses (Home, Work, Postal).
The thing is how to i associate an asp.net login to a customer name in my table so that the CustomerID can be used through the application by knowing who is logged in.
View 7 Replies
May 29, 2010
I am using MVC 2 right out of the box, and the control gives the login and seems to work wonderfully. Now I am trying to find out the userId of the person who is logged in, so that i can retrieve information that is only needed for that one person. How do i find out how is logged in?
View 2 Replies
Sep 21, 2010
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
View 4 Replies
Nov 3, 2010
I have been working on this project for a few months in VS2008.. now that we are getting closer to the end, one of the other programmers has been working and doing his in VS2010, so when i try to open his projects in VS2008 it just shows up as XML.. so i have to open in VS2010.. thats fine..
But if i try to open my project in 2010, it prompts to use the conversion wizard.. Should i be concerned or are there any issues with doing the conversion? Being the end of the project, i dont want to cause issues at this point.. So would like to know if converting the project file at this stage in our project a good idea? Will there be any issues using his code with mine since they were developed in 2 different versions..
View 1 Replies
Jun 25, 2010
I have to implement facebook login and also want to get logged in user's information like birthday,firstname, Email address.
I have already done some other stuff like recent activities etc of facebook using javascript SDK of facebook.
i am developing application in ASP.Net (C#).
How can i get user information.
View 1 Replies
Dec 23, 2013
I want to show all information as like facebook
I want to store client information on login time .as fallowsÂ
1. which day you login
2. which place 3.
login from computer or other device etc...
View 1 Replies
