Web Forms :: Which Type Of Security Should Apply In E-Commerce Website
Jan 24, 2016
I am working on E-Commerce project based on Asp.Net. I need to implement Security in my Project. Which type of Security should i apply that is open source and in-build.
We are working on an e-commerse application, we have requirement to set discount (10%) on purchase on a specific weekday. Ex. If any transaction made on Wednesday, it will get 10% discount on purchase amount.
Since the website trafic scatered to different geographical area the time should be not be bound to a specific location.
One of the approach which I thought, was to get the IP address of client then use some tool to find out the country and GMT (UTC) time. And based on that decide the exact weekday to provide discount.
But some of the issue with this approach are:
- Which tool to use to find out the IP address
- The tool like IP2Location are paid. Is there any free tool available? etc.
I worked on an online store based . In this store i have a category for which there are almost 2000 products. So every time when there is some change in the price, it is very difficult to update the products with new price, descriptions, features etc.The manufacturer of this product is providing web services which can be linked with store owner's website who is selling their products.o is it possible to integrate e-commerce website with webservices API that are being provided by manufacturer ?
I have worked mostly with PHP when creating web sites driven by dynamic content. However I am wanting to start writting more applications in ASP. So I have a copule of questions that I can't seem to find the exact answers I need.1) I'll be creating a website for a company and then later be adding an online ordering system for them - would I best be served by writting the entire site in MVC2 since I will be getting into an online ordering system?2) Does it make sense to create my own shopping cart system - or are there free packages out there in ASP.NET that I should be utilizing instead of rolling my own? I3)I am currently working in Visual Studio 2010 Beta 2 - this is using the .NET 4.0 framework - I thought it better to use this instead of my older Visual Studio 2005 Professional - if I can't afford the full package of VS 2010 once its released - will theexpress editions support all I need? 4)If I am building in 2010 will I have a problem getting the site hosted since that framework is still in Beta? And can you suggest a good web host to use for .NET hosting - I usually work with GoDaddy for all my hosting needs - but I'm not sure if anyonehas experience in how quickly they will update to the newest frameworks etc , or if I should be hosting somewhere else.
I have got a new assignment for developping an e-commerce website. I need to accept online payment via all the common cards (Visa, MasterCard, etc). But am confuded about how I should implement it. I want to add direct payment with credit card to the website without passing by paypal.
P.S.: The website is targeted for UK customers only. Technology:ASP.NET, C#
I am starting work on an already fully developed site. This site has no input encoding or output encoding. If some one ebters <input type="text"> in an insert form it is displayed as a real tex box when viewing that form details.
So how can i apply encoding at input or output to the WHOLE SITE?
turning on validate request is not an option as the cms wud need it off.
also this is .net 3.5 so no question od using <%: tags.
I am working on an ASP.NET 2.0 website project. It has the frontend part for end-users and an admin part for administrators. I have created two themes for each of them. What I want to do is apply one theme to frontend pages and another theme to admin pages without having to specify the theme on each page.
I have a web site that is using windows authentication. 'Enable anonymous access' is unchecked. It works when I call it through Visual Studio but when I put the site on the server I get the following error:
Unable to cast object of type 'System.Security.Principal.GenericPrincipal' to type 'System.Web.Security.RolePrincipal'.
i have a gridview that displays a number of columns, there is some rows that are to be confidential for some users "secret" records, i.e some users will see some of the rows as access denied in the cells and they won't be able to click the row to take them to detail page. other users will be able to see these rows data in the cells and able to click on the row header to take them to detail page.
how to display data/links in grid view cells selectibaly without changing the data in database?
I'm writing a SaaS application with a web front end written in ASP.NET. I'm not much of a designer, and my ASP.NET knowledge is not yet at the expert level - I usually focus on server side stuff - but I have a basic master page and style sheets, which do the trick.
Now I want to offer my customers the ability to customize their web site with their own style sheets, colors, background pictures etc. so that their customers will log onto their portal at mycustomer.mydomain.com and see the skin that "mycustomer" has chosen.
we have one e-commece website which combine one ip address and 4 domains, I want apply for one ssl certificate bind ip for this site, is it possible to be used for 4 domains? is it possible to apply for certificate for ip address?
I have requested my web host provider to apply a SSL over the entire domain, as this is the only option available. The trouble is, I am not sure when the SSL is applied over the domain, how do I force certain web pages, the login page to SSL or even pages sitting in a directory. My web host service had mentioned when the SSL is applied over the domain, unless applying code the pages remain as http.
I am new to SSL and asp. I am using VB in my contract. Very confused. I have searched google and posts but have not found a simple clear access?
