URL Giving Away To Much Infomation?
Jun 16, 2010
I currently work on a timesheet portal. One of the features is that as employees are submitting requests an email is sent out to the supervisor that lets the supervisor see that they have a request to approve. In this email is a link to the request that the supervisor can click on to take them to the link.Currently it looks like this.
http://timeportal.fake/viewrequest.aspx?ID=555&RequestType=2&Role=5
the way it was written is that with the information that is given a user could manipulate the system to allow them to approve one of their own requests as their supervisor. While this has yet to happen, I want to prevent this from happening. Is there a way to create the link without giving away all the information? When you login currently the system keeps all the info in a session. But when you try and follow the link the system would take you to the request page as an employee, when it should be supervisor. This confuses the user and they logout and back in going through the menus to get to the requests and in the right state.At this point I would rather just have them goto the main menu, but that does not seem to be an option that everyone can be happy with. What other options could we try?
View 12 Replies
Similar Messages:
Mar 16, 2010
I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")
I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).
Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )
Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.
(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.
View 7 Replies
Dec 4, 2010
What I want is..If culture is en-US then
string dateFormat="MM/dd/yyyy";
string timeFormat="24.00 hrs";
If culture is en-GB then string dateFormat="dd/mmyyyy";
string timeFormat="24.00 hrs";
and so on for other countries..Now how do I get these date and time format values ? What are the standards? Like which all countries use similar date/time formats and which ones don't ?ok I tried this :- DateTime myDate = new DateTime();
string us = myDate.ToString(new CultureInfo("en-US"));
string us gets value =1/1/0001 12:00:00 AM
Now how do I extract "dd/mm/yyyy" and "24.00 hrs" out of this...in my Dateformat column in my Table... I want to store STRINGS such as dd/mm/yyyy or mm/dd/yyyy NOT dates..In my TimeFormat column in the table, the values to be stores are STRINGS too, like I need to store either "24:00hrs" or "12:00hrs"
How do I do this now ?**using ShorTimePattern returns these values as h:mm tt and HH:mm
If I want to store the values in my DB exactly as "24:00hrs" and "12:00hrs", how do I use these values..h:mm tt and HH:mm,which one is for 24 hr format and which for 12 hr format ?**I want the information about Decimal Separator and Thousand Separator too based on the CultureInfo...whats the property for that ?
View 3 Replies
Feb 8, 2011
I'm basically trying to get webcontrols to talk to one another.I have one WUC that wants to get information from another.In ControlB's GetDataFromControlA method
public List<ControlBData> GetDataFromControlA()
{
ControlA c = Page.FindControl( IdOfControlA) as ControlA;
if( c != null)
{
return c.Data;
}
...
}
At code time ControlB knows nothing of ControlA...so ControlB cant access its members, and the above wont compile.
I'm thinking I have to use methods in the page to get the controls talking to one another...
View 3 Replies
Sep 22, 2010
I've read all of the examples and I've yet to figure out how to get information out of the web.config file using applicationSettings (as opposed to appSettings). I have the following for my configSections:
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="ExcelREST.FDAllUpAvailabilityTable.Settings"
[code]...
Now, I suspect that I may be making an assumption that's not valid; namely, that the appropriate classes will be generated to access my configuration information by Visual Studio (2010). I've simplified the example in that I really want to have several <section name="..." > within configSections.What (probably obvious) step am I missing here? (I'm coding in C# and this is an ASP.NET 4.0 MVC application.) I'm about ready to bag it and just go with the simplistic appSettings.
View 3 Replies
Jan 22, 2010
i do have an app_code folder, which contains a base.cs, which is intented to have its class page_load to override other .aspx-files (without masterpage.master) when the page_load-class of these files is loaded. i wrote the class in base.cs as "public override page_load", but this gives an error when compiling. what am i doing wrong?
View 6 Replies
Apr 26, 2010
whats wrong with the below code, its throwing me an error of
Compiler Error Message: CS1002: ; expected
$(document).ready(function() {
$('<%=StartDate.UniqueID%>').datepicker({ showOn: 'button',
buttonImage: '../images/Calendar.png',
buttonImageOnly: true, onSelect:
function() { },
onClose: function() { $(this).focus(); }
});
});
<label for="sd">StartDate:</label>
<asp:TextBox ID="StartDate" runat="server"></asp:TextBox>
error
The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).
