Im saving sensitive data from my asp.net web app back to a database on another server. I have set up encryption on the database. Do I need to set up more encryption in the code behind of the web app and encrypt the data there then pass the data to the database or should I pass it as it is and then encrypt it in my stored procedure.
View 1 RepliesIm passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?
View 4 RepliesI did some google searching on this, but I could not find anything useful.
Basically what I am trying to do is pass some sensetive information to an ActionResult through the click of a HTML ActionLink.
The information I need passing through is, the ProductID and the User IP Address.
So just to clarify:
1) User clicks { I like Product } link (HTML ActionLink)
2) That sends the Product ID and the IP Address of the user to the ActionResult in the Controller.
I'm teaching myself ASP.net. I'm creating an application that needs to store sensitive data. So, I found the following Blog to encrypt and decrypt data.
[URL]
I'm sure it's my app, but I wanted to make sure I'm not missing anything obvious. For some reason, my app and Encryptor only works when I pass < then 7 characters. If a pass 8, it doesn't commit to the database. If I remove Encryptor, the app will store
How do i perform signing sensitive data in WebApp?
My algoritm:
[Code]....
The code above works in WinApp but doesn't in WebApp .
Can you fix the code above so it can run under WebApp -or- other method to protect sensitive data from modifying?
I am trying to set up my intranet site so the user logs in with his windows domain account and that account is passed to the sql database to access the database. I have been able to succesfully set up the windows authentication to my website, but when I try to use
<identity impersonate="true"/>
in my webconfig I get a 500 errror on my site when trying to open any page. My server is 2008 R2
I have few fields which when entered data by the user,they pass to the database and another webform called registration calls this values, there was an error in this when I looked into the registration form there was one field which was not showing up the data
then I looked into the database and found that the webform 1 is actually not passing the data of a field named "issuedate" to the database at all.
I posted the code for issue date can someone plzzz look at the code and tell me what could be wrong becoz I tried looking at this but couldnt understand what was happening HTML CODE FOR ISSUE DATE
[code]....
Let's say a control X has a template called RowTemplate.
So X's markup would be like:
<foo:X>
<RowTemplate>
<foo:Y>...</foo:Y>
</RowTemplate>
</foo:X>
My question is: How can the Y control be sensitive to the data context? I know I can use template inline tags to get access to the data context: <%# Eval("Id") %>, but I cannot pass this information to Y because template inline tags are not allowed in server controls.
So I don't know how I could use the Object's Id (Eval("Id")) in Y.
I'm trying to use the Membership.CreateUser method without passing a security question and answer. I set them to string.empty, but no go. I have my provider set to not require a question in my web.config. What am I doing wrong?
[Code]....
I have a validator on a textbox that validates against a list to ensure that the user doesn't input the same name. When testing it, if I type in the same name including the same case structure, it returns an error. If I change one letter to a different case, it doesn't return an error but rather my SQL server returns a duplicate error. How do I change the server-side validator so that it picks up duplicate names regardless of case?
View 4 RepliesI have situation where I need to authenticate a client across multiple web services. Basically each service needs to identify the client and know a few other small pieces of information about the client.
The way I have it working now is that the needed identifying information is stored in a session table in a database by the authenticating web server. The web server hands the client an string, which IDs the database entry and gets passed to the other web services. The web services then use this string to pull the needed information about the client from the database entry.
It has occurred to me that it might be possible to give the client an encrypted blob that contains the user ID and other needed information, which is rather small, and avoid using the database for this completely. The client would just pass around the blob (like the string in the previous paragraph) without needing to know what it contains, and only the web services would know how to decrypt it.
This should eliminate the need for the database to store the session information and would make the whole process a good bit simpler. With the database you have to worry about cleaning up old sessions and timeouts and so on.
So my question: is passing around sensitive data from service to service via client considered safe and acceptable? Is it possible to do this in a way that would eliminate worry about the client tampering with the data? What encryption algorithms would be good to use?
This is my first time working on a secure website. It's for a pet project I have.
For security purposes, where is it best to store information like SQL connection strings, database encryption keys, etc? Is it better to use web.config, store them in a class that accesses a database (like dataBaseHelper.cs or something), or somewhere else?
I intend to obtain an SSL cert as well. When communicating with the database, should I always use the secure connection?
