I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
View 1 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I have to do a web form that once the user has completed successfully and click the "I Agree" box and submit the form that redirects to the page where you can download some files. These visitors are not "users" in the sense of Drupal (no username / password, log back, etc), so I do not think the profile is actually the correct method vs Webform but should only be able to access to this page through redirection Webform.
View 2 Repliesi was just wondering how one would approach creating a link that would be active for 24 hours for a user... ie i have in the db a time of confirmation and then wanted to make a download active for them for 24 hours and deactivate it post then.
View 1 Repliesi have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 RepliesHow can I force page to use secure connection "https". Client might call the page using insecure connection. I want the page to to check connection, if insecure connection "http" is being used, reload the page with secure "https" connection
View 8 RepliesI have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesHow to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 RepliesI've to download files from our 38 clients secure websites. They are our data resources. Currently data collection process is manual. Logon to the site, login with username and password, then download files, save to local folder, close window once download is completed. We are trying to automate download process. Plan is to handle login part with code and directly show list of filename to User with check box , so User can select files and click to save.
Rest all will be handled programtically. Once download is complete the status for that file will change to "Saved" or "Download Complete. I'm working on Window 7, VS2008(C# asp.net). Trying to make it work with WebClient class. It'll be great if you can post some source code or guide me to link or post for solution.
I have a webform that has a master page. In the web form I have a dropDownList it has PostBack=True, cause every time I changed the option I concat paratemer (item choosen) at hyperlink's navigate url property, for example I have 2 items:
id text
1 Option1
2 Option2
If the users select Option1 then concat at the url "?option=1" The problem is, that when I choose one option and then click at hyperlink everything goes right, but at the second time I choose an option the browser try to download de page itself aspx. update: even if I click at other hyperlink or link button after choose an option and click the hyperlink, the same thing happens (the browser ask me for download the page aspx)
I have no idea how to avoid this behavior at browser and it happens just at server with the IIS not while I'm testing at VS2008, update: ah I almost forget, if I click "cancel" at the prompt of firefox, then everything goes right again, until the next time I choose other option and click at the hyperlink, then everything goes wrong again...
Update (Code):
[Code]....
And here is the ASPX page
[Code]....
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I am a newbie. First time, I am going to deploy the web application to a host? Few questions, do you know any free asp.net hosting with FTP capability? Secondly, how do I ensure the data-base is secure, so that the hosting site cannot access the database or open without a password?
View 1 RepliesAt one point this was working, but somewhere something happened. What I am trying to do is simply download a page from our local site. I keep getting the 401 unauthorized.
I have tried NetworkCredential("user", "password", "domain")
and
CredentialCache cc = new CredentialCache();
cc.Add(new Uri("http://site/"), "Windows", new System.Net.NetworkCredential("user", "password", "domain"));
but that didnt work . We are using Windows authentication with no anonymous access.
Here is what was once working:
WebClient wc = new WebClient();
string FileName = Server.MapPath(\App_Data\rpt.htm);
wc.Credentials = CredentialCache.DefaultCredentials;
wc.DownloadFile("http://site/Report.aspx?OrderNum=7534&Type=inv&BE=1", FileName);
I have made an application where I am displaying the .pdf , .doc , .docx files. These files are uploading from an Admin Panel.When user place a mouse pointer on download icon provided in front of every file, it shows the complete path where it’s get saved.I want to avoid this path visibility even when user place mouse on download icon and even if it Inspect an element (as most modern browser will have this functionality).
View 1 Repliesi am creating a web app for a small buisness enterprise in which i have added a node in my menu (stocks) accessible to limited users
every time a user try to access this node , it will ask for his/her credentials. iam using asp.net login control( in built ) for this . Also i used
<authentiaction mode='forms' />
<authorization>
<deny users='?'>
</authorization>
for these pagesin my web.config file now apart from that , how can i made it more secure using asp.net membership provider.
I'm about to submit my pad file to multiple sharware sites but the pad file has to have a direct link to the download file and can't link to a download page which is what I would like to do, so I can track the traffic and get the downloader's email before allowing the download. I am running an ASP.NET site in VB. Is there a way to tell the web app to redirect to a specific aspx page when it receives a request for a specific file?
View 1 Replieson page refresh it redirects to login page. why?
View 1 RepliesI'm creating a ASP.NET/SQL Server 2005 Express app which requires users to upload supporting attachment or documents in .docx and .pdf format. The web server is IIS 6/Win 2003. I'm trying to come up with a good way of securing these documents so anonynous users cannot see them and creating a separate Windows login for every user is not an option. SQL Server Express does not have blob data types. I'm storing each user's authentication information in the SQL database and not really using forms authentication.
View 1 RepliesI would like to send email securely to third party with attachments containing sensitive info. The website is configured with SSL. I'd like to know how to send email securely via asp.net app.
View 3 RepliesI've got IIS 6 with a self-signed certificate installed. This is now securing the whole site (all urs are HTTPS). How do I only apply HTTPS to logged in areas, leaving publicly viewable data with HTTP?
View 8 RepliesI'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if:If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it?If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?
View 5 RepliesI'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
From what i know Random() is initialize to the current time. If two connections hit during the same second i should get the same two random numbers? With a large site that can be likely. Locking is bad so how should i solve it? note: the number is used for the session id.
-edit- i am stuck using a long. It feels wrong to shorten a 128bit GUID
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 Replies