I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .
Is there any way to passing user information across secure connection??
I am currently working on an ASP.NET 3.5 and C# web application which deals with users private information like SSN numbers. What are some of the security measures which I need to take from an application development stand point to feel safe?
View 4 Replieswe have about 4 web applications in our company with seprated login pages, is it available to have a unique login page and after login let user choose what application he/she needs ?
View 4 RepliesI've two application ASP.NET (once is Mojo Portal). I can navigate from one to other using an URL token id.
To this way, by token, I create a new session and save the relative auth cookie.
But, sometimes, the asp web application don't keep the session and put me down. When this happen I can't login until the session cookies is not deleted.
Both the two application are behind an reverse proxy.
I have created custom a MembershipProvider, SessionIDManager, and SessionStateStore since I need to use custom legacy sessions and logins.. When the Application is ran, it runs the GetSessionID in the SessionIDManager(which is correct) The problem then is if there is no session meaning the GetSessionID method returns null, it tries to create a new session using CreateSessionID.. I want it to redirect to the login application(another application). We only create and store session information for logged in users and the "session id numbers" come from a file that is pre-populated with "session id numbers"(I didnt design this and its out of my control).. So its not feasable to give everyone who visits the site one of the "session id" numbers. I also need for users with an "invalid" session(when checked through Validate()) to be redirected to the login page.
View 4 Replieswhere the login information is stored in our directory?
View 4 RepliesI have a website that is associated with a PC Application.
The website uses forms security to restrict access to the Information on the PC Application to users with a specific role.
Is it possible to have a link to a page that has sufficient information contained in it to automatically log in and display a page in a restricted area?
I am thinking of something like the confirmation emails you get when registering with a website. They often have encrypted text as part of the link and automatically log you back in to the website when clicked.
I have created a login form through VS 2008 using C#. There are 5 different aspx pages in my application.
1)Default.aspx: It contains only a hyperlink to direct the user to login.aspx page.
2)Login.aspx: This page has texbox for Username and Password, sign in button, textbox for displaying error and hyperlink (Create an Account) if the user does not created an account yet.
Here is Login.aspx code:
[Code]....
Now, I want to do following with my application.
If the user already has an account, he can put his username and password and click on the sign in button. If the username is existed in databse, application should compare the user input with database and if both are matched then the application should redirect the user to "welcome.aspx". If username does not exist it should show that Username does not exist.
I have a third party company that we need to allow they users to pass into our website without loging in. TO keep it easy I was thinking of having them post to a custom login page on my site.
So their code would be something like this:
[Code]....
My landing/login page would do soemthign liek this.
[Code]....
My question is whether there are any security issues when using this kind of method? I am not sure yet what their site is written in. I figured that they could figure out how to do the post as long as I have the landing page for them and there is no security issues.
i have a secure ASP.net application ,login page and all these stuffs, i want to create a windows desktop application for some resones but i want to use the same security of the asp.net , is there anyway to get the login information of the asp.net to login to my windows desktop application?
View 1 RepliesIt has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
I have a solution with more than one ASP.NET web-application. Every application has its own virtual directory on the same IIS. One application is calling aspx pages in the other applications. How can I share some information (e.g. user/password) between these applications. Is the only way using querystrings (in this case, I must encrypt the information).
View 2 RepliesWe have several web applications that create a shopping cart, save it to a database, then redirect to a centralized web application to process and accept payment for the shopping cart. Right now, we are using GUIDs for the shopping cart IDs and passing those GUIDs in the querystring to the payment application. We are using GUIDs so that a user cannot easily guess the shopping cart ID of another user and simply plug that ID into the URL.
Now, using GUIDs in the database is bad for indexing and using GUIDs in the URL does not truly prevent a user from accessing another cart. However, using passing integers around would make it too easy.
What is the best and most secure way to pass the IDs from the individual applications to the centralized payment application?
I know that some people may say, "Who cares if someone else wants to pay for someone else's shopping cart?" However, we have the same concern when passing IDs to the page that displays the receipt and that page includes the customer's name.
I would like to make the build information for the running web application but I dont know where I set or configure this nor do I know how to retrieve this information.
In a project you may set the build information in the file AssemblyInfo.cs under the projects Properties folder. Here is a snippet of the AssemblyInfo.cs file:
[Code]....
But there is no such file for an web application project, so I have to get this information from one of the compiled DLLs that is in the same assembly as my web application then? Or how is this done?
The reason I want this information is because my customer would like to have a webpage within the web application where he could see the current version. This is also nice to have when testing and debugging etc.
I would like to implement the following functionality between 2 web applications:
a) Web application one contains a button, which, when pressed launches another web application.
b) The second application contains a form that is filled in by the customer.
c) After filling in the form, the second application validates the information and returns a 5 digit code to indicate whether validation was successful.
d) Web application one then displays the status and asks the user to continue with other steps.
Is the above scenario possible? Is it possible to transfer data between 2 seperate web applications? I have considered using a query string, database and flat file to trasnfer the data from one application to another. Which of these (if any) would be the best choice?
I need to design two apps who can interact with each other. The first app, App A needs to send an encrypted string over to App B and App B will have to decrypt it and do some stuff. How would I go about that?
App A - http://MachineA/default.aspx
App B - http://MachineB/default.aspx
I tried encrypting the data using AESCryptoServiceProvider and it returns a byte[]. Now how would I transfer it over to another application? Via query strings?
http://MachineB/default.aspx?data=<<EncryptedString>>
Query strings does not take a byte[] parameter. So I am clueless now.
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
I have a webpage having two user control uc1 and uc2. When user clicks a html server control on the page, i want to pass some property value of uc1 to uc2. How do i do that?
View 2 RepliesI did some google searching on this, but I could not find anything useful.
Basically what I am trying to do is pass some sensetive information to an ActionResult through the click of a HTML ActionLink.
The information I need passing through is, the ProductID and the User IP Address.
So just to clarify:
1) User clicks { I like Product } link (HTML ActionLink)
2) That sends the Product ID and the IP Address of the user to the ActionResult in the Controller.
i am creating a generalize deleteusercontrol , my aim is that on the listing page where all the records are listed when the delete is pressed i want to display the acknowledgment on the same page up the list. I had little idea to do thatq1) first of all where will i place my deleteusercontrol(in the shared folder?). q2) on and off the deleteusercontrol as the acknowledgment will not be there all the time how would i be doing that on delete press. i don't want to pass any data in the querystring.q3)how would i be passing the records list id and listname to the general deleteusercontrol as it would be same for all the listing
View 1 RepliesThe MasterPage displays the NavBar for every page of my site.
The NavBar is constructed from a SQL table using a CustomSiteMapProvider.
I need to pass information from the MasterPage to the CustomSiteMapProvider to get it to display the whole SiteMap or only part of it.
In the CustomSiteMapProvider class I have included a property:
Private vSiteMapID As String
<Personalizable(True)> _
<WebBrowsable(True)> _
Public Property SiteMapID() As String
[Code]....
But ViewState is either undefined or gives "reference to a non-shared member requires an object reference" if I import System.Web.UI.PageStatePersister.
I have 2 almost identical asp.net (vb) applications. 1 Development and 1 Production.
They use forms authentication that is configured to run in SQL server. Both apps use the same aspnetdb database but have different application names.
The problem I have is:I have an Identical login for each app (same username, same password), but If I change profile information for that user in the development app, the changes are reflected in production app. This isn't what I want.
I've set up two ASP.NET applications on a machine, their web.config files contain the same applicationName value in AspNetSqlMembershipProvider item so they share users and roles.
The problem sequence is:
user logs into application A,opens new tab in a browser logs into application B, his login in application A is signed out and vice versa.
Should I use a different approach to sharing login information between two applications?
I'm creating a pseudo invoicing system. I've got a webform where users can pick such informaiton as days, companies, etc to pull the information to create the invoice for and then they click a submit button. I'm wondering what the easiest method would be to get this information. I've had success with such commands as:
DropDownList SourceTextBox = (DropDownList)Page.PreviousPage.FindControl("DropDownList2");
but how can you pull this information through the SQLDataSource tools? When I choose to alter the "WHERE" in the sql clause to a control items in the previous page are not accessible.
i've one crystal report.i want the report header as "employee database".
i dont want to right click->insert and goto text object and insert.
i've one aspx page and aspx.cs page also.
now i want the "employee database" header to be printed from .cs file.
i dont want to pass by parameter also..
i.e is there any option in .cs file
something like ReportDocument myreport = new ReportDocument();
myreport.Load(MapPath("~/" + "emp.rpt"));
myReport.Reportheader="Employee database";
only thing is from .cs file i want to print the header as employee database.
i dont want by passing parameter also...ReportDocumentsasd myreport = new ReportDocument();