I have a web site that is using Windows Integrated Security for authentication. Under the site in the IIS there is a virtual directory that inherits these security definitions. Assuming I have several pages under the virtual directory, is it possible to apply anonymous access on on 1 (one) of them?
I am developing a new website that is membership based with yearly subscriptions. Using VS2010/asp.net4/c#. I have my site up to the point where all my content is ready to go and i can add members to the database to access all the premium content.
However, I have no idea how to impliment a start date and expiration date for that membership. I have been following along with Wrox Beginning asp.net 4.0 from beginning to end and this isn't covered at all. I also have Apress Pro asp.net 4 as well and I cant find anything dealing with that in there either.
What I would love to be able to find is some book or tutorial that i can follow along with and learn from so that this doesn't happen again to me.
In short what I need to do is this.
1. Add new user to defined membership role
2. Apply start/end date to that user
3. When the end date has passed I need to reasign them to a new role and then redirect them to another page with a notification
4. I guess lastly some way to add/manage members as an admin on my deployed site. Durring development i was using the built in Web Site Admin Tool but I just found out that only works on my local machine.
I have a feeling this this will be a very simiple fix but because of my total lack of experience it has been driving me crazy for three days tyring to hunt down info.
I'm going to write an ASP.NET MVC 2 application using Domain Driven Design. I'm trying to figure out how to separate the Admin from the store front. I could create 2 MVC projects, but regarding the services for them, should they be in separate projects as well or could I use the CatalogManager, for example, for both, Admin and the store front, and mix up all the services?Currently I have a class library for each part of my domain (services, infrastructure, model, etc.)
I'm trying to create a website that allows the user to type something up and it gets stored into a database. I'm looking to give the user some control as to different formatting such as for decorations, weight, style, etc... Also I want to keep the spaceing the user inputs into the text area as well (if the user presses enter to create a blank line). Is there a control out there that would let me do something.
Pretty much what I'm thinking of is something like what you would use to create a thread on a forum (Like what I'm using as I type this), where I get to choose the font style and such.
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
I'm currently working on an C#/ASP.NET project that will host several differents e-commerce websites, all running in the same application.I use LinqToSql (moving to PLINQO soon) to access my database. The database contains both informations on the website structure (pages, ...) and the products/orders/users data.
My question is, should I use only one database for all the websites, or sould I create a new database (same model) for every new website?I'm now using a single database (with SiteIDs in some tables) but I have a big security concern, I can't just backup/restore the database for ONE website if something goes wrong (e.g. somebody erase all the products on ONE website) and it's an important requirment of the application.
So I was wondering what are the good practices in that case? Is there big cons if splitting dbs?(I would have to make changes to several database instead of one in case of structural changes, but i guess i can make a db version/update system).How the existing CRMs are dealing with that?Is it a performance problem if a database server host a lot of different DataBases? A complex backup/restore tool would be better?
Subquestion:To make a website replication easy, I can also split the pure CMS data (Pages, Texts, ...) in one DB and the e-commerce data (products/categories/orders in another). It can be achieved by some select/insert functions but it would be easier by just copying a database of course.
I have two e-commerce sites. One was built using ASP .net technology and the other one was built using open source codes.
Now I would like to allow shared shopping cart between the two sites. The customer will be able to add product from either site to the same shopping cart and check out.
Has anyone done this type of project before? It seems that there isn't any easy solution -- i.e. we would have to build a new shopping cart from group up for both sites.
Recently we've developed an E-Commerce web application for a client. We are at the stage before launch and the client is not happy to disclosing live merchant account details to us because they don't want us to potentially being able to see their clients' data.
Since we are going to maintain their website (running off their servers but we will still have access to the site files) I cannot see an easy solution to this other than trust.
How to implement and maintain E-commerce application when business don't want to disclose merchant details to developers?
i have created loing form and create user form. then how to apply login rights..? i have 2 types of user. admin and normal user admin can move and use all pages while normal user can acces limited pages.
"fileUpload" is the FileUpload ASP.NET control. The SaveAs method writes the user uploaded file to a specified location on the server. IT WORKS. That tells me that the ASP.NET process has the proper write permission to write to the file.The next line uses an assembly called PdfSharp which you can use to open PDF files and manipulate them. In this case, the line simply opens up the user uploaded file. That is where the error occurs. WTH?
It works on my production machine. It does not work on my local machine. It USED TO. It was never a problem before.So why would it be fine to WRITE to the server, but trying to open a file give an error? Makes no sense. Googling yields a suggestion to put <trust level="Full" originUrl="" /> under <system.web> in web.config. It does not work.