Web Forms :: Securing A Textbox Field Without Https?
Jan 22, 2010
I am creating an online job application using a wizard control.
When the user has completed the application, the finish button will fire javascript to re-render the data & print the application(the application data will not be saved to a database, email, xml, etc).
I want to ensure the users' personal info is safe while postbacks are being made (ie clicking the next button in the wizard steps).
Can someone give me a start as to what I need to be looking to do?
I've seen some things about viewstate encryption, but not sure if that's where I should begin, and/or if that's the only thing I need to do.
Or, If I were to disable viewstate all together would that be good enough?
View 1 Replies
Similar Messages:
Jan 23, 2011
I am working with Staff Images and Staff Dependants Images (photos) and I have to deal with such images among Adobe LiveCycle Forms, File System JPEG Format, Storing them in SQL Server, and finally, displaying them in regual web forms (ASPX).
In order to have the most reasonable and flexible desing, I did the following to:
1. Load the image from predefined location defined in web.config.
2. Convert the images to Memory Stream,
3. Convert the images to Base64 format,
4. Convert the image to XML Node.
In web.config, I defined the following:
[Code]....
I load the Staff Photo into Memory Stream as follows:
[Code]....
And I create the Base64 XML Node as follows:
[Code]....
As a matter of fact, all above is working 100% correctly while dealing with Adobe LiveCycle Form, for Loading and Saving Imgaes from/to PDF.
The above method will allow me to finally save images to SQL Server field type varbinary(max) and also into File System as regular image files. Also, I have full security and control over the images, becuase the above method will allow me to have full control for who is authorized to get/view the images. The end-user does not have direct access to where the images are stored.
How to use the above method to display the image on a regular ASPX Web Page using Image Server Control ? I do not want to use the src='path to image file', I want to be able to push the image content/binary to the IE without providing a link to the image file, how I can do this ?
My objective is to prevent the user from having direct access to the image files from the Browser.
View 5 Replies
Aug 13, 2010
Tell me how to compare a textbox value with a field in table?
View 2 Replies
Jul 30, 2010
I have a column in my database which contains null value. Now after retrieving value from database i want to store that value in my txtbox. I am getting
[DBTableFieldIsNullException: Field 'Title' is NULL] exception.
View 2 Replies
Dec 17, 2010
I have been at this for two weeks now without any success but I know I have to get a solution to move forward with my design. Is there any way to bind data from a SQLDataSource to a Hiddenfield or Textbox WITHOUT binding via the data controls like gridview, formview, datalist, etc. I do not want to use any of those controls. I need to do inline binding. Please provide the working code example. The hiddenfield or textbox would be named eid. The SQLDataSource name is GetDataEid. Again, if you reply and you submit code I can try please provide the full working solution. These do not work. They have already been attempted:
<asp:HiddenField ID="HiddenField1" runat="server" Value="<%#Container.DataItem("FieldName") %>" />
<input type="hidden" id="hdnId" name="hdnId" runat="server" />
and write the following code in your page load method
hdnId.Value=yourDbValue.ToString();
asp:HiddenField ID="hid" runat="server" Value='<%#Eval("column name") %>' />
View 2 Replies
Jul 16, 2010
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies
Apr 26, 2010
I'm developing an aspx page with vb code.
I am trying to highlight textbox border in red instead on showing an error message in summary. I'm using a required field validator to validate the empty textbox How can i do so?
View 5 Replies
Jul 26, 2010
i have two text boxes to capture date(dd/MM/yyy) and time(03:03PM) 12hr format.
i want combine this date and time store in table as single field . how to capture in code behind
View 5 Replies
May 19, 2010
I have a textbox that the user enters a time into, so 04:10 PM, I would like it to round to 04:15 PM, likewise 04:06 PM would Round to 04:00 PM.
Is there any built in controls that handle this, are there any code samples out there?
View 3 Replies
Aug 21, 2010
How to take value of bound field of grid in a variable or in a textbox.
I m using this code in .aspx page for grid.
[code]....
Now how to take value of cell of grid in textbox or in any varaible on cell click.remember if I take the field as BoundField on aspx.
View 4 Replies
Jan 20, 2010
I've been searching for a tutorial or example on how to update my database when I change the text in the textbox that is in a DataList?
View 8 Replies
Feb 15, 2011
I would like the user to select an item from a drop down list. Next to the drop down is a textbox or label control. From the ddl selection I would like to populate the textbox or label from a database with a corresponding field from the database the dropdownlist was populated from. On selectindexchange event I can populate the textbox with the Unique id from the value, but I need to input a different field into the textbox. Can I use some sort of variable to assign the Textbox.Text = ?
View 6 Replies
Jun 24, 2010
I have an email contact form that I have successfully populated the account users Username and email address into text boxes
I also use a text box and session variables to send parameters to a stored procedure and return a single row result in a form view.
The thing I am having an incredibly hard time figuring out is how to populate a single textbox with the data from any of those fields. or the whole control as a single summary.
Just for starters I am actually an IT Manager and NOT a coder so this is entirely a hack job if there ever was one...
here is my aspx code
<%@ Page Language="C#" AutoEventWireup="true" MasterPageFile="~/RMSWeb.master" CodeFile="Service2.aspx.cs" Inherits="_Default" %>
View 1 Replies
Dec 24, 2010
I have a webform developed in VB.NET and I am facing a strange problem. In the webform I have a GridView control which has two bound fields (Item # and Item name) coming from a master table and infront of these two fields I have placed a TEXTBOX control as TEMPLATE FIELD to take any value of particular item. But after filling all the textboxes when i clicked on submit button it loops thru the items and there i need to read the textbox value of that particular item in a variable but unfortunately the value is blank even the data is there. Here is the ASPX code.
