Security :: How To View Only The Wegpage Content That Was Delivered Securely
Dec 18, 2010
When i run my page on https it giving me error Do you want to view only the web page content that was delivered securely?
This web page contains content that will not be delivered using a secure https connection. Which could compromise the security of the entire web page. This error i am getting when running it in IE8 In Morzilla i am having warning...Contains Unauthenticated Content. i have checked my page source code but not find any http content all are having relative path etc.
I'm building a website for a client on which they want site visitors to be able to fill out a form with the relevant information along with their credit card details, and when they submit the form, the information will be sent to the client in an email. This is an experimental services that they're offering so they're not interested in real time credit card processing yet. If I just zip the collected data up into a password protected zip file, and send that in an email to the client, would it be secure? Or do I have to go further than that to secure the data?
I have a CMS page that allows the user to paste in or type HTML code into a TextBox in a FormView, then do an INSERT or UPDATE operation to an nvarchar(MAX) column in an SQL table. This is using an ObjectDataSource that refers to an insert or update method in a TableAdapter in my dataset.
When testing, the server initially warned me when I tried to input or update text containing HTML code; so I set the validateRequest="false" in my page header.
I gather this can be a serious security risk. What's the proper way to "validate" the string being input? Am I opening the database to SQL injection?
Only the site administrator has access to the CMS, but malicious could theoretically bust their way in...
Is there a way to check if SmtpClient successfully delivered an email? SmtpClient.Send() does not appear to return anything other than an exception. So if the method completes is it safe to assume the email will be successfully sent to the appropriate email box? My code is below:
MailMessage emailMessage = new MailMessage(); emailMessage.Subject = SubjectText; emailMessage.IsBodyHtml = IsBodyHtml; emailMessage.Body = BodyText; emailMessage.From = new MailAddress(Settings.Default.FromEmail,Settings.Default.FromDisplayName); //add recipients foreach (string recipientAddress in RecipientAddresses.Split(new char[{','},StringSplitOptions.RemoveEmptyEntries)) emailMessage.To.Add(recipientAddress); using (SmtpClient smtpClient = new SmtpClient()) { smtpClient.Send(emailMessage); }
I have 2 web sites running on the same server. Web1 needs to transfer data to web2 (same web server, different webs), passing sensitive data from one to the next. The browser will be using https. Are cookies possible/advisable here? My initial thoughts where to encrypt the data and pass through the querystring, both sites using a shared key. Perhaps also pass an encrypted expiration date to prevent the url from being reused in history if it's on a shared computer. Figuring it's https and encrypted, initially it sounds ok. However, my gut tells me its unsecure. Another option is a session server but that seems a bit overkill for what I'm after.
What is the best way to securely transfer a single piece of data from 1 site to the next on the same web and do it relatively simply?
I am doing a project using asp.net/C# in three tier architecture .I have created a gridview with textboxes inside I have to get the name in the textbox by selecting the ID in another textbox. I have done the autocompletion in the textbox for ID using Ajax .Now I have to set the corresponding name to the selected ID retrieved from the database as the content of the textbox for name .I have tried to get the ID but I dont know in which event should i write the coding and how to get it .
I'm migrating from the website model to the web project model. In the past I used ssl/ftp (server is IIS7) to upload a website. The host (DiscountASP.NET) using VS2008 Publish to upload a project. VS2008 displays the alert that the password will pass in the clear. So ... what is the best practices approach to publishing a project?
1. SSL/FTP (not sure of the implications re: site compilation) 2. VS2008 Publish 3. VS2008 Web Deployment Projects
How to access to the folder drive by using VB.NET or C# in the code-behind (securely: with username and password) for the users to be able to view images on the popup window?
See the code :
Protected Sub BtnServerDrive_Click(sender As Object, e As EventArgs) Handles BtnServerDrive.Click Dim PartNumber As String = txtPartNumber.Text.Trim() 'Calculate the folder 4540 like container Dim NumContainer as string = txtPartNumber.Text.Trim() NumContainer = (txtPartNumber.Text.Trim / 1000 + 1).toString.Split(".").First
[Code] ....
How to achieve this results to access to the server drive to get images for view by using VB.NET or C# in code-behind. Servermappath, UNC, or else?
I have a problem with the below one. This Javascript:void(0) is stopping me from showing the page securely with https. What is it actually? I have no idea about javascript.
This file has the name js/unitpngfix.js*...i tried to see if it is being used anywhere. Yes, it is being used and all the pages that use this will not be shown as https. In the Master page, it was used like this
I have looked all over for elegant solutions to this not so age-old question. How can I lock down form elements within an ASP.Net MVC View, without adding if...then logic all over the place? Ideally the BaseController, either from OnAuthorization, or OnResultExecultion, would check the rendering form elements and hide/not render them based on role and scope. Another approach I have considered is writing some sort of custom attributes, so as to stay consistent with how how we lock down ActionResults with [Authorize]. Is this even possible without passing a list of hidden objects to the view and putting if's all over? Other background info: We will have a database that will tell us at execution time (based on user role/scope) what elements will be hidden. We are using MVC3 with Razor Viewengine. We're utilizing a BaseController where any of the Controller methods can be overridden.
have a web in which there are different areas i have a 1 admin which manage all things like news, Events, Notices, Logs, Forums, Publications etc.........i want assign user rights that select user view only Noticesselect user view only Logsselect user view only Newsetc....