View 2 Replies
Apr 7, 2010
This works perfectly in Firefox but doesnt work in ie i get the following error "Line: 640
Error: Object doesn't support this property or method"
Here is my code
<asp:TextBox ID="calendardatedob" CssClass="calendardatedob" runat="server" AccessKey="n" TabIndex="4" MaxLength="40" /><span
class="req">*</span> e.g dd/mm/yyyy
Here is my jquery
$(document).ready(function() {
$("#ctl00_PageContent_calendardatedob").datepicker();
});
im referencing these
<script src="../../assets/js/jquery.min.js" type="text/javascript"></script>
<script src="../../assets/js/jquery-ui-1.8.custom.min.js" type="text/javascript"></script>
View 1 Replies
Jun 14, 2010
In my C# asp.net 3.5 application I am using RSS Feed to get current updates of my website. Its working fine and when we subscribe the feed also its updating the data as needed. Now our application is deployed in cloud. There also this RSS feed is opening and showing the data. But When I say Subscribe to this feed Its giving diagnose error page saying Normailization error occured and can not display the page. Let me know how to work with RSS feed in cloud environment.
View 1 Replies
Jun 30, 2010
I am using simple windows.open function to open up a popup window. While teh same is working fine in another page.
Basically there is a user control and that user control has simple table. In there I am using a link button where ONClientClick I am using windows.open('some.aspx'). But it is giving error like Stack OverFlow at line No.
I am unable to get the basic meaning if this thing, why this error can generate and what it signifies?
View 1 Replies
Jul 28, 2010
We are using the update panel in the page and opening a details page on a link click from the grid on this page. This is working fine in IE6, now we are migrated to IE7 and suddently on some machines it is giving following error. On the other machines its working fine.Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server.The status code returned from the server was: 87.We are not getting any info related to the status code 87.Also on the javascipt error it is giving error "The download of the specified resource has failed"
View 4 Replies
Apr 5, 2010
I m displaying all errors in a Listbox. and I set the listbox size as the listbox count that means..no of errors. It is very good but the problem. is if the error is one, it is displaying and giving dropdown at the end. I dont want that dropdown.
View 4 Replies
Jan 8, 2011
I am trying to create url routing like this[URL] but I am having few questions , first why he is adding lines to the web.config , I tested it and it didnt appear that they're doing something as I commented them and nothing major appeared second I am having this line of code that is crashing var display = BuildManager.CreateInstanceFromVirtualPath(_virtualPath,typeof(Page)) as IProfileHandler;
when casted as ihttphandler it's working , but when I am casting it to iprofilehandler(which is implemeting ihttphandler) it's giving null !
View 2 Replies
Mar 29, 2011
iam using calender control in asp.net 2.0 as it is using master pages.. iam opening a window form content pages.. on window.close it is giving me null object as its not getting form name code on content page:
<a onclick="openwindow();" ahref="#">
<img src="Images/calendar.gif" style="width: 20px; height: 20px" border=0/></a>
<input ID="Text1" runat="server" readonly="readOnly" type="text" />
function openwindow() {
window.open('/Calender.aspx', 'calendar_window','width=154,height=188');
}
code on opened window from content page
protected void Calender1_SelectionChanged(object sender, EventArgs e)
{
string strjscript = "<script language='javascript'>";
strjscript += "window.opener." + HttpContext.Current.Request.QueryString["formname"];
strjscript += ".value = '" + Calender1.SelectedDate.ToString("yyyy-MM-dd") + "'; window.close();";
strjscript += "</script" + ">";
Literal1.Text = strjscript;
}
protected void Calendar1_dayrender(object sender, DayRenderEventArgs e)
{
if(e.Day.Date==DateTime.Now)
{
e.Cell.BackColor = System.Drawing.Color.LightGray;
}
}
View 1 Replies
May 28, 2010
My issue is similar to ASP.NET Debugging Timing out with IIS except that I'm using the built-in ASP.Net Development Server with VS 2010.If I pause for more than about 10 seconds in the debugger, IE7 "disconnects" from the web server with the error message Internet Explorer cannot display the webpageHowever, unlike in the similar question, the debugger is still running. If I refresh the browser it will post that refresh to the server and I can debug the page from the top again.
Is it possible to configure things so that IE7 waits (much) longer before giving up?If it makes a difference, I'm launching IE using the "Start external program" option and passing a localhost URL as the command line argument (since Chrome is my default browser). I also specify a specific port.
