Security :: Validating A Session ID Using A Web Service?
May 13, 2010
I have a web site that streams on demand video content. The video content is stored and delivered from a seperate SMD platform. My website submits a url request to the media server in order to get the media to display. My user session data is held in a sql server database on another seperate server.
I think the best way for me to do this is to create a web service that can validate a session id. So when I create the url on my web site I include the encrypted session id. The media server then sends this encrypted token to my web service which in turns decrypts the token and validates the session id against my database and then returns whether valid or not which is used to check if the content can be displayed.
View 2 Replies
Similar Messages:
Apr 21, 2010
I am calling a web service (written in Java) in my web app. I use the WSDL to generate proxy classes using the wsdl.exe command line tool.
Everything is working fine.
However, I have found out that the web service is not doing any data validation at all when they receive a request from my app. Hence, if I happen to send one minute piece of data that isn't exactly what they want, I receive a general fault error in return, with no specifics at all of what the incorrect (if any) piece of data is.
So, before I make the request, I'd like to validate my request against the schema they have provided. Is this possible, and if so, how do I go about this?
View 1 Replies
Feb 9, 2011
I am using Membership provider.. I integrated the aspnet member tables into my database.
I need the user to enter password on a data entry form and validate it against the membership tables.
How can I do this. This is the set up. I have few fields and user enters those fields and also enters the password, and submits the form. It is kind of like signature... i am looking for something like..
If txtPassword.text = membershipprovider password
{
//do this...
}
View 1 Replies
Jan 23, 2010
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
View 8 Replies
Feb 3, 2011
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
May 20, 2010
I would like to check if someone tries to access the application with the same username from a different browser/pc/etc. All usernames and passwords are stored in a MSSQL db.
What I am doing at the moment is: In the global.asax-file in Application_start(..) I initialize [Code]....
Now with every user that logs in I can check whether he is allready in ( in that case, he won't be able to log in, he'll be redirected to the login page ). Let's say it's the same user who wants to login but for some reason he wants to start the application from a different pc, maybe in a different building. Unless he hasn't forget to logout, he won't be able to login on this different computer. So he would has to go back and logout or wait for the timeout.
Now wouldn't it be more convenient to abandon the first session and let the same user login to the pc where he is right now?
The question is, is it possible to end the first session without beeing in it? Or is there any other solution for that problem? Since I have the SessionID stored in Application["UserList"] is there any possibility to end that specific session?
View 3 Replies
May 1, 2010
I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.
View 1 Replies
Jul 24, 2010
i have created a web service that will we accessible to only authenticated user of the website.when user first time call a web method first he will we authenticated.when authentication is successfull i will create a session for that user.now on next call to the web service by that user i want to use that session means he is authenticated user.But on the next call session becomes null .what is the problem with that.
How to retain the value of the session in web service
View 1 Replies
Jul 21, 2010
I have an ASMX webservice hosted alongside my ASP.NET web app. Now, I need to get the users session into the Webservice. To test this I made this simple method:
[WebMethod(EnableSession = true)]
public string checkSession()
{
return HttpContext.Current.Session["userid"].ToString();
}
So, first I login to my web app, then in the browser goto my webservice and click "checkSession" on that auto generated test page. I have tested this on 3 computers. All 3 of those work fine with the webapp(so the sessions are being created etc), and 2 of those return the value of Session["userid"] on invoking the webmethod, however the last computer returns "Object reference not set to an instance of an object" because Session is null.
So, whats the difference between these computers and why can my ASP.NET app get the sessions on all computers but the webservice cant?
View 1 Replies
May 27, 2010
Im using asp.net website with WCF service, having wsHttpBinding,Aspnet compatibility enabled, specified as Sessionmode -allowed, service behavior- isinitiated and client session cookie enabled. Its looking like Asp.Net session object and WCF Session( HTTPContext.Current.Session) work independently. How can I share Asp.net Session value to WCF Session and vise versa.
View 3 Replies
Dec 8, 2010
on click of logout button, i want to call a web service method that will get that particular user's session and call its abandon method. But how can i pass that session variable to that web method ?
Calling of web method is done through java script.
View 3 Replies
Oct 5, 2010
This is quite straight forward. I'm calling a web-service (.asmx, with session enabled) from a c# application. I want each call to be with the same session key as the previous one (as opposed to creating a new session key each time).
Here's my (nothing-out-of-the-ordinary) code:
[Code].....
View 3 Replies
Dec 3, 2010
I'm finishing up my first web service. It stores data on a dataset that I later need to check up on, so I need to keep that information around. I've already enabled the session in the web service's method "EnableSession = true" [WebMethod(Description = "Receives status requests, as well as status udpates.", EnableSession = true)]
If I debug the web service everything works but if I try to use the application that sends the requests to the web service while it is published, the session keeps restarting again and again and again.
View 1 Replies
Mar 26, 2011
I have a number saved in session and am using it in a bunch of pages right now, and I was wondering if I could somehow access this session in my WebService.asmx file? It would be great since then that way I can fix my auto complete extender. I know I can use contextKey, but I am using that contextKey for something else. If session isn't possible in web service, then is it possible to use two contextkeys in auto complete extender, and how?
View 1 Replies
Mar 29, 2011
In my ASP.net website we are going to use Silverlight to display some interactive diagrams. The users can add, edit and delete various diagrams on the silverlight front end. Silverlight will call Web Service methods to save the changes into the database. Besides the data being passed by silverlight to web service call, we also need to pass some data from the session (like logged on user id etc.) to the web service call.
