Web Forms :: ValidateInput And Web Services
Apr 30, 2010
I have a website which sometimes collects data from users via text boxes, and stores the data for later display.The .aspx site uses standard out-of-the-box asp.net Request Validation to stop cross-site scripting attacks.I now want to give certain users the option of populating the data via a web service rather than a web page.So I am creating an .asmx web service.1)Am I correct in thinking that in .net 3.5, data coming in to a .asmx web service is completely unprotected off-the-shelf from cross-site scripting attacks, and has to be treated with caution and html-encoded and inspected
View 1 Replies
Similar Messages:
Feb 21, 2011
I want to store certain html tags in my database to the layout of content, for example <h3> and <p> tags. The problem is with ValidateInput set to True, you get "Potential Danger error" when you try sending content with html tags.
With it set to False, you open yourself to all sorts of potential dangers. So Here is what I'm wanting to achieve:
I hope you like the image ! lol I spent 10 minutes in Photoshop to create it.
So eventhing that goes in, I want as encoded, but when I get content back, I want to decode only the <h3> and <p> tags. ! What do you think of my solution ? Bad, Good ?
View 16 Replies
Mar 18, 2011
Is there a way I can handle HttpRequestValidationException without turning off ValidateInput?
What I really want is all HTML posted from a form to be automatically encoded in the model unless a particular property has the AllowHtml attribute set.
If I have to turn off ValidateInput, then what happens to the rest of my model validation? Will it still be validated or do I need to explicitally check ModelState.IsValid?
I'm also catching the exception in a custom model binder class but every time I try to access the offending property from Request.Form, the exception gets thrown. Is there a way to get that value in the model binder?
View 2 Replies
Feb 4, 2011
How to Find All the Web Services and Windows Services Running on a Server in ASP.Net. I have the server details with me and want to find all the Web services running on it.
View 1 Replies
Apr 3, 2010
I am using Visual Studio 2010 Release candidate1. I have to deploy my web application which consists of a website, certain window services, certain WCF services and Sql Server 2005 database.I read Vishal Joshi's blog(http://vishaljoshi.blogspot.com/2009/09/overview-post-for-web-deployment-in-vs.html) detaing Web Package in VS2010. I want to know how to deploy window services and WCF services using Web Package. Also, I want to create a web setup (.msi) for deployment instead of Web Package so that the .msi takes care of all the application and database deployment like the web package does.
View 1 Replies
Jul 20, 2010
I installed vs2010 in my machine and opened solution (of same version copied from other machine).
But getting stateservices error message..Moreover i am unable to find asp.net services in the list of services under serives.msc.
View 2 Replies
Mar 4, 2010
I am using HTML controls while using Ajax in my .net project. Now I want to make my text box to be autocomplete. I am fetching a data using a query for the respective typed text but i am not sure how to bind that data to text box and show it the way it is being displayed in google and other famous sites. I would also love to know the way using web services. Which way is more efficient?
View 1 Replies
Jul 12, 2010
Makes it sense to use ASP.NET applications together with WCF RIA Services or WCF Data Services (to encapsulate the data access layer) ? Or are these technolgies only useful for Silverlight applications.
View 1 Replies
Oct 16, 2010
I've built an asp net vb galery to see photo but i tink i've done too much call because I call every time in a updatepanel
the principal photo and the before and after photo, the title and the description .. after few time the sql server go down ... I tought to use an
web services but I don't know how keep a lot of data from a web services ...
There is other way to build one web gallery using the db I've already done ?
View 1 Replies
Feb 28, 2010
how to maintain session id in windows services in c#.net ,please help me regarding this issue.
View 2 Replies
Apr 22, 2010
I am having difficulty getting an asp.net web application to run on a new server. This same app has been deployed to at least a dozen other servers without issue. The x-factor seems to be that Sharepoint Services (WSS 2.0) is present on the new machine.
The app is configured to use Forms Authentication with a redirect to a specified login page, the first symptom is that no attempt is apparently made to redirect new requests, requests proceed directly and then error out when that page attempts to look at the HttpContext.Current.User.Identity.Name.
Second, when navigating directly to the Login.aspx page, the login and authentication check appear to proceed normally, but again HttpContext.Current.User.Identity.Name is blank where is should now have the users login name, and an application error occurs. I have confirmed that the same code on other servers behaves as expected (the Name is set at this point). IIS virtual directory settings are identical as well.
It would seem that something is interfereing with the normal Forms Authentication processes and that something appears to be Sharepoint. We have already listed the web app's path as excluded in the Sharepoint Admin section. Is there something else that needs to be done?
View 2 Replies
May 31, 2010
I'm working on a web application using VB.NET. In page load event am calling a remote web service which take time to bring the data. During this process none of the other contents on page are shown(render).
I want to call this remote web service asynchronously so that other data of page is displayed and web service data will be displayed when its available.
View 1 Replies
Mar 21, 2010
I have seen a lot of examples posted on how to create a Custom SiteMap Provider which is directly linked to the Business Logic in the Presentation Layer, however, I would like to write a Custom SiteMap Provider which inherits from StaticSiteMapProvider and
is driven by the database. In addition, I would like to expose all of this logic behind WCF Services.
Are there any samples on how to implement a Custom SiteMap Provider over WCF Services since I am having a hard time trying to figure out exactly how to put a solution following this architectural pattern together.
View 1 Replies
Oct 6, 2010
want to create Secure and Fast email service with chat tool like gtalk. i have email server. Please let me know how to create this. if any of you are interested to help me to create such application please ask me. I will accept his perposal with open heart. But before tell me how i can start or what i should do to make ground for that project.
View 2 Replies
May 21, 2012
in ms reporting services how & where do i get Print Layout button
so that all the 3 columns of my report can be viisble
as currently inspite of layout having 3 columns only one column is displayed
View 1 Replies
Oct 3, 2010
I'm struggling with trying to use RIA services from an ASP.NET web site.I created a new web site, added an entity framework model, then added a RIA service that uses that model. I used the DomainDataSource control to bind the ASP.NET controls to the RIA service
View 2 Replies
Feb 9, 2010
In our application, we have a need for a user to "impersonate" a different user. Think of it as a hierarchy -- Bob is above Frank in a hierarchy. Bob is logged in, and he needs to do things in the system for a short time as Frank. So, we have given Bob a list of users that report to him, and an impersonate link. He clicks on this link, and, behind the scenes, I log Bob out, and log in as Frank. I also set a session variable that tells me that really Bob is they guy who is the user. Also, Bob (acting as Frank now) has a nice little link at the top of every page that says "Stop Impersonation."
In addition, when Bob is impersonating Frank, Bob is restricted from doing some things, like changing Frank's password.
This was working great, until we encountered a situation where, if the session (I think -- getting confused here) gets destroyed (such as when I copy up new code and dlls to the live site), then when Bob clicks on "Stop Impersonation" he gets redirected to the default page, and is still logged in as Frank, but without the Impersonation session variable. So, now Bob really is logged in as Frank, and can change Frank's password (among other things).
How is it that a session variable (Impersonation) gets destroyed, but I guess the session is still hanging around, because it doesn't make the user log in again?
This is a somewhat serious bug for how our system works (bug in our code, I'm sure, not in .Net). We are using ASP.Net c#, aspnet membership services, .net 3.5, forms auth...not sure what else you need to know.
EDIT: Updated information. Looks like when "something" happens, for instance, when I recompile some dlls and copy them to the webserver, the session gets dumped. Or, rather, the variables in the session get dumped. The session id stays the same. I do get to check for Session.IsNewSession and it returns true, even though the id is the same as it was before.
Just like Utaal mentioned, Membership Services is separate from Session, so it's forms auth token is still hanging around in the browser, but my session variable telling me that that isn't really the user who is controlling the browser isn't there anymore.
EDIT: Sky, here is what I'm doing to authenticate a user. I can't figure out where I would insert a ticket into this flow:
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
View 2 Replies
Mar 13, 2012
ReportViewer1.LocalReport.ReportPath = Server.MapPath("reports/DETAILS.rdlc");
ReportDataSource rdS = new ReportDataSource("PERSONAL",
GetData()); ReportViewer1.LocalReport.DataSources.Clear();
ReportViewer1.LocalReport.DataSources.Add(rdS);
ReportParameter rp = new ReportParameter("Year", ListYear.SelectedValue);
ReportViewer1.LocalReport.SetParameters(new ReportParameter[] { rp });
I have a listbox with year and another with month
I need that the report when generated by default shld be of current month & year
when the users selects the month or and year from the listbox i shld get the reposrt accordingly
I get error when passing parameters
I tried using even server report instead of local
When using local i get report path not set ....
View 1 Replies
Mar 8, 2010
Which IIS Lowest Version Can be Use For Creating WCF web Services. and Which IIS Version is most suitable for working in WCF
View 2 Replies
Nov 15, 2010
Here is my scenario -
1/ I have an ASP.NET MVC application running on my server, it uses Windows Authentication.
2/ There is different web application (written in Java) somewhere else that also uses Windows Authentication.
In the Controller of my MVC application I need to grab some information from this other Web app. How can I connect to the "foreign" application using the credentials of the user that is accessing my Controller?
View 1 Replies
Jun 21, 2010
Makes it sense to use ASP.NET togehter with WCF RIA Services or WCF Data Services ? Or are these technologies/frameworks only proper for Silverlight primarily ?
View 1 Replies
Jan 30, 2010
some books for a beginner to build Web services in .NET?
View 3 Replies
Jan 9, 2010
am involved in a project with UI comprising mainly of Action Script.
My role as an ASP.NET programmer is to pull data from DB using Web Services and
supply it as XML to the Action Script.if I could learn more about XML Web Services in ASP.NET.
View 1 Replies
Nov 12, 2010
The Application_Start method in Global.asax.cs was being called in my WCF web services application when it was running under ASP.NET 2.
It has been recompiled with the .NET 4 framework and it now runs under ASP.NET 4. However, that method is not ever being called.
View 1 Replies
Jan 25, 2011
I am facing the situation in which i have to expose a dll (managed) through web services. Basically make everything from dll accessible to other applications through web services. The dll is a third party and i cannot give any other info on it , but my problem would not depend on this details.
I am looking for the latest best practices (latest tech) approach on how to start this. One thing i have been documented over was Web Service Software Factory, but i do not know how good would this approach be for my situation, and i would welcome some ideas based on experience ofc. The top things i liked and need in my project about the WS Factory were : SOAP faults handling , Entity Translator , Versioning (covering both forward and backward compatibility).
View 1 Replies