How do i perform signing sensitive data in WebApp?
My algoritm:
[Code]....
The code above works in WinApp but doesn't in WebApp .
Can you fix the code above so it can run under WebApp -or- other method to protect sensitive data from modifying?
I'm teaching myself ASP.net. I'm creating an application that needs to store sensitive data. So, I found the following Blog to encrypt and decrypt data.
[URL]
I'm sure it's my app, but I wanted to make sure I'm not missing anything obvious. For some reason, my app and Encryptor only works when I pass < then 7 characters. If a pass 8, it doesn't commit to the database. If I remove Encryptor, the app will store
Im saving sensitive data from my asp.net web app back to a database on another server. I have set up encryption on the database. Do I need to set up more encryption in the code behind of the web app and encrypt the data there then pass the data to the database or should I pass it as it is and then encrypt it in my stored procedure.
View 1 RepliesIm passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?
View 4 RepliesI have a website that needs me to use ActiveX. and there is a security policy in my office that needs me to DIGITALLY SIGNING the ActiveX ?[URL]but still couldnt understand what is the actual step that i should do. plus , the link is broken. does anyone know how to do it ?
View 1 Repliescan u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.
View 1 RepliesI am new in my orgainisation and i am assigned a task relating to Windows Authentication. But I've never worked with windows authentication and IIS before.
My Task is: Create simple webapp which shows the authenticated user (i.e. if I connect, it will show myName). It shud be working in IIS7.5 as well.
Error:Â
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
i have used "advapi32.dll" and "crypt32.dll" dlls in my application for signing the sensitive data.This is working absolutely fine when i am running my asp.net application from solution explorer(directly).But the problem arises when i am hosting this application in IIS.The application does not ask for the Pin Number of the token while signing the data.
View 1 RepliesI have 2 web sites both located physically on the same web server, I'll call them siteA and siteB. These sites are accessed by internal users on our intranet as well as external users on the internet.
SiteA is is setup on IIS6 using basic authentication which we connect to an active directory. The web config is set to use Windows authentication mode. The url to site a is etoolbox.xxx.yyy
SiteB is the same setup. The url to siteB is rdow.xxx.yyy
What I want is once the user is authenticated against the active directory when the login to SITEA for them to be able to click the url in siteA which opens SiteB in a separate browser window and automatically takes them to the welcome page without being prompted for credentials again.
Currently when clicking on the url to go to siteB I am being prompted again for my credentials.
Is there any way for both external and internal users to only be prompted once for their active directory credentials and then be able to go to whatever site they want to without be prompted for credentials again? Is this something I have to code for or is it handled automatically by IIS?
I have inserted a login page using createuserwizard. but RequiredFieldValidator and CompareValidator does not perform at all and even all textboxes are blank, page is submitted and a record created in database
View 3 RepliesI am using .net membership. How can i perform search on the bases of member properties?
View 2 RepliesI have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domainuser" ... but when the page is hosted on a IIS server, the returned value is always blank.
Let's say a control X has a template called RowTemplate.
So X's markup would be like:
<foo:X>
<RowTemplate>
<foo:Y>...</foo:Y>
</RowTemplate>
</foo:X>
My question is: How can the Y control be sensitive to the data context? I know I can use template inline tags to get access to the data context: <%# Eval("Id") %>, but I cannot pass this information to Y because template inline tags are not allowed in server controls.
So I don't know how I could use the Object's Id (Eval("Id")) in Y.
i have an dll file which is data access layer of my application.
i am getting this exception while accessing databse
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission contact your system administrator or change the application's trust level in the configuration file.
Exception Details:
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I'm looking to write some script that checks that: The current user of whom is logged in has the correct authority credentials. NB: Script in C# before I continue. To give a bit more background. The SQL DB Table for AdminUsers has a field 'Authority' this is linked to another table (Authority) which has the values/different levels of authority in them. Thus, if aN admin user whose Authority level is just listed as 'user', for example, in the database and wants to edit information that requires 'Supeuser' authority level - it cannot be performed and is redirected to another page. In detail, my particular page, the operation is being done via a ASP Button within a ASP Repeater. Of each record that occurs there is the button that, once pressed, updates the field in the database (in this case for a Guestbook table which has a 'Moderated' field of 'bit/bool' data type, changing it from false to true (or 0/1)). To allow that entry to be displayed on the front-end for public viewing. All this can onyl happen on the basis of, as previously stated, their authority is of the appropriate level. Here is what my attempt was. The outcome of which simply redirects to the 'Unauthorised' page, despite the user logged in having the correct authority credentials.
