Security :: Detect As A Robot / Sending An HttpWebrequest?
Sep 16, 2010When i'm sending an HttpWebrequest, I've this response:
"Go away, Robots are not supposed to visit this page"
What can I do for avoid this?
When i'm sending an HttpWebrequest, I've this response:
"Go away, Robots are not supposed to visit this page"
What can I do for avoid this?
I am running the code below to authorize payments but I wanted to know how secure is it to submit sensitive data like that, do I have to worry about any issues going on or no?
[Code]....
Im trying to send some xml inside a soap request to a webservice using the HttpWebRequest class. I know this isnt the best way, but my hands are tied by company policy so i have to do it this way. My webmethod has an input parameter "SourceXML" so my soap request has this node
<SourceXML></SourceXML>
I need to insert the xml in this node but whenver I insert it and try to send it to my web method I get an error "400 bad request"
Is this even possible ? I need to insert the xml as a string literal and read it in the web method
[Code]....
[Code]....
Using a Windows application I am sending a web request to a web page and getting the response back using the following code
HttpWebRequest oRequest1 = (HttpWebRequest)WebRequest.Create(url);
oRequest1.ContentType = "text/xml";
using (Stream stream = oRequest1.GetRequestStream())
{
stream.Write(fileBytes1, 0, fileBytes2.Length); //fileBytes1 - contains the data of first request
}
HttpWebResponse Response1 = (HttpWebResponse)oRequest1.GetResponse();
->The above code works fine
But I need to enhance the code to accomodate following additional scenario
->Send another request to the same web app and
->get the response back
The first request sent contains the credentials to access the web application the second request sent doesn't have credentials, it must use the credentials of first request. I am using the same (following) code for the second request too. I get an error saying that it's looking for credentials
HttpWebRequest oRequest2 = (HttpWebRequest)WebRequest.Create(url);
oRequest2.ContentType = "text/xml";
using (Stream stream = oRequest2.GetRequestStream())
{
stream.Write(fileBytes2, 0, fileBytes2.Length);
}
HttpWebResponse Response2 = (HttpWebResponse)oRequest2.GetResponse();
So how do I accomplish this? Should I be sending the second request using same session or same connection?
I have created a web application that calls a web service that requires a Client Certificate for authentication. Here is a snippet of how I am building the request:
// Grab Certificate
X509Certificate2 cert2 = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + GiftCardConfig.A2A_CertificateLocation, GiftCardConfig.A2A_CertificatePassword, X509KeyStorageFlags.MachineKeySet);[code]....
This all works, but only intermittenly. About every 24 hours the Server hosting the web service returns a 403:Forbidden error. The only way to fix it is to do a iisreset of the server running the web application. We are completely stumped about this issue and would like to know if this issue has something to do with the web application or the configuration of the server it is being hosted on.
I have some geo targeting code whcih I want to behave in a particular way if the site is being spidered by a robot e.g. google etc.
Is there any way to infer this?
I'm not 100% sure that this is the right forum, but here goes.Is it possible with ASP.Net to reliably determine if the client (i.e., the browser) is using a proxy server? I'd like to prevent proxy users to a particular site.
View 3 RepliesIs there a way or a browser that would tell me which media or code in my website that would cause the "Security Warning" in IE or FF browser?
View 6 RepliesHow can I detect the country name of our users list in asp.net membership provider. In addition, the country name which can be found by IP address.
Is there any built in functionality within ASP.net membership provider? If yes then it is good and if not then how can I implement this?
I created one project in vs2010 with ASP.NET Web Application.It provides login / logout link in uppper right conner.How can I detect wheter user clicking is login or lgout.If the event is login, I want to write some values in a session.If the event is logout, I want to delete all cookies. I tried to find event in Site.Master.aspx. However, I couldn't find it.
View 2 RepliesHaving spent considerable amount of time in ASP.NET security community I would like to share this.
There are three ways of resetting and changing passwords explained at
Microsoft ASP.NET site[URL]
Step 1: Helping Users Recover Lost Passwords
Step 2: Changing Passwords
Step 3: Allowing Administrators to Change Users' Passwords
In step 1 and step 2 end user passwords are sent by an email.