View 1 Replies
Jul 26, 2010
I am getting security exceptions since I am using ajax control tool kit I am falling into security exceptions. So I want to set full trust to the folder on my serverso when I use the below command I am getting ERROR: Invalid Label Or Name
error. ( I am typing this command from my local machine)
caspol -m -ag LocalIntranet_Zone -url
\server1webrootTestapp* FullTrust -n "Test" -d "Description"
I dont know If I need to give any specificname so I just add "TEst" and "description" for both -n and -d
View 2 Replies
Aug 9, 2010
I m trying to use collapsible panel extender from ajax toolkit in order to collapse and expand gridview.I have written the aspx page for it..but when I am running the program i m not able to view the grid in expandable and collapasable form ...it is displayed in a normal way...
I am not getting where i m getting wrong...
here is my aspx page...
[Code]....
View 1 Replies
Apr 5, 2010
i want to use group by
var origina = (from m in _db.MeSetgroup by m.Categoryselect m)
but it have error in. how can i use group by in mvc?
View 6 Replies
Aug 3, 2010
I am using AjaxControltoolKit.dll(3.0) with VS2008 C# application.Any webform having AjaxControltoolKit tools like ModalPopUp,AutoCompelte,etc.Gives Following error on Debugging:""
View 2 Replies
Oct 20, 2010
i placed ,my asp.net application in FTP server,and database in another remote server using aspnet_reg.sql in command prompt.
here
im getting an error in Roles,i tried executing on the same server with out roles its working properly and retrieving database.
here is my code of web.config file.
<connectionStrings>
<add name="mydata" connectionString="Data Source=192.101.08.2;Initial Catalog=xyz;Persist Security Info=True;User;Password=password1" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<roleManager defaultProvider="AspNetSqlRoleProvider1" enabled="true">
<providers>
<add name="AspNetSqlRoleProvider1" connectionStringName="mydata" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider1" connectionStringName="mydata" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<membership defaultProvider="AspNetSqlMembershipProvider1">
<providers>
<add name="AspNetSqlMembershipProvider1" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="mydata" enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
<add name="MyMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="mydata" enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
-------------------
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Line 41: <system.web>
Line 42:
Line 43: <roleManager defaultProvider="AspNetSqlRoleProvider1" enabled="true">
Line 44:
Line 45: <providers>
View 1 Replies
Sep 3, 2010
i am using the concept of sending email through asp.net on click of button.but i hv to give the email id along with the password to send the email.Is there any way of sending the email without giving the user password of email in the web config as the client may refuse to give its password to developer because of security reasons.many sites like asp.net send email to user without asking their user password how it is possible
View 4 Replies
Aug 27, 2010
I'm working on an auto-fill feature for a form. Everything works perfectly except for filling in an image beside a file upload control. I know you can't set an upload control, so I'm setting the imageurl with the path and using that instead. The problem is, when I add the path in the code behind, it's messing up the space character (%20) in the path.
for example what should be:
file:///S:/Projects/Bulletin_Mugs/CBProject/Brown,%20john%2012-11-1981.png
becomes:
file:///S:/Projects/Bulletin_Mugs/CBProject/Brown,%2520john%252012-11-1981.png
Here's the relevant code: [Code]....and here's the path as is in the database:
S:/Projects/Bulletin_Mugs/CBProject/Brown, john 12-11-1981.png
View 6 Replies
Apr 11, 2010
i'm using visualsudio2005 c#and this is my config file that in the member folder :
[Code]....
and i gave my user the role .... and when i sign in as a member role user and try to access a page in this folder it gives me Error 404 ...
View 4 Replies
Jan 8, 2011
I am working on a ASP.NET application that uses ASP.NET MVC.I tried naming one of my controllers "AdminController" meaning I typed "Admin" in the new controller text box and it filled out the controller part all by itself of course.This controller never worked until I changed it's name. If I changed the name to anything else it worked with no problems.I looked inside my Global.asax.cs file where the routes were configured and I found no routes leading to it.I tryed adding a route to this new controller like this:
routes.MapRoute("Admin", "calcul/SomeAction",
new { controller = "Admin", action = "SomeAction" });
and it worked but then mysiteadmin would only get routed to that specific action.I renamed the controller to AdminSection and it works but I don't understand why it didn't work before.
View 2 Replies
Sep 9, 2010
I have a log in control that has this set in the aspx:
View 2 Replies