Security :: Encypting Webconfig Before Deployment?
Mar 12, 2010Hows does one encypt and decypt: appsettings, machinekey, connectionstring?
View 5 RepliesHows does one encypt and decypt: appsettings, machinekey, connectionstring?
View 5 RepliesI have an ASP.net website running with the authentication mode on the web.config file is Windows. The webpages at the root do not need to have login & password form.
Now I created a subfolder called 'reports' and would like to implement a few web pages with the login & password authentication form.
Question, do I need to create another web.config file in the 'reports' folder and update the authentication mode="Forms"?
I specified to have a user creation wizard that accepts a password with NO alphanumeric characters:
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="watermeConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.{6,})[a-z]+[^a-z]+|[^a-z]+[a-z]+"
minRequiredNonalphanumericCharacters="0"/>
still, I do get the error that I have to provide at least one alphanumeric character.I do so and the error is still the same.why? is my regex wrong? I also took out the "confirm password" step. is that ok?
[Code]....
I'm trying to create web securityOn the web authenticate any user that is in the database.But there is a directory called "Administration".I just want to give access path "Administration" to Triqui
<authentication mode="Forms">
<forms loginUrl="Default.aspx">
<credentials passwordFormat="SHA1">
[code]...
I have created the asp.net application and Hosted on Different Server(i.e Test,Development). its is an Intranet Application But When I tried to Host on Production the WebApplication dont work when I check the "Integerated Authentication" and when I check the "anonymous Access" i get null value for the HttpContext.Current.User.Identity.Name.ToString() returns null. and User.Identity.IsAuthenticated also return false. what changes do I have to make in IIS and Webconfig of my application so that it can run on ProductionSERVER
View 2 RepliesHow to secure the connection string in the webconfig the best way
View 1 RepliesI have the following webconfig file that redirects (once logged in) a specific user...but for some reason it's not seeing the redirect location. So, for some reason when john123 log's in he doesn't get sent to superUser.aspx. It's as if it's not seeing the location path.
View 3 RepliesI recently added Forms Authentication to a project and set it up by right-clicking on a Login control at design-time, selecting "Administer Web Site," and setting up all the users, roles, etc.
how is this to be done after the site is deployed? Would the webmaster have access to this tool? Is there some other tool available?
In the website that I'm developing, I need to send email via GMail for certain cases such as "forgot password". It's working properly on my PC but when I upload it to the server (which has windows 2003 running) I get the the following exception:
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
Source Error:
[Code]....
Stack Trace:
[Code]....
just basically as it says in the subject. After I deploy my asp.net 4.0 website, the login control just refreshes itself after a valid username and password have been filled in instead of doing a redirect. The connection to the database works, because I can register and stuff from the database shows up in my website.
View 4 RepliesCan I create an incremental deployment package using either Visual Studio 2010 Web Deployment Projects or Web Deploy (Web Deployment Tool) .
I need to automatically select changed files from a source and destination or a change set on TFS and build a deployment package only with the changed files.
I have set up a very simple authentication page where the user enters his password and if successful authentication occurs the program allows the user to make use of the controls in the page.
I used ASP.Net Configuration to create the user and roles, SQL Membership Provider for the authentication tables and asp login controls to authenticate.
Is there any way to add users and roles once the project is deployed? Could I use the ASP.Net configuration page? and if so how?
I have certain information in my webconfig such as the name of the database i am connecting to. However, I would like a situation where my aspx is able to obtain that information as well and display it in a label. Hence, how do I go about doing that.
View 3 RepliesDoes Webconfig in asp.net is same for Multiple Users or diffrent?
View 2 RepliesI'm not having much fun with connection pooling. The website I've written does dip into the SQL server all the time and quite a lot of times per page. Every time I nip into the SQL Server to get or set something I open a connection...
comGeneral.Connection.Open()
... do or get what I need and then close it. From what I've read any of the following should close the connection and return "one connection" (?) to the pool (top one, only if reading)....
rdrGeneral = comGeneral.ExecuteReader(Data.CommandBehavior.CloseConnection)
comGeneral.Connection.Dispose()
comGeneral.Connection.Close()
... but that's not really working for me and I keep hitting the default max 100 open pools. So I've been doing all 3 of the above (again, top one, only if reading). But alas, still the stupid thing (Yes, I am aware I'm the stupid one) keeps hitting the max.
My new plan is to set pooling to false (pooling = false ?) across the entire website and take the performance hit which wont be terrible because I don't really do anything too demanding. Trouble is I don't know how, other than setting Pooling = False, but where exactly in the webconfig would this bit of code go?
I have a website application which performs a function which I need to integrate into my main website application. Right now I'm getting errors as I copy and paste the parts of the web.config file from the working app into my main app. When I just paste in the assemblies, I get 2 errors. I'm just going to just paste both of them here and if you think you integrate them, I'd really appreciate it if you would paste it here in the thread.
[Code]....
And here is the one I'm trying to integrate into the one above:
[Code]....
How to encrypt connection string in web config.
View 5 RepliesI'm using Visual Studio 2008 and SQL Server 2008 Developer to create a website.
I'm trying to test a connectino to a local database in my computer.
What I did is create a connection string in the webconfig file like this:
[Code]....
Then I want to call that connection string like this in the default.aspx.cs file I write the following code:
[Code]....
I'm not getting any error or warning in any of the code but when I run the page I throws me an error telling me:
The connectionstring property has not been initialized.
If I run with debug on it shows this:
[Code]....
Line 22 in red.
I don't know what I'm doing wrong since VIsual Studio does not tell me there is an error, it just seems like it cannot make the connection.
I would like to use the webconfig file to store some values, which will be used in my application in order to execute some methods, one a parameter for a timer, the Interval property and the other to pass as parameters in a method.
So, my questions are:
Where in the webconfig can save these parameters in order to make them accessible to the applicationHow do I access these parameters in my application in order to use in the aspx page for the timer control and in the code behind for a method to use
I have a dropdownlist which is connected to object data source for displaying data, now what I need is to connect to database using semicolon seperated list from web.config connection strings and then connect that to dropdownlist.
View 5 Replieshow to set the <xhtmlConformance mode="legacy"/> tag in web.config as "strict" using the codes in c#.net for an asp.net webaplication
View 1 Repliessince Grid filter is case sensitive , i used the code below RadGrid1.GroupingSettings.CaseSensitive = false;
Can weconfigure the same thing webconfig so that in the whole project case sensitiveness of radfilter will be false.
How to encrypt email setting in webconfig ?
<mailSettings>
<smtp from="abc@ddd.com">
<network host="174.xxx.xxx" password="xxxxx" userName="abc@ddd.com" port="25"/>
</smtp>
</mailSettings>
[Code]....
i have a above connections string in which i use UserName: taha1_ID2, Password: taha321, and SQL Server DataBase Name:taha1_web2 How can we encrypt it in web.Config
Note: All the above are fake.
is there any way to add HttpUtility.HtmlDecode = true in webconfig.i have 1000's of textboxes. i cannot add this all of them.
View 2 Replies