In Step 3: functionality is explained where administror changing the password and sending through email msg. refer "I encourage those readers interested in this functionality to become more familiar with the code and try extending the functionality to include sending an email to the user whose password was changed. Query
Is Sending passwords by emial secure enough or best security password at all? I have implemented functionality where Admin sending passwords to end users by changing once in 3 months. End users expressed their views that sending passwords by email is not secure. When there is security threat in sending passwords by email, Microsoft security experts should not emailing passwords in above mentioned article, which is still up to date.
Two users using the same machine, same browser.
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
I have a PasswordRecovery control set up on an ascx control as shown below. In some cases users have gotten two emails with different passwords sent at the same time. They're insistent that they haven't hit the button twice. I am using the CSSFriendly adapters, so I can take that off and see if it corrects the problem. Otherwise I suppose I could put this on the aspx page rather than a control.
<asp:PasswordRecovery ID="PasswordRecovery1" runat="server"
I set MailDefinition property in CreateUserWizard.Also, I added this to Aspx.cs page:
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" OnSendingMail="Createuserwizard1_SendingMail">
<WizardSteps>
<asp:CreateUserWizardStep runat="server" /> [code]...
But when registering new user, it's not sending email.
I'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
I am doing Search functionality for my website. For this purpose I am using Lucene.net search files and dlls in my web application. There are 2 folders get created in web application namely 'index' and 'cache'. These files contains crawled pages of my website. Search pages searches these two folders for searching. This application is run with no error on my local server. but when i upload these folders and these search pages on my server and search it will show error.
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Previously I found that this error is due to Medium trust level of server.
I checked this error on my Local by setting my local server trust level as Medium and on my local it was showing same error. so i made change in my code, after that its working on my local with Medium trust level as well. But on my web server it still gives same error. So what changes should i make in my app so that it will run in Medium trust level.
I am trying to send e-mail after an account with roles has been created, but I keep getting this error:
CS0123: No overload for 'RegisterUserWithRoles_CreatedUser' matches delegate 'System.EventHandler'.
This is the wizard I am using:
<asp:CreateUserWizard ID="RegisterUserWithRoles" runat="server"
ContinueDestinationPageUrl="~/Default.aspx"
onactivestepchanged="RegisterUserWithRoles_ActiveStepChanged"
LoginCreatedUser="False" oncreateduser="RegisterUserWithRoles_CreatedUser">
<MailDefinition BodyFileName="~/AccountCreated.htm"
From="myemail@gmail.com" IsBodyHtml="True"
Subject="Your account has been created!">
</MailDefinition>
<WizardSteps>
<asp:CreateUserWizardStep ID="CreateUserWizardStep1" runat="server">
</asp:CreateUserWizardStep>
<asp:WizardStep ID="SpecifyRolesStep" runat="server" StepType="Step"
Title="Specify Roles" AllowReturn="False">
<asp:CheckBoxList ID="RoleList" runat="server">
</asp:CheckBoxList>
</asp:WizardStep>
<asp:CompleteWizardStep ID="CompleteWizardStep1" runat="server">
</asp:CompleteWizardStep>
</WizardSteps>
</asp:CreateUserWizard>
This is the c# file:
protected void RegisterUserWithRoles_CreatedUser(object sender, System.Web.UI.WebControls.MailMessageEventArgs e)
I need to send an email(using SMTP) whenever the user forgets the password.....The code snippet i have is
protected
void PasswordRecovery1_SendingMail(object
sender, MailMessageEventArgs e)
{
MailMessage mm =
[Code]....
I need to call this function whenever the user clicks the Reset button...
I'm building a website for a client on which they want site visitors to be able to fill out a form with the relevant information along with their credit card details, and when they submit the form, the information will be sent to the client in an email. This is an experimental services that they're offering so they're not interested in real time credit card processing yet. If I just zip the collected data up into a password protected zip file, and send that in an email to the client, would it be secure? Or do I have to go further than that to secure the data?
