VS 2013 / PDF Protecting / Stamping And Locking?
Jun 9, 2015
I have an ASPNET Application (C#) that runs on my company intranet. This application allows the users to attach PDF files against records.
I am trying to get that PDF uploaded in such a way that whenever the user initially uploads (the uploaded PDF will always be unlocked PDF), the user name would be stamped on the PDF file and the files is locked by my application so that the user cannot change the PDF again, even when having a PDF Writer. Whenever required the application should allow the user to unlock the PDF and then allow the user to edit the PDF.
View 4 Replies
Similar Messages:
Oct 8, 2010
Does record locking (Pessimistic and Optimistic Locking) is applicable in ASP.NET application? If so, What is the pros and cons on doing this?
View 3 Replies
Apr 14, 2010
I have images displayed in a website behind a username and password that is accessed by our customers. I have put in some simple measures to prevent users from copying these images. E.g placing an opaque image over the core image so that when users right click and save the image all they get is the opaque image.
I have concerns that customers could easily pass on their user credentials to competitors who can then freely view all the images.
View 2 Replies
Jan 22, 2010
i am using asp.net with vb
i have one page with registration.aspx.
i want that if any one wants to access that registration page he have to go through login.aspx page .
may be he write the page name (registration.aspx) in url, automatically it get redirect on login.aspx.
View 19 Replies
Aug 28, 2010
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in
www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
View 2 Replies
Nov 11, 2010
I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
[Code]....
View 5 Replies
May 8, 2010
Is there a way that a hacker or someone who wants to copy my software logic, can reverse engineer the business logic that I have in a webservice?
Is there a way to protect such information?
My development platform in .net asp.net and C#
View 3 Replies
Oct 26, 2011
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
[URL]
View 8 Replies
Jun 23, 2010
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
[Code]....
Here is the code for the handler:
[Code]....
Here is the code for the .js file:
[Code]....
Here is the code for the page:
[Code]....
View 8 Replies
Mar 2, 2011
I have an asp.net repeater control with a series of asp:hyperlink's
<asp:HyperLink runat="server" ID="name" NavigationUrl="~/Pages/display.aspx?fileid={0}&user={1}" />
and then on the OnItemDataBound method:
fullname.NavigationUrl=string.Format(name.NavigationUrl, user.fileid, user.userid);
So that gives me a series of URLs in the repeater:
[URL]
OK, so with a simple proxy tool someone can replace either of the parameters with some OTHER number to get access to what they shouldn't see.
server-side validation and authentication aside, is there a better method other than passing parameters when trying to create a dynamic URL within a repeater?
View 2 Replies
Nov 3, 2010
Does precompilation have any effect on XML files? i.e. can I obscure/protect xml files using precompilation? I assume that it has no effect as they aren't code.
If I use XML files as Embedded Resources, they appear in the DLL in a text editor as normal text. If the dll is edited and saved using a text editor, will it still work if it is unsigned?
View 2 Replies
Feb 24, 2010
I am working on a video streaming project, objective is to upload video to content provider's server and play it to the authenticated user only, it should not be accessible to unauthorized users, content provider provided APIs and Endpoints to pass security options but it seems not working when I pass those parameters to API along while uploading video streaming file, I need to know how I can do that, is there any other way that I can use rather than Content Provider's API Endpoints
View 1 Replies
Jan 18, 2011
I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place.
It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation.
View 3 Replies
Sep 14, 2010
I am working on an application that has several user controls (.ascx) of which I do not want to give away the code of. I have tried to search about it, but didn't get very far. I am using visual web developer 2010 express edition, so I cannot publish my website. Also, it doesn't have dotfuscator. What can I do?
View 11 Replies
Nov 5, 2010
I use the app_offline.htm file to bring my site down when I have to roll a new revision. However, even after I launch I'd like to be able to play around and test my site before anyone else has access. Since almost all of my pages are available without logging in, I need to way to lock down my application to everyone but myself and obviously the app_offline.htm file won't for for this.
I have a BasePage class and I'm thinking the only way to do this would be to put code in that class's Page_Init method and I could check for my specific IP address and kick everyone whose IP doesn't match to the app_offline.htm file. However, I'm wondering if this would be the best method since my IP will change.
View 3 Replies
Mar 8, 2011
I'm about to begin a new web project using asp.net 4.0 (EF 2.0). I have a question on row locking...customer is concerned that if employee 1 has a record in edit mode, they want to lock the row and make it uneditable for other users, until employee 1 has saved their changes. A step further is, if employee #2 attempts to edit the locked record, a notification would appear, notifying employee #2 that "Employee #1 John Doe" has the record locked and to contact them.
View 4 Replies
Dec 10, 2010
I'm using a 3rd party web service in my ASP.NET application. Calls to the 3rd party web service have to be synchronized, but ASP.NET is obviously multi-threaded and multiple page requests could be made that result in simultaneous calls to the 3rd party web service. Calls to the web service are encapsulated in a custom object. My thought is to store the object in an application variable and use the C# lock keyword to force synchronized use of it.
I'm nervous, because I'm new to multi threaded concepts and I've read that you shouldn't lock a public object (which my application variable effectively is). I've also read that if the locked block of code fails (which it could if the web service fails), then it could destabilize the app domain and bring down the application.I should mention that the 3rd party web service is rarely used in my website and it's going to be rare that 2 requests to it are made at the same time.Here's a rough code sample of how I'd make calls to the web service:
ThirdPartWebService objWebService = Application["ThirdPartWebService"] As ThirdPartWebService;
lock (objWebService)
{
objWebService.CallThatNeedsToBeSynchronized();
}
View 4 Replies
Sep 14, 2010
i have create a form..and i generate ID using dropdown list for user for registration before they save the page..the ID will appear when click "signUp" button.("ID" not saved yet into database)
i want the "ID" lock into databse when click "signUp" button..
View 3 Replies
Nov 11, 2010
I have an ASP.NET MVC website that uses an internal dll for some PInvoke stuff. The dll is located in the /bin folder next to the other assemblies. This works well, but if I want to replace the content of the /bin folder with the newest set of files by copying onto the existing files (this is on a test server) the PInvoke dll is locked/used by the w3wp.exe worker process and cannot be replaced except after you recycle the apppool or restart IIS.
Is this standard behavior or can I somehow instruct the ASP.NET runtime to take a shadow copy of the PInvoke dll similar to the regular assemblies?
View 1 Replies
Jan 12, 2010
I have multiple database running in my SQL Sever , in that I need to lock only one database is there is any inbuilt method in SQL Server 2008
View 1 Replies
Feb 27, 2010
I'm working on locking down some MySQL user accounts. At the moment I typically grant my user accounts execute privileges over the required stored procedures within a schema.Now I'm looking at the proc table in the mysql schema. The common wisdom that's quoted many times on various websites says "Stored procedures require the presence of the proc table in the mysql schema".By granting select access over the proc table stored procedures will work. But if I removed the above select privilege and grant the user execute privilege over the entire mysql schema the procedure will also work.
Does anyone have any ideas about the security issues by choosing one of the above over another?I would prefer to lock the proc table down all together so the user cannot see it cannot select from it.
View 1 Replies
Mar 6, 2010
Our client's web app restarts suddenly at random intervals. For each restart, we've found an entry like this in the Windows Event Log:
Event Type: Warning
Event Source: W3SVC-WP
Event Category: None
Event ID: 2262
Date: 2/21/2010
Time: 1:33:52 PM
[code]...
View 2 Replies
Jul 6, 2010
I have a website which requires users to enter their corporate network username and password. It then looks for that account in Active Directory and gets a list of any email addresses associated with that account.
The problem I am having is that ONE incorrect password is locking out an account. Our domain policy is that an account will lock out after three incorrect entries, so I am assuming that I am doing something wrong in my code. I am not very knowledgeable about Active Directory or .NET DirectoryServices in general, which may be apparent from my code. Here it is:
public ArrayList AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
// An error occurs if the username/password combo does not exist.
// That is how we know it is not a valid entry.
try
[Code].....
View 1 Replies
Jan 23, 2015
How?
Protected Sub Menu1_MenuItemClick(sender As Object, e As MenuEventArgs) Handles Menu1.MenuItemClick
If e.Item.Text = "TheItem" Then
<here the http://www link >
End If
End Sub
View 3 Replies
Jun 12, 2015
How would I go about creating a simple PDF in a backend ASP.Net web method?
Doing this without a PDF printer on the server.
Is that even remotely possible?
How about if I know I want to print a HOUSING CERTIFICATE. Can I make one and then use that FILE as a template to creating new PDF's?
View 2 Replies