it's possible to protect aspx page from modification in a production environment?
I explain: We are developping a web application that is installed in our customers environments so once it's installed we don't manage it.
This application manages critical and encrypted data that the IT (of our customer) should not have access to, for instance their customer's password. So I would like to know if it's possible to prevent any modification of the aspx page to insert script to retrieve session data or catch keyboard entries once the web application is installed.
I have started to get confused with the setting and security issues of asp.net. Hope someone could answer me. Problem 1: I am curious why we have to encrypt connection string, appsetting and more in the web.config file even though file listing is set to "not allowed" on server setting. Does it mean some strangers can still view and steal such file from server? Problem 2: I know that session id is sort of protected but could hacker be able to change the information inside ? Let say hacker browser my webpage and some data are stored in the session cookies, could they change the information inside the session cookies?
Is this possible to get the details like size, creationdate, modification date of a file hosted at some ftp server? I can download/upload files to ftp directory using ASP.Net but my requirment is to download the last modified file. So can we sort files of a ftp directory by modified date using ASP.Net code?
I am trying to save the xml file after modification in a diffrent location. the code is as belowServices.Save(Server.MapPath("~/ResourceFiles/data.xml"))I have given full control permission to the folder. Now sometimes the file saves properly and some times it does not save. OS is Windows 2003 server 64 bit.
I am using membership management and role management. As login controls transfer data in plain text, I am encrypting userid/password in javascript and decrypting in serverside code.
Client side javascript:
[Code]....
If i am commenting these last two lines in javascript code.
I am using file upload option in asp.net web application,how to display filename, date and time of file creation,modification date of file that we browse.
I have the following webconfig file that redirects (once logged in) a specific user...but for some reason it's not seeing the redirect location. So, for some reason when john123 log's in he doesn't get sent to superUser.aspx. It's as if it's not seeing the location path.
I have a simple login screen that now has to receive its parameters from another web site. I am not sure what we have to do. The other web site, will get the user id and password. the person there is asking me, does he just redirect user tohttp://reports.ourwebsite.com:90/login.aspx?username=Bill&password=testthis is the codes: First is Login.aspx<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="Reports.Login" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> xmlns="http://www.w3.org/1999/xhtml"
I have a folder called /Error in the root directory for an ASP.Net site. The site is completely public, so there is no authentication of users. Inside the Error folder, I have a file called errorlog.aspx, where I log unhandled exceptions. I don't want the public to be able to view this file. I created a web.config file inside the Error folder.
[Code]....
However, I'm still able to view errorlog.aspx by typing the URL into the browser. What am I missing?
i would like to know if there's a combo like jCryption (jCryption) - PHP but for jQuery - ASPX.I mean, I have been searching for a combo to send data both ways (Client-server, server-client) with jQuery to ASPX. The best I found was jCryption that sends data from JavaScrpit to PHP. I need a combo to send data from JavaScrpit to ASPX.
PD: Please don't tell me to use HTTPS, it's not enough to ensure the data communication on a client - server application.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
I am able to access the controls of ".aspx" file in ".aspx.cs" directly without any declaration in ".aspx.cs" or in designer.cs. How is this possible? This is happeing only if I open website as using File System.
Create a new ASP.NET web site application with Visual Studio 2008. So following three files will be created automatically
[code]...
How btnSave is being recognized by .cs file without defining it anywhere as an object of System.Web.UI.WebControls.Button?
When I update a js file in my asp.net project, I refresh the browser and the change shows up as expected. If I change a css file or an .aspx file, the change does not show in the browser. Not when I clear the browser's cache, not when I restart IIS (iisrestart). What could this possibly be?
I work in VS 2008. Whenver I add a server control(Label) and set it properties in aspx.vb and build the solution, I get the error "Label1 not declared". While analyzing this issue I noticed that the event handler statements for the Label1 where not added in the designer.asp.vb file. These statement would actually be added automatically when I drag and drop a control to my webpage.
I would also like to inform the scenario after which this problem came to me. I was working in VS 2008 , VS 2005 and VS 2003 in the same machine.Could this have caused the issue ?
Now each and everytime when I add a control, I am adding the "With Events" code in the designer page to make my build succesfull which makes me to spend more efforts.
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
My project is to create a UI where school districts can select dates for a school calendar.
On my calendar page I have a Calendar control, a text box for date and a select box for events. In the code behind I modified the DayRender event handler to add color to the calendar depending upon the event for that date: Holidays are green, School opens is pink, Teacher Inservice days are Aqua, etc. This all works fine. However, when I tried adding a letter to the date to correspond to the event; "O" for school open, "I" for Inservice, etc. I get multiple entries "OO", "II", etc.
I'm trying to develop a simple web application where I need to redirect to main.aspx after successful login attempt in login.aspx page.However,it is redirecting the page to defualt.aspx... Is there a way to redirect my application to main.aspx??
My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008. After that I have enabled security adding this section to the web config:
