I am using a Self signed certificate for HTTPS. I have it ready. what should be changed in IIS and also what should be changed in the code for https to come into affect. I need https for some pages(not all).
View 2 Replies
This is in VS 2005. And IIS is 6.0. I am trying to use Self signed certificate for HTTPS. In the code i am redirecting from http to https for few pages. It is nt working fine. and in the IIS manager, for each page that i want HTTPs, i have changed its setting by checking "Require Secure Channel(SSL)" and "Require 128 bit encryption".
public void setSecureProtocol()
{
string redirectUrl = null;
bool bSecure = true;
bool SecureConnection = true;
if (bSecure && SecureConnection)
redirectUrl = Request.Url.ToString().Replace("http:", "https:");
else
if (!bSecure && SecureConnection)
redirectUrl = Request.Url.ToString().Replace("https:", "http:");
if (redirectUrl != null)
Response.Redirect(redirectUrl);
}
Pages throw me an error like this The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets
Layer (SSL).
Please try the following:
* Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource. Internet Information Services (IIS)Internet Information Services (IIS) When i try to put https in the start of the URl, it wont call. I have no idea whats wrong in here. Here, Its not redirecting from http to https. For the pages that i am not redirecting in the code behind, and changing in the IIS, i can see the HTTPS when i check the two checkboxes. Internet Information Services (IIS)
I created a self-signed certificate for testing in IIS7 (win 7 64 bit environment ). I attached the cert to the bindings, etc and everything was fine. But when I crank up the site I get the generic error: There is a problem with this website's security certificate. Continue to this website (not recommended). What should I be looking at to fix this
View 5 RepliesI have been struggling for days trying to get a simple ActiveX DLL to work with no success despite studying several articles on the subject which I have found online. I suspect I have several things coded incorrectly as I am just not familiar with this and most of the articles on the subject are out of date. I am using Visual Studio 2008 and have been using the Windows SDK V7.1 for digital signing.
What I am trying to do is return the client machineName from the environment class back to the web page (and eventually back to the web server). This is my C# class:
using System;
using System.Reflection;
using System.Runtime.InteropServices; [code]...
Note that I copied my dll to my Windows SDK folder, signed that, copied it back to my cab file which I then copied over to my SDK file, signed the cab file. Then finally, copied the cab file to my website project.
NOTE: See comments at end of first answer. I have purchased a signed certificate from Comodo and with that installed, I now get "Unknown Publisher" error even though the certificate status is "ok", Both the dll and cab file have been signed.I believe my issue now is the control needs to be marked as safe for scripting, http://www.olavaukan.com/2010/08/creating-an-activex-control-in-net-using-c/
There are 2 web-servers involved:
Webserver1 has been in the organization a few years and is hosting/running multiple websites with https encryption (app1.ourcompany.com, app2.ourcompany.com, etc). It has a valid, signed certificate.
Webserver2 is a new server, for which I am responsible. I am tasked with setting up https and getting the certificate, etc. It has a web app running on it, but it does not have a domain name (only has an IP address)...which as I recently learned, is a requirement for a signed certificate.
What I'd like to know is this -- is it possible to set up a site on Webserver1 that points to the site I'm hosting on Webserver2 (ie SiteOnWebserver2.ourcompany.com) which also utilizes the Webserver1's signed/verified certificate?
Do you know any web site with an invalid https certificate, so I can test if my browser detects it?
View 1 RepliesI'm new to cryptography and I'm a bit stuck:
I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.
They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.
I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.
Then, in my app, I'm attempting to connect to the service like this:
var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.ClientCertificates.Add(certificate);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
I get a 502 Connection failed when I connect.
Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.
I'm trying to make my website more secured so want to install SSL certificate, for that I've requested a digital certificate from verisign and installed it succesfully in my server(IIS 5.1).
So everything is ready created the virtual directory and now im trying to access my site but now in the url its coming like http:\mysite.com but not https:\mysite.com.
what do we need to do extra other than installing the SSL certificate to convert it form HTTP to HTTPS.
Programatically is it possible using C# or script 1. To attach certificate to the https binding of website in IIS 7.5(from a drop down).
View 1 RepliesWe set up a paypal gateway on our site using paypal NVP API: Our IIS web server is set up for SSL, though I just created a cert on the locally machine. When we load HTTPS the browser gives a warning about security before the page will load. I know a local cert won't cut it for SSL, so I think we need a verisign cert? [URL] Is this correct? How can I know that the cert I am getting will get along with paypal and elimante any security warnings for the user.
View 1 RepliesLet's assume our users in their office using Internet explorer to sign some Web Pages using their client certificate imported into the Internet explorer browser (let s assume no other browser is used)
what is a good approach/architecture for validating the client certificate (Internet Explorer), how to send that certificate or the signed form to the server and how do we verify the signature
Should we use smart client approach integrated to the web application or some silverlight or so or is web form/web pages enough to implement this security requirement ?
I am trying to open my homepage with HTTPS in my test server. Is there a way i can create Self signed certifcates and see if https works. some links or any ideas with how to do Its an ASP.Net project and IIS V6.0
View 3 RepliesI have created a self signed certificate for IIS6 for my app. App works fine when I access it from the web server. But when I access the app from client machine it gives an error "The connection has timed out" on IE, and on Firefox it does not load the page.
