Security :: Trying To Protect The Path For Application?
Sep 13, 2010i have a problem in my asp application . Im trying to protect the path for my application using this code :
Uri t = Request.UrlReferrer;
i have a problem in my asp application . Im trying to protect the path for my application using this code :
Uri t = Request.UrlReferrer;
I have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
View 2 RepliesI'm going to publish an asp.net pre-compiled web site on shared hosting account but I don't want my code to be copied and able to run on another domain. I need to check domain and if not example.com or www.example.com redirect to error page or show error as response.
EDIT: Here is my solution based on given answers
void Application_BeginRequest(object sender, EventArgs e)
{
string[] safeDomains = new string[] { "localhost",
"example.com", "www.example.com" };
if (!((IList)safeDomains).Contains(Request.ServerVariables["SERVER_NAME"]))
{
Response.Write("Domain not allowed!");
Response.End();
}
}
I have a custom ASP.NET application that I utilize for several clients that I host. Each client has a separate domain and the application is normally a child application under the root domain [URL]. The application files are the same (aspx, ascx, style sheets, images, etc.). The only thing different is the web.config file for each client. As development of the application continues to evolve, I have to update the application for each directory and this obviously becoming tedious. I am trying to come up with a method keep the application up to date. My first though is placing the application into a single physical path and creating multiple applications pointing to that path (the problem with this method is I can't have different web.config files). I am curious as to what solution others are using in this scenario...
View 2 RepliesI'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
View 3 RepliesUser downloads a document from a specified site, saves to the local disk and fills in confidential details. When other users logs on to this computer and if they try to access the file, the document should not be accessible. Also consider that the document can be saved to a common server too, in which case, no one else other than the person who downloaded and filled the document should be able to open the document.
some options to protect this document.
I have contact form and offten using this form my web site is under attck... someone install some code who try to connect using java scriptand all java scripts that I'm using in my web site are infected...
How to protect my contact form?
I have written a namespace for a guestbook for my personal website. When I use a quote(") or single quote(') in a guestbook message the system(server) gives me a warning there is an error in my SQL syntax.
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
I have tried to implement the answer of an older topic written by me in the namespace. But it gives me errors. [URL]
how to protect this namespace against SQL injections?
[Code]....
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 RepliesMay i know how to protect the bin folder dll's compiled from the Visual Studio 2005. I am doing the project in Asp.net & c#. One of My friend decompiled all the dll's and show me. Is there any procedure to make my code standard or any free third party tools to prevent from others.
View 4 RepliesWe're using an Out-of-Process Session Provider (ScaleOut) for an ASP.NET application and we've noticed that when an object that's not correctly setup for de-serialization inadvertently makes its way into session it will eventually cause the entire process to terminate.
Reproducing and handling this scenario is where it gets even more interesting.
The exception that terminates the process is raised in AnyStaObjectsInSessionState whose implementation is pretty straightforward:
[code]....
If a user clicked on a button, which runs a one minute process that MUST stay connected to the file (through the use of FileStream) for writing purpose, and he/she accidentally closed the browser. Currently, when that happens, if the user clicks on the button again, it will return an exception saying that the file is still being used. The part where I write to the file, the code for that is in a class library, which has a destructor (or finalizer, whichever), which calls a Dispose() method. It would usually take about 20 seconds before the file is free again to be used, but is there a way to make it quicker?
I'm thinking the way I'm designing my web app is not the conventional way. How do most people avoid this situation (ie. accidentally closing browser) where a file/resources are not freed up? Do they write into a SQL server instead of a flat file?
I have this file saved in the server. I do not want anyone to download with out authentication. How do I do that?
View 3 Repliesi have a search box, many text boxes which taken various inputs and save it to database using primitive methods such as "insert into....." executenonquerry etc.have read something that " a textbox by itself can prevernt attacks known as sql injections" is that true?if sohow to enable it?does it need extra coding?
View 1 RepliesI have a website that is going on a public server so I want to password protect it, but for a while only myself and a couple of others will be using it. I will eventually get it together to do it right and have the users in a database etc, but for now, I just want to put a couple of users with their passwords in the web.config and have them authenticate on a login page.
View 2 RepliesHow to protect our web.config file from external access.
I mean some sort of password protection.
1. I need to protect DLL
2. Applying time limit (trial period ) to entire application usage.
I have a requirement to make parts of forms (and sometimes the entire form) read-only based on the user's active-directory group. I already have integrated AD into the dynamic menu, so that users cannot view certain menu itmes based on their AD group - and this is working fine; however, now they want to get down to the control-level on the forms. The first way that comes to mind is for me to just grab the AD groups for the users and then loop through them, and write my own code to make controls read-only or enabled. Is this a good way to do it, or is there another way? Also, while we're on the topic, is there an easy way to protect an entire form, or maybe an entire panel?
View 1 RepliesMy Boss have given me assignment to find how a web based application developed in dotnet can be protected. As per agreement products developed in our company are assat of company and even not developers can gave the code. but still he wants to know how he can protect products in case a developer theft code and try to launch it from his home ?
View 4 RepliesI have a simple windows form app that I need to get the file path for. I am placing a config file in the same directory and I need to be able to get the path to that file.
I have used
Application.CommonAppDataPath
but that returns the path with 1.0.0.0 at the end.
and
Applicaiton.StartupPath
but that returns the path with indebug at the end
Is there anyway to get the path to just the main file directory without anything appended to the end?
Am currently work on web application..sometime i need to run my project files from diffrent computers. everytime i run my application in different computers i have to set up data source connection. how can i avoid it? can i run the project from anywhere without set connection to database?how to make it?
View 2 Replieshow to get the application path ? bin path in asp.net
View 2 RepliesI am planning to deploy an ASP.NET application to a UNC path and create a virtual directory that points to the UNC path.For example the location of the ASP.NET application would be:
\server01myFirstApplication
Instead of:
C:InetpubwwwrootmyFirstApplication