Sending Sensitive Data From Server To Server Via Client
Feb 18, 2010
I have situation where I need to authenticate a client across multiple web services. Basically each service needs to identify the client and know a few other small pieces of information about the client.
The way I have it working now is that the needed identifying information is stored in a session table in a database by the authenticating web server. The web server hands the client an string, which IDs the database entry and gets passed to the other web services. The web services then use this string to pull the needed information about the client from the database entry.
It has occurred to me that it might be possible to give the client an encrypted blob that contains the user ID and other needed information, which is rather small, and avoid using the database for this completely. The client would just pass around the blob (like the string in the previous paragraph) without needing to know what it contains, and only the web services would know how to decrypt it.
This should eliminate the need for the database to store the session information and would make the whole process a good bit simpler. With the database you have to worry about cleaning up old sessions and timeouts and so on.
So my question: is passing around sensitive data from service to service via client considered safe and acceptable? Is it possible to do this in a way that would eliminate worry about the client tampering with the data? What encryption algorithms would be good to use?
View 1 Replies
Similar Messages:
Jul 15, 2010
i have a website in our office which is a School. the website is an enrollment website which is available view internet, where the users (students) access the website to enroll almost simultaneously, select their subjects and schedules, etc.
this website is developed by someone who is no longger employed here. regular problem of the website is in times of enrollment, the students is experiencing slow processing when ever thay try to view/edit their information, subjects, etc. which are all in the database. a proposal was made and we have agreed to develop a new system that should run faster than the old system. access sql database to do Select/Update/Insert in the fastest way possible.
View 6 Replies
Oct 29, 2010
I want to send a file by converting it into binary file to the client end and then it should be read by javascript which again I am passing to the OCX method.(like my OCX method accept only the binary data so i have to transmit binary data from server side to client).
View 1 Replies
Jul 14, 2010
Im passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?
View 4 Replies
Jan 25, 2010
Let's say a control X has a template called RowTemplate.
So X's markup would be like:
<foo:X>
<RowTemplate>
<foo:Y>...</foo:Y>
</RowTemplate>
</foo:X>
My question is: How can the Y control be sensitive to the data context? I know I can use template inline tags to get access to the data context: <%# Eval("Id") %>, but I cannot pass this information to Y because template inline tags are not allowed in server controls.
So I don't know how I could use the Object's Id (Eval("Id")) in Y.
View 1 Replies
Mar 26, 2010
I have this object in my server side:
[Code]....
Now I do this on the client side, to send a typed object to the server:
[Code]....
and actually it works. The problem is that I cannot find the way to stablish this property: "public ThingDetails[] details;"
View 7 Replies
May 24, 2012
What is Web services? What is Web services? How can I Transfer the data from server to client and  client to server using XML. Need one simple Example program(C# web Application) ...
View 1 Replies
Aug 18, 2015
I want to send a email without using gmail domain but its giving error given below...
The SMTP server requires a secure connection or the client was not authenticated. The server response was: Relaying not allowed - sender domain not local
View 1 Replies
Jun 26, 2013
Now I am printing the data from model in mvc. I am also printing the documents, How I upload file how to print that particular documents which is related that particular user with the other data...
View 1 Replies
Dec 13, 2010
I have a validator on a textbox that validates against a list to ensure that the user doesn't input the same name. When testing it, if I type in the same name including the same case structure, it returns an error. If I change one letter to a different case, it doesn't return an error but rather my SQL server returns a duplicate error. How do I change the server-side validator so that it picks up duplicate names regardless of case?
View 4 Replies
Feb 15, 2011
i'm using asp.net 3.5 and my site is hosted on godaddy i have a contact us form on the site. and i have to send the contact queries on [URL] which is hosted on godaddy. whenever i try sending mails i get this error
The transport failed to connect to the server.
Description:
An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Runtime.InteropServices.COMException: The transport failed to connect to the server.
Source Error:
[Code]....
