I don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?
View 1 RepliesI'm trying to write a small application to collect(Scrape) one piece of data from a web site. I would like to be able to simply run the app and it will open the page, find the one piece of data and display it. So far so good...my problem is that the web site is a secure site, meaning I have to provide a user name and password. I've searched all over the web, found many discussions but have yet to find anything that provides specifics on how to accomplish this. I understand a little bit about tokens etc, but I'm really looking for a detailed description of how to do this. Please feel free to direct me to a different forum if I'm in the wrong place.
View 3 RepliesRequirment is to stop more than one user to login at a time using same user id.I am storeing user id in session. I searched the internet and found some ways but somehow they do not work in these situations:If javascript in brower is turned off. If user do not click logout and directly close brower.
View 3 RepliesI have a doubt regarding secure cookie.
I have four servers 2 App Server(behind firewall) and 2 webservers and each server is accessing through Load Balancer.
App Server is a modules for Data Access layer and webserver is for Presentation layer.
My Issue is My Load Balancer has Secure certificate installed but certificate is not installed on servers and I want to make cookie as secure in site , as per my understanding " cookie should be set as secure only for SSL site other ways new session will get create every time" so should I install SSL certificate on webserver to make my cookie as secure or will it work properly even if only Load Balance has SSL.
I'm creating a ASP.NET/SQL Server 2005 Express app which requires users to upload supporting attachment or documents in .docx and .pdf format. The web server is IIS 6/Win 2003. I'm trying to come up with a good way of securing these documents so anonynous users cannot see them and creating a separate Windows login for every user is not an option. SQL Server Express does not have blob data types. I'm storing each user's authentication information in the SQL database and not really using forms authentication.
View 1 RepliesI have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.
When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.
However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.
Here is the code for the cookie
[Code]....
And then on the secure site this is how it gets the basket ID from the cookie
[Code]....
But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
We use Captcha control in a registration form that we make full client validation for all fields in JavaScript ( JQuery ) beside server validation .. I tried a lot of ways but all will write the Captcha value in JavaScript that can be accessed by anyone :( I search if is there any way that allow me validate Captcha value in client side using JQuery in secure way or it can't be done ?
View 3 RepliesI have precompiled and encrypted my webconfig. What else could I do to make my site secure.
View 2 Repliesfiletoread = Server.MapPath("\servernamesharefile.csv")
filestream = File.OpenText(filetoread)
readcontents = filestream.ReadToEnd()
It works fine if I put the file in the local directory and use "filetoread = Server.MapPath("file.csv")", but won't do it over the UNC path.I'm guessing the problem is security related but can't find any info related to it, do I need to somehow specify a username/password somewhere ?
I want to develop a site with secure login. i followed various tutorials, and created a site, based on the default master page. I believe i set up the asp.net configurations correctly. under security, changed authentication type to "from the internet", added roles, added users based on those roles. when i compile the project and test the log in, it works fine. but, in visual studio 2010's Solution Explorer the App_Data folder is grayed out and i cannot get into it to view the database. how do i view the tables and create new tables?
View 4 RepliesI have an ASP.net 2.0 website that sits on a Windows XP SP3 box on IIS 5.1. The website needs to go across a UNC path to another server to grab an image file. Both boxes are in the same workgroup but no domain is setup. I have created the same user on both boxes with the same password and the website is using anonymous access using that account. The account is an admin on both boxes(i know security risk but this is for testing). File.Exists() just keeps returning false but the file is there. I suspect it has something to do with the ASPNET account but i'm at a loss. I've tried aspnet impersonation using that account as well with no luck.
View 4 RepliesI need to get the calling page url referrer and host name. I works for me if the calling pages are within the same network. When a page is called from an internal site that are outside of my network, I got the following error:
Object reference not set to an instance of an object.
It failed on this line:
string userURL = Request.UrlReferrer.ToString();
I have a internal site used by employees of my company that uses ASP.Net 3.5, Ajax and the Ajax Control Toolkit and is secured using https and requires a client certificate to gain access to the site. We are getting the following error when updating drop down lists on the very first page of an application wizard we have built. The page uses an UpdatePanel with PartialPagePostbacks enabled.