View 1 RepliesI was curious how some of you are sending out an email to a new user, are you sending more then one email with username and link in one and then the password in another, are you sending everything in one email, are you sending an email to the new user at all?I'm curious because my web site is not a self registering web site, Only a supervisor can create a new user and then that user gets an email. I'm trying to figure out the best way to send the new user an email with their credentials to the site.the users are outside users (vendors) though their username is created by an internal employee
View 10 RepliesOn the first hit, and only the first hit, to my page having [ALLOW users="*"] in the web.config, the user is redirected to the LoginUrl, but on all subsequent visits to the page, the user IS allowed access. The user shoud ALWAYS be allowed access to this page. I suspect it is a configuration problem, so here are snippets of my web.config...
[code]....
I am writing the code for contactus module for DNN. But i ma unable to recived the mai. what i m missing in the code.
SmtpClient smtpClient = new SmtpClient();
MailMessage mailMsg = new MailMessage();
MailAddress fromAddress = new MailAddress("friendemail@mail.com", "friend");
smtpClient.Host = "abc.mail.com";
//smtpClient.Port = 587;
smtpClient.Port = 25;
mailMsg.From = fromAddress;
mailMsg.To.Add(myaddress@mail.com");
mailMsg.Subject = "test message";
mailMsg.IsBodyHtml = false;
mailMsg.Body = "hello friend";
try
{
smtpClient.Send(mailMsg);
}
catch (Exception ex)
{
// lblstatus = "sending fail" + ex.Message;
}
I program in vb
I was wondering if someone can direct me to a good quality tutorial on the process of registering and sending an activation link to the user's email address. I can't seem to find any useful tutorials online!
I want get code for how to stop sending mail when email format is wrong in password recovery control and getting error message and also how to getting error message, means how to stop that.
View 5 RepliesI am working on sending twitter updates from my asp.net website. I have the authorization down but I am stuck when it gets to sending the tweet here is my code behind:
protected void btnAuth_Click(object sender, EventArgs e)
{
// add these to web.config or your preferred location
var consumerKey = ConfigurationManager.AppSettings["consumerKey"];
var consumerSecret = ConfigurationManager.AppSettings["consumerSecret"];
//If User is not valid user
if (Request.QueryString["oauth_token"] == null)
{
//Step 1: Get Request Token
OAuthTokenResponse RequestToken = OAuthUtility.GetRequestToken(consumerKey,consumerSecret);
//Step 2: Redirect User to Requested Token
Response.Redirect("http://twitter.com/oauth/authorize?oauth_token="+ RequestToken.Token);
}
else
{
//For Valid User
string Oauth_Token = Request.QueryString["oauth_token"].ToString();
var accessToken = OAuthUtility.GetAccessToken(consumerKey, consumerSecret, Oauth_Token, txtPIN.Text.Trim());
lblMessage.Text = "<b>Hello " + accessToken.ScreenName + ", Welcome to my Twitter App<b>";
lblMessage.Text += "<br/> Token: " + accessToken.Token;
lblMessage.Text += "<br/> TokenSecret: " + accessToken.TokenSecret;
lblMessage.Text += "<br/> UserId: " + accessToken.UserId;
lblMessage.Text += "<br/> VerificationString: " + accessToken.VerificationString;
}
}
protected void btnTweet_Click(object sender, EventArgs e)
{
// add these to web.config or your preferred location
var consumerKey = ConfigurationManager.AppSettings["consumerKey"];
var consumerSecret = ConfigurationManager.AppSettings["consumerSecret"];
OAuthTokens accessToken = new OAuthTokens();
accessToken.AccessToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
accessToken.AccessTokenSecret = "xxxxxxxxxxxxxxxxxxxx";
accessToken.ConsumerKey = consumerKey;
accessToken.ConsumerSecret = consumerSecret;
TwitterStatus TweetStatus = new TwitterStatus();
TweetStatus.Update(accessTokens, txtTweet.Text);
}
I dont know how to get the AccessToken & AccessTokenSecret.