[Code]....
Here is the Code behind
[Code]....
View 4 Replies
Feb 2, 2010
In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission inherited from ActionFilterAttribute class. The controller action looks like
[Code]....
Now instead of making different attributes , I want to use RequirePermission attribute like
[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)] so that i can use it for different scenerious. but the compiler throw the following error. An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
View 1 Replies
Mar 25, 2010
I have a asp.net website and I am accessing that web service from my iPhone app to get data.
The WCF web service produces data as JSON.I want to put some kind of authentication on the WCF. What you you guys recommend?
View 2 Replies
Mar 1, 2011
I'm going to launch a page - that will persist for a really long time using - using ASP.Net.
Page will have very little controls - will using jQuery ajax calls to build up and fill in the DOM for maintaining data in the backend DB.
How do I maintain who I am with the web service?
I'm used to pages that mostly use asp.net membership / session vbl stuff to maintain state.
That's not going to fly with why I'm doing here.
And I guess that also starts into "how do I secure this web service"?
View 7 Replies
May 28, 2010
How to secure an Action filtered with Authorize method from a jQuery call? I have this Authorize filter and it work's cause users are redirected if not logged-in. But after logging-out then accessing previous open pages that needs authorization, they weren't redirected at all. This jQuery is initialize when a button is clicked,
jQuery.post(
"/controllername/IsUserActive", {
}, function (data) {
if (data){
$('#div_user_active').html(data);
{ else {
$('#div_user_active').html('Not Active');
}
}
);
then calls this Action method.
<Authorize()> _
Function IsUserActive() As Boolean
Return True '<<---this keeps returning even users are already logged-out.
End Function
Overall, I wanted ajax(jQuery) to update/read a portion of the page but gets redirected if not authorized.
View 1 Replies
Oct 18, 2010
my team is building a game in flash to be embeded in a asp.net application.
When the game is over the player have the chance to type his name to save his score. This is done using web services called from flash. The webservice receives the name and score.
Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:
The .swf is hosted by the same asp.net application There are two domains that can access the same application (I have run previously into cross domain issues). Using SSL is not an option. The webservice has to be consumed by the .swf file.
View 1 Replies
Nov 14, 2010
We will be developing an ASP.NET application. It will store data in an SQL Server 2008 R2 installation. Most of the data is sensitive, so security is a primary concern.We will be hosting this in a shared environment, and it is a design goal that the data should be unreadable in the case of theft.
I am thinking of the following set up:
Encrypt the whole database using TDE. Users are created in the SQL Server users table, and we authenticate against that when users log in through the web interface.The intention is that if someone gets to the database, they will not be able to use the data. And no connection string with user credentials will need to be stored in the web.config file. Do you see any disadvantages to this approach? And how easy will it be to authenticate against the SQL Server as described?
View 3 Replies
Oct 26, 2010
I need something to secure my PDF files link ...
i have a page like http......../folder/userName.pdf
i need to to encrypt the file name ( i put it "login userName" ) ...
how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...
View 4 Replies
Sep 10, 2010
I need to create a single sign-on structure and my question is: is SSL a must?
Details:
The application will have a link to my web application. When the user clicks that link, their local username will be passed to my web app at which point a look-up in a mapping file is done. If that local username exists in the map, then the user is logged in. If not, then the user will be prompted to enter their network username and password, and when authenticated, an entry in the map will be created.
How do I ensure that user is who they say they are and not Joe Blow from off the street sending in an HTTP POST request with that username?
Do I have to use SSL (and if so, what does that entail)? Would adding a salt and encrypting the username be sufficient? Maybe locking it down so the source IP has to be within a controlled range?
My web app runs on IIS 6/7 and uses the ASP.NET MVC framework, if that is important.
View 3 Replies
Jul 4, 2010
I am trying to deploy a project for customers and i 'd like to be sure that code will be secured and cannot be hacked or seen , i know we can do that through the precompiled features but i don't konw how secure it is , and is there any other ways for this?also about the database can i protect it so as no one can open it see the tables or edit .... etc ?
View 1 Replies
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
View 4 Replies
Sep 25, 2011
I do have before a web server w/c is aspx. its like an online game panel w/c players do shop via web. but suddenly 1 day I was "SQL INJECT" i don't know what they do that the injected me.how do I secure my pages this is what i only use to all my pages to prevent entering characters such as " ',%,!,@,#,$,%,^,&,*,(,),.," all special characters will not be allowed. are there any else in order to secure it.?
Code:
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Label2.Visible = False
Dim userCleared As New System.Text.StringBuilder
Dim QuestionCleared As New System.Text.StringBuilder
Dim AnswerCleared As New System.Text.StringBuilder
[code]....
and how do I secure to the Direct browser thing? when i checked the IIS7 logs. i saw one IP w/c went to the /Webresource.axd iidjjfme9393j 4m9 mdmf9 um45d m89fm8jhvrm9u9mu30306bm0n.
some like encryption i don't what is this.
View 6 Replies