My question is that how silverlight can access session data? I am trying to pass session information via a webservice method call over to Silverlight but, the session variables inside the web service methods are returning null value.
The Web Service is running under the same web root where the ASP.net website using Silverlight is also hosted. I have made EnableSession = True for web properties.
View 1 Replies
Jul 19, 2010
I'm working on an ASP.NET MVC web application that will be deployed across multiple load-balanced servers. With this setup, a user might have one request served by server A and the next request will be served by ServerB or ServerC. We don't want to store Session Data in the database, as we're trying to minimise database hits where ever possible. As such, we need to have the HttpSession managed and stored on another server. My understanding is that this is possible by using a Windows Service that will manage this for me, but I'm unfamiliar with how to implement this. Can somebody point me at some good documentation on how to do this? Or any pitfalls or other points to take into consideration?
View 3 Replies
Dec 11, 2010
I have several ASP.NET sites, hosted on the same domain (different subdomains) and working via HTTPS. I have WCF service, hosted on the same domain. I have a separate state server for sessions.
All sites use cookieless session (if someone asks why - i will reply later, but it's a 'must')
On my sites, I use grid components from Telerik (but actually it does not matter) that ask for data from WCF service and must be filled with this data.
The problems are:
1) I cannot manage to make POST request to WCF service from javascript: for some reason it's always either GET or OPTIONS (no matter if I use Sys.Net.WebServiceProxy invoke or just a plain jquery AJAX request). It happens even if I indicate COOKIE mode, not cookieless. Maybe because of this I am getting "405 Method not allowed" error - WCF is set for POST request, but the site sends GET...
2) I cannot manage to retrieve SESSION from my websites! I tried approach, that I found, but WCF always uses OWN session, instead of 'connecting' to existing ASP.NET session, despite on ASP.NET compatibility mode. I need SESSION to exchange data between my sites and WCF service
3) I don't have idea currently, how to manage security when exchanging data between mentioned ones, in the light of above-mentioned problems...
4) I don't know exactly, how web.config for WCF service should look like in my case, because I've seen tons of different variants, but all for some simple cases.
Would be really appreciated for the help! I'm stuck for 2 or 3 weeks already, far behind the plan, but nothing still works... I can see there are some pieces of info about similar problems, but I'm afraid to miss some small thing - in web.config or method attribute or IIS setting, etc - and f... up everything.
View 3 Replies
May 7, 2010
I'm using Session variables inside a web service to maintain state between successive method calls by an external application called QBWC. I set this up by decorating my web service methods with this attribute:
[WebMethod(EnableSession = true)]
I'm using the Session variable to store an instance of a custom object called QueueManager. The QueueManager has a property called ChangeQueue which looks like this:
[Serializable]
public class QueueManager
{
[code]...
View 1 Replies
Jan 21, 2010
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
View 2 Replies
May 5, 2010
I created an AutocompleteExtender web service. I am getting a Object reference not set error in the peice of the code where I am referring to System.Web.HttpContext.Current.Session. Does anyone know why this is. And I am checking to see if it is != null before I reference it. But it crashes. Is there another way to pass another parameter to the web service?
View 2 Replies
Aug 11, 2010
I have written code that uses a .bat file (code: rwvinstat /server:servername) that populates a DataGrid of users logged in to a terminal service session in c#. The .bat lives on the server with the app. files and will run properly if executed manually on the server .Also if i run the app. locally and call the .bat file on the server it works fine.
The problem is when i deploy my web app on the server the DataGrid never populates nor do i get any errors. i have given full permissions to IUSER_MACHINENAME(and various users) and i set the virtual directory permissions to read, run, execute. Ialso have set my web.conf fig to:< "identity impersonate="true" userName="username" password="password"/> Here is my Source code:
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using System.IO;
public partial class ilsap01_users : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
System.Diagnostics.ProcessStartInfo psi = new System.Diagnostics.ProcessStartInfo("C:\listUsersIlsap01.bat");
psi.RedirectStandardOutput = true;
psi.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
psi.UseShellExecute = false;
System.Diagnostics.Process listFiles;
listFiles = System.Diagnostics.Process.Start(psi);
System.IO.StreamReader rawUserData = listFiles.StandardOutput;
listFiles.WaitForExit(20000);
try..................
View 2 Replies
Jan 22, 2010
I have recently moved our ASP.NET session state from InProc to a Sql Server solution. I can see session data being inserted into the Sql Server database. I'm monitoring the w3wp.exe process using the "Private bytes" & "# Bytes in all heaps" performance counters.As I navigate through the website it places data into session, however the private bytes counter still climbs on the server hosting the website? I thought the session data was being written to the database and not being stored in memory? The managed bytes remain constant, and I'm pretty sure all the objects going into the session are managed types.
View 1 Replies
Jun 18, 2010
I have a module that subscribes to PreRequestHandlerExecute event, which uses the Session object. When i set the webconfig compilationdebug flag to false, the Session object is null when making requests to the web service. It works fine for .aspx requests, but only have problems for .asmx. When i set the debug flag to true everything works fine. I need to set this flag to false for production, but can't seem to get it work.I'm using II7 and the integrated pipeline, so this event will fire for all requests.
View 1 Replies
Sep 27, 2011
I am learning web service from [URL]
I created a new project and copied code from above link as below, it works.
But once change webmethod to use SQL table, I got "Can not load WSDL" error.
Code:
Imports System
Imports System.Web.Services
Public Class TempConvert :Inherits WebService
[CODE]...
View 8 Replies