URL Giving Away To Much Infomation?

Jun 16, 2010

I currently work on a timesheet portal. One of the features is that as employees are submitting requests an email is sent out to the supervisor that lets the supervisor see that they have a request to approve. In this email is a link to the request that the supervisor can click on to take them to the link.Currently it looks like this.

http://timeportal.fake/viewrequest.aspx?ID=555&RequestType=2&Role=5

the way it was written is that with the information that is given a user could manipulate the system to allow them to approve one of their own requests as their supervisor. While this has yet to happen, I want to prevent this from happening. Is there a way to create the link without giving away all the information? When you login currently the system keeps all the info in a session. But when you try and follow the link the system would take you to the request page as an employee, when it should be supervisor. This confuses the user and they logout and back in going through the menus to get to the requests and in the right state.At this point I would rather just have them goto the main menu, but that does not seem to be an option that everyone can be happy with. What other options could we try?

View 12 Replies


Similar Messages:

How To Display Infomation Onto The Application About The User Account

Mar 16, 2010

I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")

I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).

Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )

Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.

(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.

View 7 Replies

C# - How To Get Date And Time Formats Based On Culture Infomation

Dec 4, 2010

What I want is..If culture is en-US then

string dateFormat="MM/dd/yyyy";
string timeFormat="24.00 hrs";

If culture is en-GB then string dateFormat="dd/mmyyyy";
string timeFormat="24.00 hrs";

and so on for other countries..Now how do I get these date and time format values ? What are the standards? Like which all countries use similar date/time formats and which ones don't ?ok I tried this :- DateTime myDate = new DateTime();
string us = myDate.ToString(new CultureInfo("en-US"));

string us gets value =1/1/0001 12:00:00 AM

Now how do I extract "dd/mm/yyyy" and "24.00 hrs" out of this...in my Dateformat column in my Table... I want to store STRINGS such as dd/mm/yyyy or mm/dd/yyyy NOT dates..In my TimeFormat column in the table, the values to be stores are STRINGS too, like I need to store either "24:00hrs" or "12:00hrs"

How do I do this now ?**using ShorTimePattern returns these values as h:mm tt and HH:mm

If I want to store the values in my DB exactly as "24:00hrs" and "12:00hrs", how do I use these values..h:mm tt and HH:mm,which one is for 24 hr format and which for 12 hr format ?**I want the information about Decimal Separator and Thousand Separator too based on the CultureInfo...whats the property for that ?

View 3 Replies

C# - WebUserControls Get Type Infomation About Other WebUserControls Within The Project?

Feb 8, 2011

I'm basically trying to get webcontrols to talk to one another.I have one WUC that wants to get information from another.In ControlB's GetDataFromControlA method

public List<ControlBData> GetDataFromControlA()
{
ControlA c = Page.FindControl( IdOfControlA) as ControlA;
if( c != null)
{
return c.Data;
}
...
}

At code time ControlB knows nothing of ControlA...so ControlB cant access its members, and the above wont compile.

I'm thinking I have to use methods in the page to get the controls talking to one another...

View 3 Replies

C# - ApplicationSettings (Giving Me) Fits?

Sep 22, 2010

I've read all of the examples and I've yet to figure out how to get information out of the web.config file using applicationSettings (as opposed to appSettings). I have the following for my configSections:

<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="ExcelREST.FDAllUpAvailabilityTable.Settings"

[code]...

Now, I suspect that I may be making an assumption that's not valid; namely, that the appropriate classes will be generated to access my configuration information by Visual Studio (2010). I've simplified the example in that I really want to have several <section name="..." > within configSections.What (probably obvious) step am I missing here? (I'm coding in C# and this is an ASP.NET 4.0 MVC application.) I'm about ready to bag it and just go with the simplistic appSettings.

View 3 Replies

Web Forms :: Giving Error On Compiling

Jan 22, 2010

i do have an app_code folder, which contains a base.cs, which is intented to have its class page_load to override other .aspx-files (without masterpage.master) when the page_load-class of these files is loaded. i wrote the class in base.cs as "public override page_load", but this gives an error when compiling. what am i doing wrong?

View 6 Replies

Jquery Datepicker Giving An Error?

Apr 26, 2010

whats wrong with the below code, its throwing me an error of
Compiler Error Message: CS1002: ; expected

$(document).ready(function() {
$('<%=StartDate.UniqueID%>').datepicker({ showOn: 'button',
buttonImage: '../images/Calendar.png',
buttonImageOnly: true, onSelect:
function() { },
onClose: function() { $(this).focus(); }
});
});
<label for="sd">StartDate:</label>
<asp:TextBox ID="StartDate" runat="server"></asp:TextBox>

error

The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).