Line 250: SmtpMail.SmtpServer = "smtpout.asia.secureserver.net";
Line 251: mailmsg.Priority = System.Web.Mail.MailPriority.Normal;
Line 252: SmtpMail.Send(mailmsg);
Line 253: }
Line 254: }
i tried changing smtp to relay-hosting.secureserver.net aswell. but it didn't work. i'm using this method of my classfile's sendmail class public void SendMessage(string From, string ToEmail, string subject,string body)
View 3 Replies
Aug 19, 2010
I m having a database problem that I couldnt identify. The IIS loses connection to database once in 3 weeks. Once you restart the IIS everything is normal. Looks like IIS is fine because i can go to static pages. When I go to a page that requires database connection I get this error:
A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - Either the application has not called WSAStartup, or WSAStartup failed.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Is this a connection string problem?. because without changing anything if I restart the webserver all is fine. Is this a problem with application state?
View 6 Replies
Jul 2, 2012
I have a web application which runs perfectly in my local machine. But the same when hosted in server, for some pages (which gets large amounts of data) gives me:-
Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.-- in chrome
Server not found-- in firefox
and Internet Explorer cannot display the webpage-- in IE
I went through lot of other forums and some were suggesting to put this is web.config file
<httpRuntime executionTimeout="600" maxRequestLength="51200" />
View 5 Replies
Sep 29, 2010
I have a data entry and editing form and in every data entry or update event, I have to send an email to a dynamic list of recipients. I have been sending the email as soon as the user clicks the save or edit buttons but am thinking of first saving the data to the database, and then sending the email later. I want to do this partly to improve the response time of the application as the email sending tends to take a long time than desired.
View 4 Replies
Aug 26, 2010
I am creating a SSIS package, where I am getting all the data into the excelsheet1, which is not formatted.
So i created a formated excelsheet2, where i am giving reference to excelsheet1 cells reference.
And I am sending email by attaching excelsheet2.
I am having issue when the data is updated, but my email attachment excel is showing old data. When i open the excelsheet1 it is being updated. I don't know why excelsheet2 is not updated automatically. I am using BIDS 2005 .
View 1 Replies
Sep 22, 2010
Reposting my unanswered in technet.microsoft question?
MSDN "ASP.NET Delegation" article tells:
1) "When you configure to use a particular account as the process identity, ASP.NET attempts to delegate that account. If it is a local account that is identical (including password) to a local account on a remote machine, delegation is possible. If such an account does not exist on the remote machine, to the network it appears as the Windows anonymous account (NT AUTHORITYANONYMOUS LOGON). In addition, delegation is also possible if the account is a domain account that has access to the remote machine, in which case it uses the domain network identity of that account."
The same frequently repeated story as in case of manually/interactively accessing remote computer (server resource) in workgroup - it is necessary to create local account with the same username, the same password. But why?
If a workgroup Windows client process cannot access resources on server machine without having duplicate of such (local) account on target machine already pre-created,does it mean that client (process, machine, or user) can access server resources only by/after having logged (opening logon session) into server machine? Or, how to understand that such access is impossible without having corresponding duplicate local account on server machine?
The same MSDN "ASP.NET Delegation" article tells:
"NetworkService account. It behaves the same as the System account. This account possesses the network credentials associated with the machine account (domainnamemachinename) in the domain of which it is a member"
Does not any Windows have accounts ((NT AUTHORITYNETWORK SERVICE)? as well as many other common pre-built accounts? Why are they installed (before any joining to domain) but cannot be used for remote network access and client identification ? And what is identity used when the process from workgroup Windows under identity ((NT AUTHORITYNETWORK SERVICE) accesses a remote server?
My related questions:
domained LocalSystem vs. non-domained LocalSystem account in Windows-es ? how to check group membership of an "NT AUTHORITY" account ? Is client LocalSystem (SYSTEM) identified by target/server machine? and in which context? Window workgroup LocalSystem vs. domain (AD) LocalSystem [closed]how to better set up machine for development both in workgroup and Windows domain? [closed] interoperating with Windows domain computer from workrgroup Windows [closed] the context of local user of AD-joined machine? Is it of domain machine account or of local machine account? RunAs under domain account from non-AD Windows [closed] how to better set up machine for development both in workgroup and Windows domain? [closed] how to share the same domain machine account with multi-boot workgroup Windows setup?
