I believe from reading various bits online that Application and Session data can be read from the page file, memory or crash dump. I'm not too concerned about that. My question is, can the values held be altered?Situation is licencing to a third party. They run the web app on their own servers. I have created a signed but unencrypted licence file that is readable but tamperproof. After checking that it hasn't been tampered with I want to read and save the licence information
into the Application object. Could someone with server administrator permissions change the licence information held in the Application object?
I want to make my application XSS proof. It should able to resist all types of cross site scripting attack, javascript injection attack, attribute attack etc.
We are looking for very sound solution, not just Server.HTMlEncode(...).
Points:
1. All client side call should be enclosed in double quotes.We are really looking for strong remedation.
I have a form that submits the game score. Is there any way to check whether that game score is not tampered during submission. I am using POST method, for GET method we can use HASH, but i am looking for POST method
I am tinkering with Web Gardens in ASP.NET with IIS 6.0. Multiple sources (Source1 Source2) explain how InProc Session does not fly well with Web Gardens. I built a program to prove it, but the results are difficult to explain. I set the Maximum # of worker processes to 1000 in IIS.I create a web app that stores a string in Session and retrieves the value with a button click. Run web app in IE, FF, and Blackberry browsers.
The Request.UrlReferrer doesn't always have a value and it's possible to populate it with some logic but there are third party tools out there that know what website the user visited before coming to my site. How are they getting this data? That's what I want to use to figure out what page my users are coming from -- whether internal page or external.
Unfortunately, I get the following error message:Message="The ORDER BY clause is invalid in views, inline functions, derived tables, subqueries, and common table expressions, unless TOP or FOR XML is also specified."
I am trying to run the 15 minutes movies MVC application but I got the following error:
Object reference not set to an instance of an object.
Description:
An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
What is wrong with this code? The error is Object reference not set to an instance of an object.
I have the below code in my class, then on the login page i need the GUID so i can perform a lookup in one of our custom tables. But then the error above pops up before the page even loads at the line Guid guid = (Guid)userInfo.ProviderUserKey;
I am working with telerik and currently designing a Login Control. But however I am getting this error :
[Code]....
The code files are : Aspx : [Code]....
And the C# : [Code]....
I am getting this particular error from few days in various cases, some problems are solved in turn around ways, but I don't know how to solve this one. I am facing trouble in understanding FindControl() method.
I've been trying to figure out a way to solve this but still i wasn't able to solve it. Here's the scenario i'm creating a login page and i'm trying to restrict users from accessing certain page. They need to login first before they can access the page. examin the codes below:
I have to implement broker and dealer socket connection like in share market i.e. it should connect at 9 AM and stop at 3.30 PM and repeat in next morning ...
so following is my requirement
1) i have to create application object once in day at 9 AM and destroyed at particular end day 3.30 PM.
My question is how to destroyed application object at given particular time ... i think this can be done in application_end handler in global.asax ... but my question is when no request is made at that time then what happened..
a. I want to have User A as a common user for both application X and Y. b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
Security Exception Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
Here is 2 web applications: 1 is asp.net, another is J2EE base webapplication.Both them are using same AD ( e.g. DomainTest ) as authentication source.Question here:1. User log in the asp.net application ( form based log in DomainTest, not IE prompt authencation dialog ), on the left navigation ( link to J2EE web application), just click this link, SSO to J2EE application.I think should transfer identity token from asp.net to J2EE, but don't know how, and for JSP, how to modify it to use token tranferd from asp.net ?
I am making application in asp.net and I wanted to implement security features in my application I want help from you experts with good logic on implementing security Field Level, Button Level and different DIV section level security. Where I wanted like read only, addition, edit and delete and also I can make Groups and then assign user in that so that group security I can give. Customize security for some users.I am ready to use some DLL or Active X which give me above.
Before I was using database for security logic where in I was putting some codes in comma format and was looking that for specific control on form load but it have disadvantage that when some user have access to database that can alter make problem.
I'm teaching myself ASP.NET MVC, and am trying to figure out where best to put a function which takes in an Models.Address instance and returns an IHtmlString instance which reads something like:
Line 1<br /> Line 2<br /> City, State
The string could be used in many places throughout my project, so I don't want to write it in one view and have to keep copy-pasting it or attaching that view: By the same logic attaching it to ViewData seems like a bad idea. However, the HtmlEncode method requires an instance of server, which means I can't add the function to the model class either.
Is there a right place to put this - some sort of shared view? (does this belong in the master?) Or am I going about this all wrong?
My current best idea is to create a ViewModel with the method public IHtmlString FormatAddress(Address address, HttpServerUtility server), but I don't know if that's the ASP.NET MVC way to do it.
After the last line of code both: CredentialCache.DefaultCredentials and CredentialCache.DefaultNetworkCredentials are still empty.
I know that the identity is right because the following property shows the right domainuser account I'm using: Request.LogonUserIdentity.Name => "domainuser"