Sys.WebForms.PageRequestManagerServerErrorException:
An unknown error occurred while processing the request on the server. The status code returned from the server was: 413
ScriptResource.axd Line: 5
Code: 0 Char: 62099.
I have increased the maxRequestLength value to 8192Kb (which is way overkill), the readAheadBuffer to 4096Kb, set all the timeouts I can find, and this problem keeps showing up for my users. I can reproduce the error if I let the initial page site idle for 2-3 minutes before doing the partial page postback to move to the next segment. I have been chasing this now for a couple of weeks, and keep coming back to the same sites with the same answers.
In asp.net mvc project I am using MYSQlMemberShipProvider. Now I want that instead of reading the connection string from web.config file, it will read the connection string from external file every time. So that I am implementing the cutsom mebership provider class, this class inherits the MemberShipProvider class. But the problem is that if I inherits the MemberShipProvider class then I have to impelment all of its method in my cutsom membership provider class, But I want to use all other inbuilt methods of MemeberShip. What can i do. I only want to add the code like below:
public class CustomSqlMembershipProvider :MembershipProvider
{
public override void Initialize(string name, NameValueCollection configs)
{
base.Initialize(name, configs);
Connectionstring objProducts = // redaing the connection string.
}
}
But on compiltaion it is giving me the error does not implement inherit abstract member.
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
UserName
Email
PasswordQuestion
Comment
IsApproved
IsLockedOut
LastLockoutDate
CreationDate
LastLoginDate
LastActivityDate
LastPasswordChangedDate
IsOnline
ProviderName
)
but i can't see a way to export the following info for example;
<profile enabled="true" defaultProvider="AccessProfileProvider">
<providers>
<add name="AccessProfileProvider" type="AccessProviders.AccessProfileProvider" connectionStringName="ProfileAccessProvider" applicationName="MandS_2010" description="Stores and retrieves profile data from an personal Access database."/>
</providers>
<properties>
<group name="SupplierProfile">
<add name="CompanyName" type="String"/>
<add name="HoldingCompany" type="String"/>
<add name="Address" type="String"/>
<add name="Telephone" type="String"/>
<add name="Fax" type="String"/>
<add name="TypeOfSupplier" type="String"/>
<add name="DirectSupplierCode" type="String"/>
<add name="Alist" type="String"/>
<add name="otherCode" type="String"/>
</group>
I have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.
When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.
However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.
Here is the code for the cookie
[Code]....
And then on the secure site this is how it gets the basket ID from the cookie
[Code]....
But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.
I have made an application where I am displaying the .pdf , .doc , .docx files. These files are uploading from an Admin Panel.When user place a mouse pointer on download icon provided in front of every file, it shows the complete path where it’s get saved.I want to avoid this path visibility even when user place mouse on download icon and even if it Inspect an element (as most modern browser will have this functionality).
View 1 Repliesi am creating a web app for a small buisness enterprise in which i have added a node in my menu (stocks) accessible to limited users
every time a user try to access this node , it will ask for his/her credentials. iam using asp.net login control( in built ) for this . Also i used
<authentiaction mode='forms' />
<authorization>
<deny users='?'>
</authorization>
for these pagesin my web.config file now apart from that , how can i made it more secure using asp.net membership provider.
I would like to send email securely to third party with attachments containing sensitive info. The website is configured with SSL. I'd like to know how to send email securely via asp.net app.
View 3 Repliesi have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 RepliesI've got IIS 6 with a self-signed certificate installed. This is now securing the whole site (all urs are HTTPS). How do I only apply HTTPS to logged in areas, leaving publicly viewable data with HTTP?
View 8 RepliesI'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if:If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it?If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?
View 5 RepliesI'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
From what i know Random() is initialize to the current time. If two connections hit during the same second i should get the same two random numbers? With a large site that can be likely. Locking is bad so how should i solve it? note: the number is used for the session id.
-edit- i am stuck using a long. It feels wrong to shorten a 128bit GUID