Security :: Web Projects Requiring Https Capability?
Jan 10, 2010
I'm not sure how much of a novice-level question this is. But it seems a fairly basic and common task. So here goes...
I am building a web application that will require some pages, but not all, to use a SSL (https:). How do I designate a particular page to be one or the other? Or do I need to create two separate projects and just have them pass the user back and forth as needed?
I am using Visual Studio 2008, with the Web Site Administration Tool handling users and roles. However I will also be handling very secure data such as social security numbers and the like.
View 1 Replies
Similar Messages:
Oct 6, 2010
I'm bangin' my head against the wall here. I'm not even sure what I want to do is possible.
I have developed an ASP.NET app that will only be run on my local network (which incorporates a Windows Domain). It's running on IIS 7.5.I want to do this:
[Code]....
My problem is this: If I don't turn off Anonymous Authentication and ASP.NET Impersonation, I don't get the results I'm looking for. (if Anonymous is allowed, I get an empty string returned for username, and if ASP.NET impersonation is allowed, then "username" is always whatever account is associated with impersonation, like "Network Service"). If I turn those off and then turn Windows Authentication on, it works, but only after a dialog box presents itself asking for the Windows Credentials.
What I'm trying to do is NOT require the users to log in. Since they've already logged into the domain when they signed on their computer, I'd like to just allow them access to the ASP.NET application I've written, and identify who they are (based on their previous Windows login) using the line of code above. I don't need them to re-authenticate, because they're already authenticated from their domain login.I can't figure out what I'm doing wrong, or how to accomplish this. It seems the closest I've gotten to what I want so far, is to turn off all authentication EXCEPT for Windows Authentication. It works then, but only if the user first types in his/her username and password again in a dialog box. Is there any way to avoid having them type in their username and password again, but still be able to identify their domain username?
View 3 Replies
Mar 3, 2011
I have found that eventually the login control I place on my page will not authenticate. The solution appears to be to delete it and replace it with a new instance. Obviously this is not tenable. Can someone enlighten me as to why it might stop working for no apparent reason such that simply deleting it and putting a new instance in place will restore functionality? Update: I find it very sensitive. I just did the above described action, got it working again, found that the Authenticate event was no longer properly wired and tried to fix it by removing the '1' from the Authenticate1 in this line. That was sufficient to kill the control which required me to once again delete it and replace. I cannot believe the login control is that sensitive or no one would touch it. What gives?
onauthenticate="Login1_Authenticate1"
View 2 Replies
Jan 5, 2011
I want to know that, is there any source code security assessment module in Team Foundation against security issues? If it is there, can somebody pls point me to the documentation of it, so that I can caliberate it. I'm personally not able to find it, through google.
View 1 Replies
Jan 31, 2011
I just moved to a new PC and installed VS 2010. I copied all of my websites over from the old machine and now when I open the old websites on the new machine, they do not show up in my recent projects list on the start page. New websites that I make do show up there but the old ones do not. This is very inconvenient. Is there a way to make old projects that I open show up in the list?
This brings up another question. Is there a way to make a shortcut that will open VS2010 up with a website already loaded so that I don't have to go through the file open dialog every time?
View 3 Replies
Jul 29, 2010
I've seen some teams that start breaking into multiple projects from the beginning and others build behemoth single projects. The large project teams say that one massive project is easier to maintain than multiple smaller projects.
View 4 Replies
Nov 1, 2010
I need to create a sample project (for educational purposes) and I'm faced with the choice between Web Site Projects or Web Application Projects. This feels similar to the choice between C# and VB. My question isn't about the differences between these 2 choices, but rather which is more popular (relevant, recognizable) to the general ASP.NET community.Has anyone seen any statistics in terms of adoption/usage of these 2 different project types? What project type should I use to reach the widest audience?Update: I created a poll on this subject - http://poll.fm/2e6cy
View 4 Replies
Jun 7, 2010
I have a multi-tiered application. I would like to publish the class libraries to UI developers to let them add to their web or windows projects to add all the functionality.
I would like to restrict access so only a certain project can be referenced. The reason is so that they do not refer to the data access layer directly and start making calls that would bypass the business logic built into the business tier.
UI->>Business Logic->>Data Access
So in other words, BL and DA are deployed as compiled assemblies. BL references DA. UI will reference BL, but I would like to strictly prevent any other project from referencing DA directly.
View 1 Replies
May 27, 2010
Initially, in my solution I had one project, and had set up all that is required for asp.net security, and that includes users and roles and access rules, etc. All of that was and still is working fine.
Now I added another project to my solution, and my first project points to pages in the second project.
The problem is that it seems like the users and roles are not being transferred accross projects. Not sure if I am explaining my problem correctly...if not, feel free to ask...
Its my first time trying to manage users and roles accross projects within a solution.
View 1 Replies
Feb 3, 2010
We have two different websites that run two seperate web sites (a backend and a front end) for our peice of software. The way we do our authentication is to put the user id into the session when the user logs in, all the pages on the site inherit from one base page if this base page cannot find this value in session it kicks the user out to the login screen.
