I want to make my application XSS proof. It should able to resist all types of cross site scripting attack, javascript injection attack, attribute attack etc.
We are looking for very sound solution, not just Server.HTMlEncode(...).
Points:
1. All client side call should be enclosed in double quotes.We are really looking for strong remedation.
I believe from reading various bits online that Application and Session data can be read from the page file, memory or crash dump. I'm not too concerned about that. My question is, can the values held be altered?Situation is licencing to a third party. They run the web app on their own servers. I have created a signed but unencrypted licence file that is readable but tamperproof. After checking that it hasn't been tampered with I want to read and save the licence information
into the Application object. Could someone with server administrator permissions change the licence information held in the Application object?
I am tinkering with Web Gardens in ASP.NET with IIS 6.0. Multiple sources (Source1 Source2) explain how InProc Session does not fly well with Web Gardens. I built a program to prove it, but the results are difficult to explain. I set the Maximum # of worker processes to 1000 in IIS.I create a web app that stores a string in Session and retrieves the value with a button click. Run web app in IE, FF, and Blackberry browsers.
View 1 RepliesThe Request.UrlReferrer doesn't always have a value and it's possible to populate it with some logic but there are third party tools out there that know what website the user visited before coming to my site. How are they getting this data? That's what I want to use to figure out what page my users are coming from -- whether internal page or external.
View 1 RepliesHere's my SQL Statement
[Code]....
Unfortunately, I get the following error message:Message="The ORDER BY clause is invalid in views, inline functions, derived tables, subqueries, and common table expressions, unless TOP or FOR XML is also specified."
I have tried fetching the ip from below mentioned methods
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] &
Request.UserHostAddress & Request.ServerVariables["REMOTE_ADDR"]
I have two .NET applications X and Y
a. I want to have User A as a common user for both application X and Y.
b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
Error:Â
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
View 3 RepliesNow a days my company started using some third party tool in our web application they aslo instructed to our team to make the dll for every web application
The steps for creating the dll for web application?
1)to use a web application to make a website why does no code behind file appear in code behind?2)when i deploy to a website I need to place the web app .dll in a bin folder on root.This works but to make any changes i need to compile and upload the aspx file as well as the new dll?
View 4 RepliesHere is 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest ) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?
View 3 RepliesAs the title says, I wan't to run some code when the application starts. I have a vague idea that there is probably an event in the application life cycle but I am a bit unsure and could do with pointing in the right direction. So how do I make code run when the application starts?
View 5 RepliesSo, after all and after all these projects that have been done. What is the best way and I should consider as standard in the furute to start any further ASP.NET Projects that are database driven.
I have done many using
1. Store procedures and classes
2. One class to handle all the add,delete,update ...etc functions
3. ADO.NET
4. Using sql statements directly on the code (I know not recommended, it was my first project) :))
..and so on
What method you recommend in the future that will save me code and errors and optimize my application speed as well.
I am new to asp.net, i am using .net 2.0.I am developing a web site where one of the function which i need to implement is to my application should download from data from another site and save it on server, based on the details specified by the user. i.e .. the web interface which i developed collects few information from user and generates a url. i am able to do this task ( In general if i copy this link and past it in browser it will download a zip file which will be happening at clinet side).. Now my problem is how to make my application to go to that url and download data and save it in server.
View 9 RepliesIs there a way to make a desktop application easily interfaceable via Web ? Meaning, can you have a way to interface with a single desktop application as if you were remote desktop'd into the machine but not? I am looking at doing this in ASP.NET or Silverlight.
View 2 Repliesi want to make 1 chatting application in asp.net, but i don't know nay thing abt that
1 requirement for making chat application
We have a website on IIS7 using ASP.NET Routing that seems as though it might be running out of resources.It just hangs after a few days, there is no error message or apparent crash.
We are making sure every .Open command is matched by a .Close command on the database connection.
We are doing the same with file Open/Close but there are very few of those.
In my application i used .resx files. Now i need to deploy my application in a single dll. Once i deploy and add this dll as a refernce in other client applications then the culture specific dlls are added under Bin directory in client application. I don't want this to happen. Should i embed or link the satellite assembly in my applicaion to avoid this? if so how to do this?
View 3 RepliesIn an asp.net mvc application, I would like to be able to generate views, where the routing engine will create all URLs that point to a different site, i.e. change the application path.
View 1 Replies the web should follow the REST principle and be completely stateless. Therefore a single URL should identify a single resource, without having to keep the navigation history of each user....and I read the Wikipedia page http://en.wikipedia.org/wiki/REST and it really sounds good, but I don't get how to actually implement it. I'm working in ASP .NET Webforms NOT MVC.
For example, in the application I am about to build - I need my user to Login before I allow them to do anything. There are a couple of hoops they have to jump through before they are allowed to do much useful - like Accept T's and C's and confirm their basic details are unchanged. Finally they are allowed to do somthing they really want like BuyAProduct!It seems to me (I come from the HEAVILY stateful world of the Rich client) that I need state to record what they have done and infer from that what they are allowed to do. I don't see how I can support them (say) bookmarking the BuyAProduct URI. When they arrive at the bookmark how do I know if they have logged in and if they agreed to the T's and C's and if they dutifully checked their basic details?
I love the idea of the app being stateless, partly because it seems to completely solve the problem of "What the heck do I do when the user clicks on the Back and Forward buttons?" I don't see how I can still get it to work properly. I feel I am missing somthing really fundamental about this.
can we make our own SSL or SSL macanism in SSL? Or please advice if there is any way that we can provide such security to web applicaiton without getting services from other companies ?
View 1 RepliesI have a project that uses a CSSHandler with images and css style sheets in the project root directory in their own folders (img, styles, App_themes). I also have a sub application that comes with a MasterPage. The sub application is located in a separate folder in the root directory with all its images, css, and pages. Functionally the sub application works, but the formatting is lost. The images and colors are not displayed. How can I make the sub application's css visible to its pages? It has probably something to do with the way the CSS handler delivers themes and css style sheets?
View 1 Replies