I need to get the calling page url referrer and host name. I works for me if the calling pages are within the same network. When a page is called from an internal site that are outside of my network, I got the following error:
Object reference not set to an instance of an object.
It failed on this line:
string userURL = Request.UrlReferrer.ToString();
I have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.
When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.
However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.
Here is the code for the cookie
[Code]....
And then on the secure site this is how it gets the basket ID from the cookie
[Code]....
But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.
I have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.
When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.
However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.
Here is the code for the cookie
[Code]....
And then on the secure site this is how it gets the basket ID from the cookie
[Code]....
But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.
I have two websites one in ASP.Net and other in PHP.I want that if a person logged in on one website then he gets a link for second website. When he/she click on that link his userID is passed to second site. If i am using query string then it is security lack. Can I use web Services for that. How I make web service secure. Is there are other way of doing this.
View 8 RepliesExample scenario:
User login has a list of associated 'accounts' it has access to... this list of accounts is stored in a database table, say tblAccountAccessControl, something like:
login, accountID
userA, account123
userA, account456
userA, account798
userB, accountABC
userB, accountDEF
etc..
This info is used throughout the web application and determines the 'domain' of information the particular login has access to. For example there are many other tables that have the 'accountID' field and whenever a page pulls data from the table it only pulls data that the currently logged in user should be allowed to see, based on that tblAccountAccessControl data.
The security question:
Do I need to query the database every time I need to get this list of allowed accountID's? I was about to use a plain old query string to pass a particular accountID to another page but quickly caught myself as I realized that would be a major security flaw (the receiving page was going to use that accountID to grab info from the database, and there would be nothing preventing a user from simply typing in a url manually to get data from an accountID they are not supposed to be allowed to view). So I then thought I'll just store the list of accountID's in a session state variable so they will be carried with the user throughout the session.
But then I remembered there are tools out there that allow you to easily intercept and modify asp.net viewstate information and I'm not sure if that would included session state variables, but I'm guessing they would. Is there a way to create a secure query string? If I used session state would that session state information be exposed and modifyable by utilities out there? Am I just stuck having to query the database every time I need this info to assure security? What about encrypting it and then storing in session state variable (just thought of that one)?
How do I call Page_PreRender? And where is it called from?
Here's the code I want the Page_PreRender event to contain:
DropDownList oddl = (DropDownList)Page.Master.FindControl("ddlSystemsMain");
if (Session["LastSystemUsed"] != null)
{
oddl.SelectedIndex = (int)Session["LastSystemUsed"];
We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else.The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal.At this point I'm not yet sure what technology or authentication mechanism the 3rd party are using but just wanted to clarify what the possible options might be.If we call our hosted site B, and their portal web site A,as I see it we could:Check the referrer for all requests to B, unless they've come from A they can't get inCheck for a specific cookie (assuming A uses cookies)
View 2 RepliesIs it possible to cache a hole site?ll its pages, images, js, db data etc...If so is it go/bad idea?
View 2 RepliesI have a site that I am trying to extend how long a session stays open even though the user is inactive. I have this set in my web.config
<sessionState mode="InProc" timeout="720" />
And this is set it IIS
Time-out (in minutes):
720
But it is still timing out after like 15 minutes.
asp.net.2 I am trying to update the website but the cache kips on working. How can I relies the cache on site.
View 7 RepliesI need to save how many times (seconds / minutes) each user spend in my site from his enterance to my site till exit it. How can I do this?
View 9 RepliesI´m about to program a common application/website scenario. It contains pages which are presented to users, and some business logic behind, with a database connection class.
My questions are:
Q1: Should the database class be singleton? If so, why? Because does it even matter when every single user is in their own process on the server, and therefore each user has their "own" singleton database instance?
Q2: How would you normally direct users around the site? Would the Default.aspx page create instances of the required classes? And when the user is directed to a new page, how would you normally refer to these instances?
Q3: What kind of general information do you save in the Session variable? Is it a big no-no to save class instances?
I am wondering if it is possible to clear a session variable if the user navigates away from my site.
My example is I have a session storing the logged in user. This is checked for user access to each page.