What we want to be able to do is have a link on the front end after the user logs in and when they click on it it takes them(redirects them) to the back end. However I cannot think about how to do this in a secure and sensible way. I did think of putting the users username and password dynamically generated into the hyperlink that takes them from the front end to the back end. Would this be advisable. It will be clear text but then again we done use ssl in any case just plain forms authentication. I mean I will hash the values anyway but still be sending them. I suppose is there a way to share a session across two app domain without too much dificulty?
View 2 Replies
Feb 23, 2011
I have very much experience of asp.net developement. But i have never dealt with https. In my one project i require 2/3 page with https. So please any one can explain me how i can start with https. Please explain me in detail about about developement cycle, and any other if there is any settings.
View 2 Replies
May 31, 2010
Is there a way to know beforehand if a given page will be served in HTTPS. To be clear I don't want to know if thecurrent page is using HTTPS or not.
View 3 Replies
Aug 13, 2010
What I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
View 4 Replies
Dec 23, 2010
Do you know any web site with an invalid https certificate, so I can test if my browser detects it?
View 1 Replies
Mar 29, 2010
I have a web site that is running under HTTPS on my web server, On my master page I have an image and no one can see the image accept for me if I access the web app from one of my two pc's.
What would cause the users not to be able to see the image on my default page? I have the site running under https and using the asp.net membership controls.
In my page I have the image like this <img src="../App_Themes/Images/CompLogo.gif"/> and no one can see it but me.
View 3 Replies
Jan 7, 2011
I have setup an ASP web application that uses SSL to secure the login pages, but when I try to access the site using HTTPS on both local test sever and deployment server I get an error stating the connection was interupted
View 3 Replies
May 12, 2010
I have been looking for a good article which will help me in creating secure asp.net application.
View 1 Replies
Jul 17, 2010
first i want to know most of the e-mail like gmail,yahoo,hotmail etc.. they are all uing https when we comes to login area.. why there are using on that time only https...i also need to implement same in my web application...
View 4 Replies
Jan 26, 2011
I have a part of my website that uses SSL, and a part that does not. I began having issues recently where the link that takes you to the https part of the site would keep getting rerouted to http. In IIS I have SSL on and required for the members directory, and the certs are all fine. My site is http://mcsd-sc.mcbarons.manheimcentral.org/. I first started by routing the pages directly to the secure part using the <meta http-equiv="refresh" content="0;url=urlgoeshere" /> on a redirect page in the /members directory and this was working perfectly. When my issues started, changed it and made the link just go directly to the members part of the site with the https included in the URL (this is how it is now). Now when you click the link it takes you to the member page without using https, thus throwing an error because I have SSL required on that part of the site. When you look at the code in IE, it just shows the direct link using plain HTTP. When I open the code directly on the server, I see the URL beginning with HTTPS. I've been having a lot of issues lately with updated content not refreshing itself, and rebooting the server does nothing. At this point I'm stumped. I think it might be something in IIS, although I haven't touched it in a long time, unless a recent security update messed it up, which is the only explanation I can think of that would screw it up all of a sudden. The site works perfectly when you manually type https. I thought it might have also been my cache, but I just tried it on a computer that I haven't ever gone to the site on before and I got the same issue.
View 5 Replies
Apr 12, 2010
I am new to .net and i'm stuck with the following issue.
I have a windows GUI application and i need to communicate with a firewall using HTTPS protocol. I did some search on google and the results retrieved showed to use HTTPWebRequest and HTTPWebResponse objects.
But does this objects us HTTP protocal or does it work for HTTPS also. also is SSL required for HTTPS protocol. For SSL we need some security certificate. How to retrieve that certificate. Will a certificate need to available in each client machine
View 1 Replies
Dec 2, 2010
I have a site which is not a secured connection i.e. the URL starts with http://
I want this site to be migrated to https://
View 7 Replies
May 10, 2010
Okay, so I have a site which I'd like to use my SSL certificate for always. So I want all users to be forced to the https version of any url they are directed to.I used this code in my global.asax file:
[Code]....
I've also tried it in the 'Application_BeginRequest' function also. Basically, I have two directories that are secured via Windows Authentication against my domain. if you browsed to the directory (ex. http://www.domain.com/secure) it tries first to authenticate
then redirect to https://www.domain.com/secure. In this case it will ask for credentials twice one right after the other. Is their a way I can have the user redirected before Windows Authentication kicks in?
View 5 Replies
Feb 15, 2010
I am having a site which is now running with http. I need to convert to Https. can anybody help me out how to convert a site from Http to Https.
View 3 Replies
Aug 20, 2010
I've set in the web.config:
[Code]....
This works fine. If there is no ssl connection, the login form doesn't continue. But I would like to check if ssl is active (in codebehind) and, if it's possible, to automatically the user to the https page if he's currently on http. (I could do this job by manually redirect with page.response("https://url... login.aspx"); but this is not really generic. For example if the webapp is moved to another domain it doesn't work anymore... I'm looking for something like: FormsAuthentication.RedirectWithSSL();
View 2 Replies
Oct 2, 2010
im using wcf how can i make sure to my service file from client side.
my web service file (service.svc) should not acceable on client side....on https security(ssl)
View 6 Replies