Which Control i can use to view HTML Content which is i saved in db with its Text Format Like Color,Font Size , Font Name .... so which control i can use to view that Formatted HTML Content
I have an image in a particular View that an authorized user can replace with an uploaded image. Once the upload is started, a form POST action rolls in a Controller method named Upload (very clever on that part). After the image is successfully saved (to the same source location as the image source in the View), a RedirectToAction is called to re-render the View.Everything works, except that the old image is still displayed. If I reload the View, the new image shows correctly. Since I called RedirectToAction and ran the Controller method to return that View after the file was saved, I expected to have the changes shown without a manual browswer refresh. Why is this occurring?
so I see these opinions/tutorials about serving static content to support views, from files that co-reside in directories with those views:http://forums.asp.net/p/1258895/2347379.aspx#2347379http://haacked.com/archive/2008/06/25/aspnetmvc-block-view-access.aspxIn the second article, Phil says view-adjacent static content was default-enabled at the time (over a year ago). Unfortunately, though, I reference:
[Code]....
and by default ASP.NET is trying to find it adjacent to my view, which (voila!) is disabled by default. Grr. :)What is the out-of-box IDE-assisted way to reference view-specific static content that doesn't require hardcoding directory tree structures into my path, and also doesn't require ALL of my assets to be in a single folder?Or, if I do it the "unpure" way like I'll probably do if I don't get other ideas (by modifying /Views/Web.Config HttpFileNotFoundHandler), should I block anything unsafe besides .ASCX, .ASPX, and .MASTER that is likely to show up in my views folder?
I'm working trying to realize a requirement where the pages should be 'configurable' at runtime (per client), stored in a database - a requirement that I have no say in Anyway, the current plan is to use the Razor view engine and 'load' the 'pages' dynamically. I have a basic sample working using a VirtualPathProvider and VirtualFile that serves up Raz'pages' on the fly.The question I have if there is a better approach when I have the Razor 'pages' stored in a dB (or any other repository)?
There seems to be some constraints and concerns when I check other postings. For example:'If a Web site is precompiled for deployment, content provided by a VirtualPathProvider instance is not compiled, and noVirtualPathProvider instances are used by the precompiled site.' (from http://msdn.microsoft.com/en-us/library/system.web.hosting.virtualpathprovider.aspx )
I have an ASP.NET MVC view. I want the view to load and then do a post using ajax to load some secondary content. I know the Ajax.ActionLink methods etc. but I want the post to happen automatically when the page is loaded. And not based on some user action.
I have developed an ASP.NET MVC 2 application on Framework 4. I have an 'Administration' link on the home page. My query is, what is the best approach of displaying the 'Administration' link only to the users in the role administrator and hiding it from others keeping in mind the Seperation of Concern bit.
I'm building an ASP.NET MVC 2 site where I'm using the OutputCache parameter heavily. However, I have a concern: using such caching may interfere with authentication.On all of my pages, I display whether the user is logged in or not. Furthermore, in some of my Views, I do filtering based on user role to determine whether or not to display some page content (for example, the Edit link on one of my pages is only shown to users in the roles of Moderator or Administrator)
In any strongly-typed View, I can test for a value within the Model and display content within the View, or not, as I choose. I'm having fits trying to get this same thing to work within the Master View. Since the Master View doesn't have its own Controller, but rather uses the Controller of whatever View is being rendered at the time, it's not like I can assign an object for the Master View to inherit from as I can with a normal View. Or at least I don't know how. I've also tried setting ViewData within a base Controller class, but that hasn't worked out, and is the subject of another thread.
When any View loads, I want to be able to run a check for the current user's security group (not ASP.NET roles, but a special object for the current project). Based on their security group I'll either show certain menu items or not, and direct them to a default View for their group. I suppose that in the default Controller that rolls when the project starts, I can do a check and redirect to an action based on the security group, but that still doesn't tell me how to render out menu items based on
Is it possible to edit the content of a view from a action filter.
What I am working on is a Resourcemanager that I can use to manage
my style sheets, js and other resources. I want to be able to put
lines in the the view any where like Html.ResourceManager.AddScriptFile("MyScript")
or Html.ResourceManager.AddCSSFile("MyCSS")
and at the end of the view call Html.Render(); this would then place the content of my resources at this point. My problem is that I want to put the CSS stuff at the top of the view, but them problem is that it is renderend at the end of the view, so I tought that I could use a ActionFilter to move it to the top of the view.
1) What would be the best way to do this task ?
2) Is there any resources that describe the way that the MVC framework works in more detail ?
I don't know if this is a basic question or not as I'm brand new to master pages.
I am using VS2010 and an automatically generated asp.net (C#) website. It created the site.master for me which I then edited to give the look for my site.
For some reason I can't drag and drop controls from the toolbox onto each of my content pages. I know I can add them in code but they then don't get added to the designer.cs file and of course if I add them manually they'll get overwritten at the next build.
As I say, I don't know if this is normal behaviour or not but I need to know how to add controls to my automatically generated ContentPlaceHolder with it's associated aspx file with Content tags.
I want to use ajax html editor. I want to store the content of it in a ms access database and how can I do that? editor1.text is valid on this I guess. also do ı need to use ole object for that?I want to view it in datalist and how can I do that?
I have this issue: Let's say I have this content in a field of a database table
<p>Example text and content to be displayed in a view</p>
When I access this content in a view and request it to be displayed in a browser I get the text as it is above instead of the properly formatted HTML content like this
Example text and content to be displayed in a view
How do I make sure that the view outputs the content in HTML format?