What I want to do is, if userA access the website, then the website will use userA's token to access the SQL server. Site is an intranet site.In web.config,I have
<authentication mode="Windows"/>
<identity impersonate="true"/>
Connection string:Data Source=sql;Initial Catalog=xxxxxx;Integrated Security=SSPI;persist security info=False;
IIS:Annoymous login is disabled, Windows authenication is enabled.
SQL server:userA is added as a user to the database.
IIS and SQL server are on different server. Running as userA on another computer, I try to access the website. The website log told me the website was trying to login to the SQL server with NT AuthorityAnnoymous despite I specified to use integrated security and Annoymous login is disabled in IIS.
I am using ASP.NET 2.0 and C#. I would like to know if the Session variables are Case-sensitive.
Is Session["StudentId"] and Session["StudentID"] considered the same.
Which would be the proper way to access the session details, when in a page someone passes data as Session["StudentId"] and somebody else passes as Session["StudentID"]?
Say I have a Form model which contains a list of Field objects loaded from a database. Each field object has a type that defines whether it is a listbox, combobox, input or textarea.
What would be the best way for displaying the Field objects correctly? I was thinking in my View using a switch statement and calling a specific partial depending on the case.
[Code]....
Is this a valid approach? What other methods would people recommend to do this?
Trying to figure out the best way to organize a ASP.NET MVC site. Take a very simple 1..N relationship: Company can have many Contacts, Contacts must have exactly one Company.I have your typical routes:
Company/Index (list all companies)
Company/Details/{int} (details of Company {int})
Company/Create (create new company)
Contact/Index (list all contacts)
Contact/Create (create new contact, company is selected from drop down)
Now if I wanted to create a page that created a Contact in the context of a Company (from the Company detail page) so that the required company is filled in/not editable), what would be the best route of going about that, while not duplicating code where possible.Not sure if I can leverage the Contact/Create logic/view from the Company controller (and be able to route back to the Company Details page when complete), or mess with the routes to do something like Company/Details/{int}/Contact/Create (not even sure if that makes sense or would work)?There has got to be a better way then me adding my logic and view for adding a Contact into my Controller view and having it duplicated.
I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .
Is there any way to passing user information across secure connection??
I'm calling an external Web service that requires a certificate to be passed. This works perfectly fine for a stand-alone Windows Forms application, but when I attempt to do the exact same thing through an ASP.NET Web Application, it throws the following error:
"No connection could be made because the target machine actively refused it"
I found this MS article that describes what appears to be the exact issue I'm having, but it only applies to .NET 1.0:
[URL]
I'm using .NET 3.5, so surely it must be fixed by now!
I've attempted to change permissions on the certificate and fooled around with the app pool identity, but nothing seems to work.
I have a need to show sensative information but I would only like it available on screen for 2 minutes, and then after it dissapears.
Since this is part of my web application, I would like the user to stay logged into the web site before and after viewing the information, but in order to view it, I would like them to re-enter their username/password.
Are there any directions I can be pointed into accomplish this task?
we are making a project to run in ASP.Net on Mono/*nix Our problem is that we develop on Windows, and we just build and test it every so often on Mono. So we have been having a lot of trouble recently with case sensitive filenames. Everything seems to work good in Windows and then we move to Mono and it's silently broken.(as in, it builds but won't run or parts of it don't work)
How would you recommend that I detect this while we are developing on Windows? Basically, how do we make the case-sensitive filenames look wrong in our code where the code works on Windows but not *nix?
To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.
The path is [URL]
Admin is a virtual directory configured in IIS.
The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.
As requested this is the complete link button
<asp:LinkButton ID="lnkCommitAll" runat="server" CausesValidation="false"><asp:Image ID="imgCommitAll" runat="server" ImageUrl="~/Images/Grid/confirm_16.png" AlternateText="Commit All Changes" /> Commit All</asp:LinkButton>
This may be a simple question, but I'm trying to call a a value from table in my back-end SQL Server database and pass it through a querystring in the URL. For example:
I'm building a mobile web site that registers a mobile device to an account on the sign up page. After the database entry is created, I want the to get the generated deviceId from the database and pass it to a querystring in the URL such as: http://www.mobilewebsite.com?dId=22
Is this easily possible, or is it even the best solution for what I'm trying to accomplish?
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
View 1 RepliesI am building a silverlight application and need the userid (guid) when a person logs into a web application. The silverlight app runs when a user is logged in a website app. Is there a way to do this via simple javascript and html?
View 2 RepliesI am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...