ASP - GuestbookMod.aspx:
[Code]....
C# - GuestbookMod.aspx:
[Code]....
LINQ to SQL - Guestbook.cs 'Mod' Method:
[Code]....
For the solution, I cannot use any event handling methods, because my webapp is fully ajax based and no complete postback is possible. So here's the problem.I have a `List<WebPage>` that contains a list of Links `(List<Link>)` and I need for all the links to bind repetitive information such as page title, id, url. Here is my current repeater.
<div id="result">
<asp:Repeater runat="server" id="results">
<Itemtemplate> [code]....
We are having issues with emails being sent to places like Yahoo that if you do not sign your emails with DomainKey they do not even put in spam folder. Has anyone had any experience with this and have advice on how we can do this? Does it work?
View 3 RepliesI am making a database with SQL server 2008 express edition and trying to make a GUID for new users signing up. I have the UserID field as a NVARCHAR(36) with a default value of NEWID() but all it keeps providing are all 0's for all 36 characters. How do I fix it where it provides a true GUID with all random letters/number?
View 1 RepliesI have wav/mp3 files that I want to grant access to only users after signing into my webapp. I have the user credentials being checked through a mySQL db. I do not want the files to be able to be accessed by url. I have found that adding the mime type to the web.config section at
[Code]....
will disallow access to the files by url, but how can I allow access programmically to the files after signing in?? Currently using godaddy hosting.
I've recently upgraded to WIndows 7. When I try to sing the assembly in VS2010 I get an "Access is denied" error. I am logged as admin so I'm puzzled. What service account does VS uses that I should elevate its privilages?
View 1 RepliesSigning Soap request with Digital Keystore generated via - KeyGen
[Code]....
I have a validator on a textbox that validates against a list to ensure that the user doesn't input the same name. When testing it, if I type in the same name including the same case structure, it returns an error. If I change one letter to a different case, it doesn't return an error but rather my SQL server returns a duplicate error. How do I change the server-side validator so that it picks up duplicate names regardless of case?
View 4 RepliesI have situation where I need to authenticate a client across multiple web services. Basically each service needs to identify the client and know a few other small pieces of information about the client.
The way I have it working now is that the needed identifying information is stored in a session table in a database by the authenticating web server. The web server hands the client an string, which IDs the database entry and gets passed to the other web services. The web services then use this string to pull the needed information about the client from the database entry.
It has occurred to me that it might be possible to give the client an encrypted blob that contains the user ID and other needed information, which is rather small, and avoid using the database for this completely. The client would just pass around the blob (like the string in the previous paragraph) without needing to know what it contains, and only the web services would know how to decrypt it.
This should eliminate the need for the database to store the session information and would make the whole process a good bit simpler. With the database you have to worry about cleaning up old sessions and timeouts and so on.
So my question: is passing around sensitive data from service to service via client considered safe and acceptable? Is it possible to do this in a way that would eliminate worry about the client tampering with the data? What encryption algorithms would be good to use?
I've been working on an asp web application, which involves the user registering details of a person, including an image of the person. The file name of the details/image are stored in a SQL database with the image filename storied in an NVARCHAR column, rather than storing the actual image in the DB.I created a directory C:Images to which the image files would be stored by the application. The application works correctly in as far as it moves the images to this location, but when I open the page which would display the details/image the image never renders.
I got round this during development by having the image stored in a folder which was part of the project, but after release of the project to the server, the application refuses to allow the image to be saved in any directories within C:Inetpubwwwroot .So I need find out why the images won't render when they are stored in folders not within the project.I've checked the source of the HTML page which also points to the correct location and file name:
img id="ctl00_MainContent_CandidateImage" src="C:Imagesapplicant11.jpg" alt="Candidate Image" style="border-width:1px;border-style:solid;height:208px;width:208px;"
The code behind page renders the image in the code below:
// CandidatePhoto filename retrieved from DB.
CandidateImage.ImageUrl = "C:\Images\" + CandidatePhoto;