i have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
View 1 RepliesHow can I force page to use secure connection "https". Client might call the page using insecure connection. I want the page to to check connection, if insecure connection "http" is being used, reload the page with secure "https" connection
View 8 RepliesI have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesHow to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 RepliesMy client is moving from a linux to a windows shared server that uses the following:
Plesk Panel 9.5
PHP Version 5.2.13
ASP.NET framwork version: 2.0.50727.0
They currently are using .htaccess in several folders that make the user have separate credentials that relate to each folder.
Is there a way to do this on the new location using web.config? I tried using .htaccess but doesn't seem to work. I am able to get the .aspx files in a folder so if accessed and not logged in it goes to a login page.
If I have a bunch of .html pages in a folder, can I configure web.config so if someone goes to one of the .html pages direct it asks for credentials?
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I am having problems getting the security.aspx to load up on my primary development computer which is using Windows 7 Ultimate and Windows IE 8. Clicking on the ASP.NET Configuration icon from the IDE in the Solution Explorer within Visual Web Developer 2008 Express Edition loads up default.aspx with no problem. But when I click on the "Security" hyperlink to access "security.aspx" I get a message along the lines of "The configured SQL data source provider is not properly configured". It goes on to state a list of potential reasons for this problem. One that includes not having the proper credentials or permissions. Im almost 100% sure it has something to do with permissions because I can't even get to the "security.aspx" page from opening a new empty project. I have recently installed Visual Web Developer 2008 Express Edition on my laptop which is running Vista with all latest updates and this issue does "not" exists. I can click the "ASP.NET" icon, load up "default.aspx" and click "Security" and it loads the page with absolutely no issues.
I have discovered a weird workaround but I don't like having to do this. If I add the following lines to my "web.config" file from any given project I can get to the "security.aspx" page without getting any SQL messages about improper configuration or permissions.
<<remove "LocalSqlServer">
<add
name="LocalSqlServer"
connectionString="data
source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
Basically, what I have to do to get to the security page to load without error is add a remove statement and then I just cut'n'paste almost the exact same connectionString from machine.config in the Microsoft.netFrameWorkV2.0.5027config directory. This does away with the "Improperly configured SQL datasource message" and gets me a new error message along the lines of "Could not create a SQL instance". My memory is fuzzy on exact error messages since Im not at development computer right now. However, when I change the User Instance attribute from true to false, then I have success at last.
I have a folder with png images that are not shared or public (the folder is outside my application folder). Now I want my users to be able to view thoose images only if they are logged in (different users, different images). All images have a name that correspond to the users id. My idea is to stream thoose images into the asp:Image control, is that possible? How do I do that? Other (better) solutions?
View 6 Repliesi am creating a web app for a small buisness enterprise in which i have added a node in my menu (stocks) accessible to limited users
every time a user try to access this node , it will ask for his/her credentials. iam using asp.net login control( in built ) for this . Also i used
<authentiaction mode='forms' />
<authorization>
<deny users='?'>
</authorization>
for these pagesin my web.config file now apart from that , how can i made it more secure using asp.net membership provider.
I'm creating a ASP.NET/SQL Server 2005 Express app which requires users to upload supporting attachment or documents in .docx and .pdf format. The web server is IIS 6/Win 2003. I'm trying to come up with a good way of securing these documents so anonynous users cannot see them and creating a separate Windows login for every user is not an option. SQL Server Express does not have blob data types. I'm storing each user's authentication information in the SQL database and not really using forms authentication.
View 1 RepliesI would like to send email securely to third party with attachments containing sensitive info. The website is configured with SSL. I'd like to know how to send email securely via asp.net app.
View 3 RepliesI've got IIS 6 with a self-signed certificate installed. This is now securing the whole site (all urs are HTTPS). How do I only apply HTTPS to logged in areas, leaving publicly viewable data with HTTP?
View 8 RepliesI'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if:If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it?If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?
View 5 RepliesI'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
From what i know Random() is initialize to the current time. If two connections hit during the same second i should get the same two random numbers? With a large site that can be likely. Locking is bad so how should i solve it? note: the number is used for the session id.
-edit- i am stuck using a long. It feels wrong to shorten a 128bit GUID
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 RepliesI wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
I have a masterpage that contains a number of links. When I login to the secure area of my website, the links are broken they are trying to access the page as if it was stored in the SecurePages folder. Code below:
[Code]....
i was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 RepliesCode in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
View 3 RepliesI want to save the user_email and user_password in my website Session and clear it when loggin out but i wantg to know how secure it is to store passwords?
View 3 RepliesI don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?
View 1 Replies