I have an web application that encrypts data using a public and sent it to another web application. Which will then decrypt the data using a the user private key. My question is, since but the Private and Public key are generated in the first application. how does the other application get the private?
My site is 100% private (only public facing page is login) I've had the need to open up a page to anon via the <location> node in the web config...and that all seems to work However the issue now appears to be that dynamic resources such as the Telerik.Web.UI.WebResource.axd and imagesjavascript changed via handlers dont load. A firebug of the situation shows that for those dynamic elements, it's trying to re-direct to login to get them Is there anyway around this?
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
My current project has many peripheral systems and many different environments (testing, integration, development etc). As expected, we're using .config files to dynamically manage everything.
Instead of updating each relavant key when deploying to an environment, I was hoping there was a way to change 1 key only. Such as:
I've done some searching and haven't come up with an elegant solution. I'm aware that .config files can make use of system variables, but this seems like a bit of a high wire act.
I want to use PKI public and private encryption for authentication to allow for a more streamlined and secure application access control system. generation of certificate and authentication will be useful. One more question, can i use System.Security.Cryptography.X509Certificates class for the same?
I have searched high and low (and very possibly could have missed it), but in my years of programming, I have always come across one practice that seemed to be the standard in OOP, which is to use private properties in an object with public methods to manipulate the data.
However, the more I delve into ASP.NET (specifically with MVC), the more public properties I see inside of classes (specifically models) such as the ones shown at Scottgu's blog discussing the Entity Framework.
Does it have something to do with the way that LINQ populates a class?
I have like 10 private members in my class, and I was hoping vs.net could create public properties from them but can't seem to find that option in VS.NET 2008.
Be built an MVC application. Some of the pages require being under SSL encryption. Means the whole site need to be broken down to sections (http and https)The immediate solution that comes to my mind is creating two IIS sites (port 80 and 443) and break the application to two sites (public-http and private-https). Since the site is complex, breaking it into two applications will be huge work.What is the easiest way of doing this?Is there any link or article that explains the best practices doing this?
whats a good way to test the settings (especially keys) in web.config? I think its not really testable with NUnit, or is it?Example: <add key="SomeKey" value="SomeValue" />
I have a site that allow the user to request a secret report in a pdf format. My idea is to put the generated pdf files in a public folder with disabled directory browsing. Each file name consists of 128 characters that are uniquely and cryptographically generated. The legitimate user will be given the link of his/her own report.
Does somebody knows how to access applicationSettings-Keys in web.config (NOT appSettings) from aspx.file like "<%? applicationSettings:Keyname %>? This seems to work only with the old "appSettings".
From code I can it access it with "Properties.Settings.Default.Keyname", thats clear.
I work in an development group in an enterprise, where we strive to seperate business units and their responsibilities. So for example, I am in the development group and we are responsible for all tasks related to developing applications. We have other roles such as dbas, or operational roles that are outside of our group and are responsible for things like deployment, server maintenance, etc.
I'm looking at features in VS such as the publish web app feature and the web.config transform feature and reading about them in blogs and various other places. Based on the majority of what I read it always seems that the writer is assuming that the developer is managing things like connection strings, user names, passwords for the different environments in web config transforms, then publishing to a remove server in some kind of production environment (be it live, or test or staging, etc).
An example is here. In our environment, and I assume others too, the scenario is somewhat more complex than is usually portrayed. The development group may not know where any of what they've developed is deployed. And administrators may move servers,databases etc and update configuration as characteristics of the environment dictate. So in these cases, how does web.config transforms help? Publish can still potentially be used locally to build artifacts for a deployment package but even you'd probably want to use some automated build manager instead.
So is publish and transforms really more suited for more rudimentary development processes where the barrier between development and operations is very grey? Or am I missing something? It just seems that a lot of things I've reading about this kind of thing have good intentions but are somewhat superficial in the context of a more defined development process.
Interested to know others opinions and experiences on this.
I'm working on a mapping application and will be allowing a user to make a query and have the resulting locations display on a map.I want the users to be able to interact with the map, but I need to know exactly which item they're interacting with, so it would be easiest if when the original query is made, the id's are put in a hidden field somewhere so I can just perform an insert statement based just on the key, rather than having to to another query to find out the key by saying "where location name is x and the coordinates are y, and the description is z" etc.Is this a bad idea, i.e. could anyone do any harm if they discovered that I was storing the primary key in a hidden field?
Is there a way to use a generated file as a configSource for a web.config section?
In web.config, I tried a simple:
<webParts configSource="webpartsConfig.aspx" />
where webpartsConfig.aspx just spits out XML when accessed normally, but not as a configSource. (The literal source code is included as-is, giving an error.)
Motivation for this solution: I have different configuration variables locally and online, and I don't want to juggle multiple config files.
I am currently working on an ASP.NET 3.5 and C# web application which deals with users private information like SSN numbers. What are some of the security measures which I need to take from an application development stand point to feel safe?
I'm building a complex, public web service in WCF that send email to a specific address, similar to a contact form but with some features.With jQuery I get the data from the textbox and with Ajax and json I send to the web service the strings to proceed at the send.
Now, is there a good way to make it secure?
I mean.. the service is public so someone can have access to it and starting to spam on this address. Can I restrict the users to use the web service only from the correct web site?
Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: [URL]
I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this?
I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it?
I have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