View 2 Replies

Jquery Ui Datepicker And IE / Giving Error

Apr 7, 2010

This works perfectly in Firefox but doesnt work in ie i get the following error "Line: 640
Error: Object doesn't support this property or method"

Here is my code

<asp:TextBox ID="calendardatedob" CssClass="calendardatedob" runat="server" AccessKey="n" TabIndex="4" MaxLength="40" /><span
class="req">*</span> e.g dd/mm/yyyy

Here is my jquery
$(document).ready(function() {
$("#ctl00_PageContent_calendardatedob").datepicker();
});

im referencing these

<script src="../../assets/js/jquery.min.js" type="text/javascript"></script>
<script src="../../assets/js/jquery-ui-1.8.custom.min.js" type="text/javascript"></script>

View 1 Replies

RSS Feed Is Giving Error In Cloud?

Jun 14, 2010

In my C# asp.net 3.5 application I am using RSS Feed to get current updates of my website. Its working fine and when we subscribe the feed also its updating the data as needed. Now our application is deployed in cloud. There also this RSS feed is opening and showing the data. But When I say Subscribe to this feed Its giving diagnose error page saying Normailization error occured and can not display the page. Let me know how to work with RSS feed in cloud environment.

View 1 Replies

Plain Javascript / Giving Error?

Jun 30, 2010

I am using simple windows.open function to open up a popup window. While teh same is working fine in another page.

Basically there is a user control and that user control has simple table. In there I am using a link button where ONClientClick I am using windows.open('some.aspx'). But it is giving error like Stack OverFlow at line No.

I am unable to get the basic meaning if this thing, why this error can generate and what it signifies?

View 1 Replies

AJAX :: IE7 Giving Sys.WebForms.PageRequestManagerServerErrorException?

Jul 28, 2010

We are using the update panel in the page and opening a details page on a link click from the grid on this page. This is working fine in IE6, now we are migrated to IE7 and suddently on some machines it is giving following error. On the other machines its working fine.Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server.The status code returned from the server was: 87.We are not getting any info related to the status code 87.Also on the javascipt error it is giving error "The download of the specified resource has failed"

View 4 Replies

Displaying ListBox Error - Giving Dropdown At The End

Apr 5, 2010

I m displaying all errors in a Listbox. and I set the listbox size as the listbox count that means..no of errors. It is very good but the problem. is if the error is one, it is displaying and giving dropdown at the end. I dont want that dropdown.

View 4 Replies

How To Iprofilehandler(which Is Implemeting Ihttphandler) It's Giving Null

Jan 8, 2011

I am trying to create url routing like this[URL] but I am having few questions , first why he is adding lines to the web.config , I tested it and it didnt appear that they're doing something as I commented them and nothing major appeared second I am having this line of code that is crashing var display = BuildManager.CreateInstanceFromVirtualPath(_virtualPath,typeof(Page)) as IProfileHandler;

when casted as ihttphandler it's working , but when I am casting it to iprofilehandler(which is implemeting ihttphandler) it's giving null !

View 2 Replies

Calendar Control - Giving Null Object

Mar 29, 2011

iam using calender control in asp.net 2.0 as it is using master pages.. iam opening a window form content pages.. on window.close it is giving me null object as its not getting form name code on content page:

<a onclick="openwindow();" ahref="#">
<img src="Images/calendar.gif" style="width: 20px; height: 20px" border=0/></a>
<input ID="Text1" runat="server" readonly="readOnly" type="text" />
function openwindow() {
window.open('/Calender.aspx', 'calendar_window','width=154,height=188');
}
code on opened window from content page
protected void Calender1_SelectionChanged(object sender, EventArgs e)
{
string strjscript = "<script language='javascript'>";
strjscript += "window.opener." + HttpContext.Current.Request.QueryString["formname"];
strjscript += ".value = '" + Calender1.SelectedDate.ToString("yyyy-MM-dd") + "'; window.close();";
strjscript += "</script" + ">";
Literal1.Text = strjscript;
}
protected void Calendar1_dayrender(object sender, DayRenderEventArgs e)
{
if(e.Day.Date==DateTime.Now)
{
e.Cell.BackColor = System.Drawing.Color.LightGray;
}
}

View 1 Replies

Is It Possible To Configure Things So That IE7 Waits (much) Longer Before Giving Up

May 28, 2010

My issue is similar to ASP.NET Debugging Timing out with IIS except that I'm using the built-in ASP.Net Development Server with VS 2010.If I pause for more than about 10 seconds in the debugger, IE7 "disconnects" from the web server with the error message Internet Explorer cannot display the webpageHowever, unlike in the similar question, the debugger is still running. If I refresh the browser it will post that refresh to the server and I can debug the page from the top again.

Is it possible to configure things so that IE7 waits (much) longer before giving up?If it makes a difference, I'm launching IE using the "Start external program" option and passing a localhost URL as the command line argument (since Chrome is my default browser). I also specify a specific port.

View 1 Replies

Giving Full Trust To A Folder Using Caspol?

