Use Colon In Return URL With Forms Authentication

Apr 27, 2010

I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few). The workaround in that thread is to catch the error and use a default return URL ... hardly an acceptable solution. I can try to avoid colons in URLS, but that's a bit of a pain. Is there another alternative?

View 1 Replies


Similar Messages:

Security :: Forms Authentication - How To Deny The Return Url

May 27, 2010

i have 2 pages like login.aspx,default.aspx.in login.aspx page iam using the login contr ol.for this i created the users in the configuration manager.when enterting into default using these login id,password it's working fine.when iam copying the default page url from IE broswer and pasting in the another broswer it's entering into default.aspx page only not into login.aspx page(iam using the form authentication for this).

View 1 Replies

Why Using A URL Containing A Colon Considered As A Potentially Dangerous Request

Jul 27, 2010

(probably a bot) sent a request with the following URL to my ASP.NET 4.0 web forms application (running on IIS 7.0):http://ipaddress-of-my-applications-domain/bla1.bla2.bla3.bla4.bla5:)This caused an System.Web.HttpException. I received a logging email from ASP.NET HealthMonitoring I had configured, telling me:A potentially dangerous Request.Path value was detected from the client (:).

System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Why is a colon in the URL "potentially dangerous"? What dangerous things can be done with such a URL? Do I have any security hole here I am not aware of?

View 3 Replies

C# - Cannot Access WCF OData Service With DateTime Key Because Of Colon?

Nov 22, 2010

I have an OData WCF service in my ASP.NET project that i use to read and update an SQL-Server database.For one of the tables, the primary key is a DateTime field. When trying to access specific rows through the OData service, the uri looks like this: "http://server/odataservice/stats(datetime'2009-12-12T00:00:00')".When trying to update this table through the service, or browsing to it, it gives only an error. The error is sent before the WCF service is ever contacted, and as far as i've been able to find it's because the IIS does not allow colons in uri's, only in queries, for security reasons (something about NTFS).

The actual IIS error is "HTTP Error 500.19 - Internal Server ErrorThe requested page cannot be accessed because the related configuration data for the page is invalid", but it seems a bit misleading.If i remove the colons and browse to "http://server/odataservice/stats(datetime'2009-12-12')" it works as expected. However i'm clueless as how i'm supposed to be able to do this in by C# client that is bound to the OData service. It also feels very hacky to edit the uri on the client or on the server on the fly, i would rather have a proper solution.I'm using a hosted IIS, so i cannot as far as i know change it's configuration to allow colons, even if that was possible.

View 1 Replies

Authentication - Controlling Flow With Return;, Don't Render The Rest Of The Page?

Sep 15, 2010

this question should be fairly basic. I want to control the flow of an ASP.NET page -- if a certain condition is met, I want to write out an error message and stop drawing the page. However, I also want ASP.NET to output correct HTML (i.e. not cut off in the middle). Right now I am doing this:

if (condition != what-i-want) {
Label_Error.Text = "Sorry, you messed up";
return;
}

And the problem with that snippet is that ASP.NET draws the rest of the defined page without cutting off after the error. I really don't want to make the whole page Visible = False and then undo it when someone is authenticated. Is there some good way to do this? I have tried Response.End() but that doesn't output clean HTML (or anything actually, since I'm checking in Page_Load). I've had similar experiences with Response.Close(), et al.

View 1 Replies

Forms Data Controls :: Change The Column Name - "Remove First Character And After 3rd Character Insert Colon

Jan 14, 2011

My issue is that , need to change the column name(following format "Remove first character and after 3rd character insert colon") of the gridview (which is binded with XMLTextReader). Without changing directly XML file, Required to change the column name dynamically at runtime .

Performance.xml

<Performance>
<Departments>
<Heading>FS</Heading>
<S0015>1</S0015>
<S0020>2</S0020>
<S0025>5</S0025>
<S0030>5</S0030>
<S0035>6</S0035>
</Departments>
<Departments>
<Heading>BS</Heading>
<S0015>0</S0015>
<S0020>3</S0020>
<S0025>5</S0025>
<S0030>1</S0030>
<S0035>3</S0035>
</Departments>
</Performance>

Heading S0015 S0020 S0025 S0030 S0035
FS 1 2 4 5 6
BS 0 3 5 1 3
Required Format: Remove first character and after 3rd character insert colon (S0015 -- 00:15)

Heading 00:15 00:20 00:25 00:30 00:35
FS 1 2 4 5 6
BS 0 3 5 1 3

View 2 Replies

Security :: NetShareEnum Return 'Access Deny' After Using Windows Integrated Authentication

Mar 29, 2011

My web application need to list the network share information. The return code is '5' after I call NetShareEnum[Netapi32.dll] in windows integrated authentication.

I found that currently I am using Kerberos protocol to authenticate the access users and the token is grenerated with [TokenImpersonationLevel.Impersonation].