If the user goes to another site (e.g. google) I want them to relog into the site.
This is to prevent others getting access to a users account if they use the same pc minutes.
I do have a logout that performs this and I know that it is impossible to make users use it! :)
l am facing a problem with session.
If many users access the site, the session gets crashed and data which i store to access across pages is getting lost.
a best way to store data (as session does) so that i can use the data across my web application.
I have a web service that is set as secure via the web config:
<authentication mode="Windows" />
<authorization>
<allow roles="METWeb-Admin"/>
<deny users="*"/>
<allow users="METJoeUser;METJoeSmith"/>
</authorization>
And also in IIS 7 (Windows Server 2008) it has the following set for Authentication:
Anonymous Authentication:Disabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled
The anonymous site I am calling it from in IIS7 is:
Anonymous Authentication:Enabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled
In the Anonymous web site, I call the secure web service via:
moms.momService myMom = new moms.momService();
NetworkCredential netCred = new NetworkCredential(@"username", "password");
strStatus = myMom.createBackupDirectoryAndPrivs(sData);
Everytime I run this, it returns as Unauthorized. I have made sure this user is in the Web-Admin AD Group. I also tried adding the user as an Allow User but still unauthorized. I am pretty sure the problem lies somewhere in IIS but not sure what else to check.
BTW: For what it's worth, if I run the Anonymous site via VS2010 development on my dev box, and call the secure site using above code, it works fine. This is why I am thinking IIS on the PROD server.
I have ASMX services for my web application that I would only like available to the same application.Is there a way for the web service to only be accessible by the same application, such as relative/absolute path restrictions?
View 3 RepliesI currently have a asp test site setup which when the user clicks on the login link it opens the standard asp.net login page (login.aspx) within a modal telerik RadWindow. I am calling this page using javascript and this works fine.
The challenge I have now is when a user clicks on a link within the page if that link points to a secure section the login screen loads in the main frame of the site vs. a pop-up. I realize why (aka my js funciton is not being called) my question is to work around this would the correct/acceptible approach be to call a method from each link/button that tests for user authenticaiton? If the user is authenticated then redirect to the page otherwise call the javascript funciton to open the window?
[code]....
when we go for client and server side state management in asp.net
View 2 RepliesI have precompiled and encrypted my webconfig. What else could I do to make my site secure.
View 2 RepliesI want to develop a site with secure login. i followed various tutorials, and created a site, based on the default master page. I believe i set up the asp.net configurations correctly. under security, changed authentication type to "from the internet", added roles, added users based on those roles. when i compile the project and test the log in, it works fine. but, in visual studio 2010's Solution Explorer the App_Data folder is grayed out and i cannot get into it to view the database. how do i view the tables and create new tables?
View 4 RepliesI don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?
View 1 RepliesI'm trying to write a small application to collect(Scrape) one piece of data from a web site. I would like to be able to simply run the app and it will open the page, find the one piece of data and display it. So far so good...my problem is that the web site is a secure site, meaning I have to provide a user name and password. I've searched all over the web, found many discussions but have yet to find anything that provides specifics on how to accomplish this. I understand a little bit about tokens etc, but I'm really looking for a detailed description of how to do this. Please feel free to direct me to a different forum if I'm in the wrong place.
View 3 RepliesI am doing a POC of making my website run faster. Currently it stores huge object data in Session while passing information from one page to another. What I was thinking is to use shared methods and properties instead of session. It works, but wanted tocheck if this is an optimum way to do it. Below is the code that does not use session but still pass object data from one page to another:
[code]...
i have a form on page1.aspx with several controls (textbox, dropdownlist, etc).on Page1 PageLoad event i load data from database and performe databinding.From Page1 a user can, by clicking a specific button, move to Page2.aspx to insert some details and, after saving details, he returns to page1.
if save changes are made on control on page1 before save them to db, obviously, these are lost on return from page2 (because are reloaded on pageload from db).How can i save control status between pages round trip?
i need to know the full concepts state manegemnt in asp.net,..in which site i will get the correct concept for state management....
View 4 Replies