Jul 26, 2010

I am getting security exceptions since I am using ajax control tool kit I am falling into security exceptions. So I want to set full trust to the folder on my serverso when I use the below command I am getting ERROR: Invalid Label Or Name
error. ( I am typing this command from my local machine)

caspol -m -ag LocalIntranet_Zone -url
\server1webrootTestapp* FullTrust -n "Test" -d "Description"

I dont know If I need to give any specificname so I just add "TEst" and "description" for both -n and -d

View 2 Replies

AJAX :: CollapsiblePanelExtender Is Not Giving Expected Output?

Aug 9, 2010

I m trying to use collapsible panel extender from ajax toolkit in order to collapse and expand gridview.I have written the aspx page for it..but when I am running the program i m not able to view the grid in expandable and collapasable form ...it is displayed in a normal way...

I am not getting where i m getting wrong...

here is my aspx page...

[Code]....

View 1 Replies

DataSource Controls :: Use Group By / Giving Error?

Apr 5, 2010

i want to use group by

var origina = (from m in _db.MeSetgroup by m.Categoryselect m)

but it have error in. how can i use group by in mvc?

View 6 Replies

AJAX :: AjaxControls Giving Error On Debugging?

Aug 3, 2010

I am using AjaxControltoolKit.dll(3.0) with VS2008 C# application.Any webform having AjaxControltoolKit tools like ModalPopUp,AutoCompelte,etc.Gives Following error on Debugging:""

View 2 Replies

Configuration :: Remote Deployment / Giving Error

Oct 20, 2010

i placed ,my asp.net application in FTP server,and database in another remote server using aspnet_reg.sql in command prompt.

here

im getting an error in Roles,i tried executing on the same server with out roles its working properly and retrieving database.

here is my code of web.config file.

<connectionStrings>
<add name="mydata" connectionString="Data Source=192.101.08.2;Initial Catalog=xyz;Persist Security Info=True;User;Password=password1" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<roleManager defaultProvider="AspNetSqlRoleProvider1" enabled="true">
<providers>
<add name="AspNetSqlRoleProvider1" connectionStringName="mydata" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider1" connectionStringName="mydata" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<membership defaultProvider="AspNetSqlMembershipProvider1">
<providers>
<add name="AspNetSqlMembershipProvider1" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="mydata" enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
<add name="MyMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="mydata" enablePasswordRetrieval="true" enablePasswordReset="true"
requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>

-------------------

Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

Line 41: <system.web>

Line 42:

Line 43: <roleManager defaultProvider="AspNetSqlRoleProvider1" enabled="true">

Line 44:

Line 45: <providers>

View 1 Replies

Security :: Send Email Without Giving Password?

Sep 3, 2010

i am using the concept of sending email through asp.net on click of button.but i hv to give the email id along with the password to send the email.Is there any way of sending the email without giving the user password of email in the web config as the client may refuse to give its password to developer because of security reasons.many sites like asp.net send email to user without asking their user password how it is possible

View 4 Replies

Web Forms :: ImageUrl Giving Wrong Path?

Aug 27, 2010

I'm working on an auto-fill feature for a form. Everything works perfectly except for filling in an image beside a file upload control. I know you can't set an upload control, so I'm setting the imageurl with the path and using that instead. The problem is, when I add the path in the code behind, it's messing up the space character (%20) in the path.

for example what should be:
file:///S:/Projects/Bulletin_Mugs/CBProject/Brown,%20john%2012-11-1981.png

becomes:
file:///S:/Projects/Bulletin_Mugs/CBProject/Brown,%2520john%252012-11-1981.png

Here's the relevant code: [Code]....and here's the path as is in the database:

S:/Projects/Bulletin_Mugs/CBProject/Brown, john 12-11-1981.png

View 6 Replies

Security :: Roles Don't Work And Giving Error 404?

Apr 11, 2010

i'm using visualsudio2005 c#and this is my config file that in the member folder :

[Code]....

and i gave my user the role .... and when i sign in as a member role user and try to access a page in this folder it gives me Error 404 ...

View 4 Replies

MVC Giving A Controller The Name 'AdminController' Makes It Not Work?

Jan 8, 2011

I am working on a ASP.NET application that uses ASP.NET MVC.I tried naming one of my controllers "AdminController" meaning I typed "Admin" in the new controller text box and it filled out the controller part all by itself of course.This controller never worked until I changed it's name. If I changed the name to anything else it worked with no problems.I looked inside my Global.asax.cs file where the routes were configured and I found no routes leading to it.I tryed adding a route to this new controller like this:

routes.MapRoute("Admin", "calcul/SomeAction",
new { controller = "Admin", action = "SomeAction" });

and it worked but then mysiteadmin would only get routed to that specific action.I renamed the controller to AdminSection and it works but I don't understand why it didn't work before.

View 2 Replies

Security :: Log In Giving Wrong Destination Page?

Sep 9, 2010

I have a log in control that has this set in the aspx:

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved