Security :: Remove The Cache Of A Page After The User Signs Out
Jan 21, 2011
I have an ASP.NET website in which the user has the Login/Logout functionality. There are some pages which are viewable only if the user is logged in. Now, after the user signs out, I noticed that the user is still able to see this restricted page on pressing the back button. I want to create the functionality such that once the user signs out, the page should not be viewable. How can that be done?
P.S I am not using built in Login controls in ASP.NET
I am building a social networking site for employees and where an employee can sign up and create a profile and enter job employment history, interests etc. into text boxs and a aspx. page will be created showing all their details. Then in a data grid a preview of their profile would be shown allowing a user to click on that field which would direct them to that persons profile.
I am finding it hard to find information on how to automatically create a profile for each user that signs up.
When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache. Is this wrong? Should I have stored it in the session?
I am trying to remove a user account (I am using the default authentication system), but I can't find a class/method which does this. Is there a way to do this?
Using tutorials and some examples of handling membership permission on our site, i have a page that was built using examples found in those pages.. Anyway, now that it is all setup and working ran into first issue.. If a role is setup with a space in the name like this ("Read Only") then you get an error when you try to add someone to that role. But if i change it to be ("ReadOnly") it works fine and no issues..
I seem to be having some challenges with the data I am retriveing from a Webpage using the Webclient class. The code works fine, however I observe that the regular expression is not picking up the negative or positive sign in the Daily_Movement data. For example, a daily movement can be -0.31 or +0.31 but the code is not picking the sign in front of the decimal values.Here is my code
[Code]....
I think where the problem lies is the part of the code Regex r1 = new Regex("<span class="quoteData">.*</span>"); It picks up the values between the tag quite well, but not the signs in front of it. [Code]....
I am looking for a Cache filter which can be removed when certain action is performed.
Suppose,I have Index action which is loading records and cached with a filter for a minute.As long as I am calling Index the action must be cached and no trip to db.
Once I create a record in Create action than it should remove the cache a load the records from DB.I have found one in Ninject web example which is like below. I am looking for same solution.
[Cache(0, 0, 5, 0)] public ActionResult Index() { [code]...
Precondition: There's a web application that leverages ASP.NET security model. There's also an Active Directory (AD) integration component. It provides AD users and roles as if those are application's own users and roles. The relations like "is in role" between AD user and AD role are stored in AD domain, of course, but are cached by the web application.
Problem: Let's say AD user1 is a member of AD role1. When web application starts, it caches this relation. Now if the AD administrator removes user1 from role1 using AD console, the application doesn't know about this change - the cache entry is kept. This becomes a security hole because the role1 might have permissions the user1 should no longer have.
There are two сcontrary opinions how to solve this:
"Listen" to AD changes and trigger cache entry removal once the operation is detected on AD server - because we are responsible for correct AD component functioning Leave the cache untouched - because we didn't put the entry there and should not remove it either
I know its pretty easy, but i couldn't quite figure out how to remove the Confirmation page from the CreateUserWizard....I tried to remove the following code(i.e., CompleteWizardStep from CreateUserWizard Control) but that didn't work.....
i am using Jcrop to give users the option to crop there images, i have hit a small caching problem.
if you open an image which is already on the server and crop it. my jcrop works and crops the image fine but when i reload the image the old version is displayed. i have this inside an update panel.
so is there a way of removing the browsers cache before i reload the image?
We have a wfc layer that wraps the business classes and database access and use a client that lives on the database layer. Amongst our group we are attempting to form standards. Some want to have the client call the web method and pass the page they are requesting and the page size. Pass that to the database and then page in SQL Server use RowNum.Some want to cache the full list of objects in http cache on the service tier and page in memory. They concern here is memory use on the server.
Which would be best for a medium number of users with potentially large number of records to manage (say 30K) Is it better to cache them all in memory and work from there or page at the database as the application scales?
I need to enable caching in my asp.net application, but I do not want to use the webserver's memory for holding cache objects. If I add the page directive for output caching will the page be stored in the asp.net cache object?
U are caching a list of items, then Add or update or delete method called. Approach 1)
A- Do the data change at the database. If success do B, C B- Remove the entire list from the Cache. C- Re-Cache the list on first read.
Approach 2)
A- Do the data change at the database, If success do B B- Do the same change at the cached items, and save more time.
Approach(2) probably will cause nasty difficult to spot bugs, because the data come from BLL and placed directly into cache, One can't assume no bugs will happen at the sproc, I am not worry about database runtime errors, runtime errors will show up, but I am worry about invalid data, or miss calculation. Can I proceed with approach (2) with caution? Is there a "best practice" principle which suggest not doing approach(2)?
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
I've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
... nothing is displayed. However, outside of the <% %> tags (ie in the HTML) displays correctly.
I have no trouble displaying the usual alphanumerics, it's just the sign that is proving problematic. The underlying file is in Windows 1252 encoding, and I need to serve it as such. If I save the file as UTF-8, I get mojibake instead of a .
what I can do to make this work, or any settings that might be preventing it from working (other than saving the file in a different format)?