View 1 Replies
May 10, 2010
in its webconfig file i have
<identity impersonate="true" userName="webserverloginname" password="webserverpassword" />
sername1= username of the system
password1 = passowrd of the system
username2= username of the the database
password2 = passowrd of the database
client system which access the database server aswell as web server
View 2 Replies
Nov 22, 2010
We have an UpdatePanel that is showing a gridview with loads of data in it. We have loads of well written sprocs that don't take very long, BUT we have a few horrible ones that take ages.
We do intend to rewrite them but in the interim we have put the ADO.NET commandtimeout up to 180s. The scriptManager.AsyncPostBackTimeout is set to 240s. We want to handle this on the serverside. One of the reports still fails (it's got a couple of nested cursors in it - someone who hasn't had SQL lesson 101 from me!).
Half the time, the nice error timeout message is shown using server side handling of the command timeout. The problem is that the other half of the time the commandtimeout doesn't seem to fire.
View 1 Replies
Nov 18, 2010
I tried myrepot.printtoprinter(1,fales,1,1) but thats working only for development machine. Not working on Hosted server!!!
View 1 Replies
Apr 29, 2010
I got an error while sending mail from server, i am using this code:
public static void SendMail(string subject, string body, string from, string to)
{
try
[code]...
This code is working fine in my local system but when i upload it on server then it gives this error. From the last 1 year it was working fine but from last few days it gives me above said error, please suggest me is there any authentication required to send mail from server (my hosting plan is with 1and1.com)
View 6 Replies
Feb 21, 2011
I'm transforming lotus note application to ASP.NET.In lotus note, we can pass the application(data) from staff to his/her manager for approval.The staff can also check status of his/her data whether the manager is opening it, approved it or not.This process can be done in real time. I mean on the staff screen he/she will see status is changing from data sent --> manager is opening --> manager accepted or manager rejected it.In the same time, if other staffs try to track this application(data) they will see the same screen with the first staff.ow, in asp.net, i'm thinking of sending data from staff to manager directly. I don't want manager's web browser need to do polling for every xx millisecond. I'm not quite too sure it can be done or not in asp.net because i'm not the WEB guy.After doing a research for a while, i found that comet may help me on that but it seems pretty hard. And I don't know it is suitable for my problem or not or someone may guide me a better idea on this.
View 1 Replies
Nov 2, 2010
Currently, I am exploring options for sending data to the client. What I am hoping for is suggestions, or a pros and cons feedback.
What I am wanting to do is query the database then send this data to a web service ( or maybe wcf ). Once there, jquery ( or another JS library ) will utilize this data to fill a grid/tree/form depending. This all seems very very basic, but what concerns me is the amount of data that can be sent. I have seen some grids that have 16K records...and what worries me is that would be WAY too much data to send.
I was just wondering how these things are handled. My current thoughts are to do a 'onDemand' loading, but my inexperience has me second guessing. Also, I know this isn't directly related to jquery, but I notice there are a lot more examples with wcf rather than webmethod/web services.Is wcf better for these types of things?
View 5 Replies
Dec 12, 2010
If I have something like the following:
<asp:TextBox id="test" runat="sever"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" ControlToValidate="test"
ErrorMessage="Required"></asp:RequiredFieldValidator>
<asp:Label runat="server" id="lblStatus"></asp:Label>
if in the code behind, I set the label to "You must enter a value if the textbox is empty" to validate it on the server side and this is fine, but if javascript is enabled, I don't want to show the client side validation and the server side label together. Is this something where I would just have to disable the client-side validators if javascript was enabled?
View 3 Replies
Mar 4, 2010
I have a javascript function that uses values from a couple of asp:textbox controls.
Code:
[code]....
I really don't understand very well intermixing client and server side data, so I kind of get the feeling I'm got something fundamentally wrong I am doing.
View 9 Replies
Mar 21, 2011
On my main page, prices are written for different products On another page, i change price of product which is listed on main page I want this change to be affected on main page instantly without postback Ajax Timer control is not a good method for checking value again and again.
View 4 Replies