Who know how to resolve this problem? Is there any way to get a token with [TokenImpersonationLevel.Delegation] in Kerberos? BTW, I am sure about that the access user has the Access privilege to list the network share in target server.

View 1 Replies

Regular Expression For Looking For Colons (:) In A String / Error There Is No Colon In String

Sep 2, 2010

I am really struggling with this! Using the regular expression validator I created an expression, thus ":" to show an error message if the user tries to enter in a name that contains a colon. What I am getting is the error message showing even when there is no colon (:) in the string. What am I doing wrong?

View 4 Replies

C# - What's The Difference: Windows Authentication, Passport Authentication And Form Authentication

Sep 17, 2010

Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?

View 3 Replies

AJAX :: AutoCompleteExtender - Authentication Failure (forms Authentication)

Apr 15, 2010

'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.

If I change my service definition to include a demand for the caller to be authenticated, like so:

<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()

Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?

View 2 Replies

Security :: Changing From Forms Authentication To Windows Authentication?

Sep 3, 2010

What do I need to do in order to change an application from Forms Authentication to windows authentication?

View 2 Replies

Security :: Using Rss Feed Authentication With Forms Authentication?

Jun 3, 2010

I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.

If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.

How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.

[Code]....

View 1 Replies

How To Convert Forms Authentication To Windows Authentication

Sep 15, 2010

I've been asked to convert an asp.net application from forms authentication with roles using the aspnetdb database to use windows authentication instead.

what is required to do this? can I still use the roles defined in the app and stored in aspnetdb?

View 1 Replies

Mixing Forms Authentication With Windows Authentication?

Feb 12, 2010

I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table.

For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table.

I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate Windows Authentication on a separate login page that allows you to extract the domain account name. From what I can tell, though, this is not possible in IIS7 (the overall authentication method is applied on all pages and cannot be selectively deactivated, and both authentication methods can't be applied on the same page).

Is there a way of getting IIS to pass through the windows domain account name of the requesting user? I don't need proper AD authentication, just the domain name.

View 6 Replies

Ssl - How To Preserve Authentication For Forms Authentication Cookie

Aug 19, 2010

We have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).

Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.

The client is redirected back to a pre-configured url on our original http web app when done.

However, the customer is then asked to "re-login" again on our side which is undesired...

It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.

How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?

View 2 Replies

Security :: Forms Authentication With A Secondary Authentication?

Feb 16, 2011

I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.

How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.

View 1 Replies

SQL Server :: DAL Doesn't Return The Return Value Of Stored Procedure?

Nov 8, 2010

I have an update function in my data layer which is defined as:

public int UpdateRBTable(parameters ...) This calls a SQL Server Stored Procedure to perform an update function on the database.

The process does its job for updating the table. However, the stored procedure has a return value (which indicates how many rows were updated), but this return value is not returned to the application. The application always shows that a zero was returned from the stored procedure.

View 3 Replies

Can WebMethod Return An XmlDocument As Return Type

Jan 22, 2010

Can my WebMethod return an XmlDocument as return type?

When I try to consume the web service I'm still not getting XML. It appears as though a reference to the method is being returned rather than say a string containing XML.

<WebMethod()> _
Public Function CustomerSearch(ByVal lastName As String, ByVal firstName As String, ByVal companyName As String, ByVal city As String, ByVal state As String, ByVal email As String) As XmlDocument
' Create XML doc
Dim doc As XmlDocument = New XmlDocument()
' some more code
Return doc
End Function

View 4 Replies

MVC :: How To Return 401 Error From A Method Return ActionResult

Sep 28, 2010

how can i return 401 error from a method return ActionResult?

View 1 Replies

Assign A Value To the Methods Return Var before Return The Final Value?

Dec 2, 2010

How can I assign a value to the methods return var BEFORE I return the final value?

Example:

public string Example()

{
[here I want to assign a value to the return var and continue this block until the end] = "TempStr"; [code].....

View 2 Replies

How To Get C# Return Dropdown List To Return Value As Int

Jun 8, 2010

How to get asp.net return drop down list to return value as int

I want to pass the value to a stored procedure as an integer. But the default appears to be as a string which is not what the store procedure is expecting.

Is there a good way to return the list values as ints?

I suspect I can you set the value on the change selection event, is there another way?

View 2 Replies

DataSource Controls :: Use Mixed And Server Authentication Option Inplace Of Windows Authentication?

Jan 8, 2010

I have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.

View 2 Replies

Security :: Authentication Method - Enable Anoymous Access And Basic Authentication?

Jul 14, 2010

This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.

View 3 Replies

Security :: What's The Difference Between Basic Authentication And Integrated Windows Authentication In IIS

Jan 4, 2011

What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?

View 3 Replies

Security :: Enable Windows Authentication And Disable The Anonymous Authentication In IIS?

Mar 10, 2010

I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved