I have a website which sometimes collects data from users via text boxes, and stores the data for later display.The .aspx site uses standard out-of-the-box asp.net Request Validation to stop cross-site scripting attacks.I now want to give certain users the option of populating the data via a web service rather than a web page.So I am creating an .asmx web service.1)Am I correct in thinking that in .net 3.5, data coming in to a .asmx web service is completely unprotected off-the-shelf from cross-site scripting attacks, and has to be treated with caution and html-encoded and inspected
I want to store certain html tags in my database to the layout of content, for example <h3> and <p> tags. The problem is with ValidateInput set to True, you get "Potential Danger error" when you try sending content with html tags.
With it set to False, you open yourself to all sorts of potential dangers. So Here is what I'm wanting to achieve:
I hope you like the image ! lol I spent 10 minutes in Photoshop to create it.
So eventhing that goes in, I want as encoded, but when I get content back, I want to decode only the <h3> and <p> tags. ! What do you think of my solution ? Bad, Good ?
Is there a way I can handle HttpRequestValidationException without turning off ValidateInput?
What I really want is all HTML posted from a form to be automatically encoded in the model unless a particular property has the AllowHtml attribute set.
If I have to turn off ValidateInput, then what happens to the rest of my model validation? Will it still be validated or do I need to explicitally check ModelState.IsValid?
I'm also catching the exception in a custom model binder class but every time I try to access the offending property from Request.Form, the exception gets thrown. Is there a way to get that value in the model binder?
How to Find All the Web Services and Windows Services Running on a Server in ASP.Net. I have the server details with me and want to find all the Web services running on it.
I am using Visual Studio 2010 Release candidate1. I have to deploy my web application which consists of a website, certain window services, certain WCF services and Sql Server 2005 database.I read Vishal Joshi's blog(http://vishaljoshi.blogspot.com/2009/09/overview-post-for-web-deployment-in-vs.html) detaing Web Package in VS2010. I want to know how to deploy window services and WCF services using Web Package. Also, I want to create a web setup (.msi) for deployment instead of Web Package so that the .msi takes care of all the application and database deployment like the web package does.
I am using HTML controls while using Ajax in my .net project. Now I want to make my text box to be autocomplete. I am fetching a data using a query for the respective typed text but i am not sure how to bind that data to text box and show it the way it is being displayed in google and other famous sites. I would also love to know the way using web services. Which way is more efficient?
Makes it sense to use ASP.NET applications together with WCF RIA Services or WCF Data Services (to encapsulate the data access layer) ? Or are these technolgies only useful for Silverlight applications.
I am having difficulty getting an asp.net web application to run on a new server. This same app has been deployed to at least a dozen other servers without issue. The x-factor seems to be that Sharepoint Services (WSS 2.0) is present on the new machine.
The app is configured to use Forms Authentication with a redirect to a specified login page, the first symptom is that no attempt is apparently made to redirect new requests, requests proceed directly and then error out when that page attempts to look at the HttpContext.Current.User.Identity.Name.
Second, when navigating directly to the Login.aspx page, the login and authentication check appear to proceed normally, but again HttpContext.Current.User.Identity.Name is blank where is should now have the users login name, and an application error occurs. I have confirmed that the same code on other servers behaves as expected (the Name is set at this point). IIS virtual directory settings are identical as well.
It would seem that something is interfereing with the normal Forms Authentication processes and that something appears to be Sharepoint. We have already listed the web app's path as excluded in the Sharepoint Admin section. Is there something else that needs to be done?
I'm working on a web application using VB.NET. In page load event am calling a remote web service which take time to bring the data. During this process none of the other contents on page are shown(render).
I want to call this remote web service asynchronously so that other data of page is displayed and web service data will be displayed when its available.
I have seen a lot of examples posted on how to create a Custom SiteMap Provider which is directly linked to the Business Logic in the Presentation Layer, however, I would like to write a Custom SiteMap Provider which inherits from StaticSiteMapProvider and is driven by the database. In addition, I would like to expose all of this logic behind WCF Services.
Are there any samples on how to implement a Custom SiteMap Provider over WCF Services since I am having a hard time trying to figure out exactly how to put a solution following this architectural pattern together.
want to create Secure and Fast email service with chat tool like gtalk. i have email server. Please let me know how to create this. if any of you are interested to help me to create such application please ask me. I will accept his perposal with open heart. But before tell me how i can start or what i should do to make ground for that project.
I'm struggling with trying to use RIA services from an ASP.NET web site.I created a new web site, added an entity framework model, then added a RIA service that uses that model. I used the DomainDataSource control to bind the ASP.NET controls to the RIA service
In our application, we have a need for a user to "impersonate" a different user. Think of it as a hierarchy -- Bob is above Frank in a hierarchy. Bob is logged in, and he needs to do things in the system for a short time as Frank. So, we have given Bob a list of users that report to him, and an impersonate link. He clicks on this link, and, behind the scenes, I log Bob out, and log in as Frank. I also set a session variable that tells me that really Bob is they guy who is the user. Also, Bob (acting as Frank now) has a nice little link at the top of every page that says "Stop Impersonation."
In addition, when Bob is impersonating Frank, Bob is restricted from doing some things, like changing Frank's password.
This was working great, until we encountered a situation where, if the session (I think -- getting confused here) gets destroyed (such as when I copy up new code and dlls to the live site), then when Bob clicks on "Stop Impersonation" he gets redirected to the default page, and is still logged in as Frank, but without the Impersonation session variable. So, now Bob really is logged in as Frank, and can change Frank's password (among other things).
How is it that a session variable (Impersonation) gets destroyed, but I guess the session is still hanging around, because it doesn't make the user log in again?
This is a somewhat serious bug for how our system works (bug in our code, I'm sure, not in .Net). We are using ASP.Net c#, aspnet membership services, .net 3.5, forms auth...not sure what else you need to know.
EDIT: Updated information. Looks like when "something" happens, for instance, when I recompile some dlls and copy them to the webserver, the session gets dumped. Or, rather, the variables in the session get dumped. The session id stays the same. I do get to check for Session.IsNewSession and it returns true, even though the id is the same as it was before.
Just like Utaal mentioned, Membership Services is separate from Session, so it's forms auth token is still hanging around in the browser, but my session variable telling me that that isn't really the user who is controlling the browser isn't there anymore.
EDIT: Sky, here is what I'm doing to authenticate a user. I can't figure out where I would insert a ticket into this flow:
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text)) FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
1/ I have an ASP.NET MVC application running on my server, it uses Windows Authentication.
2/ There is different web application (written in Java) somewhere else that also uses Windows Authentication.
In the Controller of my MVC application I need to grab some information from this other Web app. How can I connect to the "foreign" application using the credentials of the user that is accessing my Controller?
Makes it sense to use ASP.NET togehter with WCF RIA Services or WCF Data Services ? Or are these technologies/frameworks only proper for Silverlight primarily ?
am involved in a project with UI comprising mainly of Action Script. My role as an ASP.NET programmer is to pull data from DB using Web Services and supply it as XML to the Action Script.if I could learn more about XML Web Services in ASP.NET.
I am facing the situation in which i have to expose a dll (managed) through web services. Basically make everything from dll accessible to other applications through web services. The dll is a third party and i cannot give any other info on it , but my problem would not depend on this details.
I am looking for the latest best practices (latest tech) approach on how to start this. One thing i have been documented over was Web Service Software Factory, but i do not know how good would this approach be for my situation, and i would welcome some ideas based on experience ofc. The top things i liked and need in my project about the WS Factory were : SOAP faults handling , Entity Translator , Versioning (covering both forward and backward compatibility).