View 4 RepliesI want to use UrlReferrer after the user has signed-in.
Can UrlReferrer also refer to a webpage outside of the web project? .. this is not what I want...
Using the form view control, when I click on the edit button to modify a record. the form is in update mode. When I clcik the update button any modified data is posted, but, for some reason the name in one filed named, user_update_name, does not. The name in the field will not change unless the field was empty. For example, if test1 was the last user to modify the record and the user_update_name field was empty, the field was now say Test1. If Test2 modified the same record, Test1 name will still display in the field. The command that fires when the update button is clicked.
Imports System.Data
Imports System.Data.Common
Imports System.Configuration
Imports System.Collections
Imports System.Web
Imports System.Web.Security
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.WebControls.WebParts
Imports System.Web.UI.HtmlControls
Imports System.Data.SqlClient
Imports Microsoft.VisualBasic
Protected
Sub FormView1_ItemUpdating(ByVal sender
As System.Object,
ByVal e
As System.Web.UI.WebControls.FormViewUpdateEventArgs)
Handles FormView1.ItemUpdating
frmPartsDS.UpdateParameters("user_update_name").DefaultValue = User.Identity.Name
End
Sub
How to send a digitally signed through C# code.i apply the no of ways but still not able to perform.
View 6 RepliesI am using the aspnet membership features and check to make sure the user is logged in before display the page:
Protected
Sub Page_Load(ByVal sender
As
Object,
ByVal e
As System.EventArgs)
Handles
Me
.Load
'Check for UserName
If Context.User.Identity.Name
Is
Nothing
Or IsDBNull(Context.User.Identity.Name)
Or Context.User.Identity.Name =
String.Empty
Then
Response.Redirect(
"~/Login.aspx"
)
End
If
Session(
"UserName"
) = Context.User.Identity.Name
UserName.Text = Session(
"UserName"
)
UserIDValue.Text = Membership.GetUser().ProviderUserKey.ToString()
End
Sub
Everything was working fine when I had two separate applications (two web.config files) using the same data base and the same "applicationName" in the web.config files...............
In the control Chart, I add few points, selected from the database:
var Diagram_1 = Razrez_D1.Series ["D1"];
sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure;
sqlDA.SelectCommand.CommandText = "Razrez_D1";
sqlDA.SelectCommand.Parameters ["@ date1"]. Value = Session ["date1"]. ToString ();
sqlDA.SelectCommand.Parameters ["@ date2"]. Value = Session ["date2"]. ToString ();
sqlDA.Fill (dataSet1, "Razrez_D1");
sqlDA.SelectCommand.CommandType = CommandType.Text;
for (int i = 0; i <dataSet1.Razrez_D1.Rows.Count; i + +)
(
string name_s = dataSet1.Razrez_D1 [i]. Name.ToString ();
name_s = name_s.Substring (name_s.IndexOf ('№')). Trim ();
Diagram_1.Points.AddXY (name_s, dataSet1.Razrez_D1 [i]. Count);
Diagram_1.Points [i]. BorderColor = System.Drawing.Color.Black;;
Diagram_1.Points [i]. BorderWidth = 1;
if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count)> 5)
(
Diagram_1.Points [i]. Color = System.Drawing.Color.Red;
)
else if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count)> = 4 & & Convert.ToInt32
(dataSet1.Razrez_D1 [i]. count) <= 5)
(
Diagram_1.Points [i]. Color = System.Drawing.Color.Yellow;
)
else if (Convert.ToInt32 (dataSet1.Razrez_D1 [i]. count) <4)
(
Diagram_1.Points [i]. Color = System.Drawing.Color.Green;
)
)
The problem is that the points on the X axis are signed that way: first is not signed, second is signed, third is not signed etc How can I sigh all points?
I developped a light WinForm Control that run like an ActiveX in a Web Page. No problem yet.However, when i want to access System.IO I got a Security Exception. It seems that I have to sign my assembly, so that's what I did. When my assembly is signed, my Web Browser can't show the Winform. I set IE to download any ActiveX in the Security tab ... Nothing happens. Uncheck "Sign Assembly" ... works fine ...
View 2 RepliesI'd like to add a typical 'Signed in as' bar, cf this site.Since it's 'common', first thought is: master page.However any controls designed on a master page are only rendered 'in' the final page...... so you need the 'this' (Page reference) to access the control... so you can't write code 'on' a master page, whose 'this' is not a Page.HttpContext has Session, Request, etc - all useful but none with a 'Page' reference that I've noticedUpdatePanel looks neat, but I'd prefer a non-Ajax solution to learn the 'basic' way before perhaps later making it 'smarter' with Ajax.Question therefore is: how to write a script that is site-wide, for a master page, that references controls on the (rendered) master page, with or without a 'Page' reference.
View 1 RepliesI there a way to get the user id that they signed on to the computer with from web site project, without changing IIS so they will have to login? This will be interanet and remote internate users.
View 3 RepliesI'm aware of the following two different types of web projects in Visual Studio 2008:Website projectWeb application projectA web application project can reference a signed assembly as long as the web application's assembly is also signed with the same key. However, this doesn't work with the website project because there is no place to sign an assembly. I think this is because the assembly is compiled dynamically on the server?
Anyway, is it possible to get the website project working with this signed assembly? Or will I have to convert this website project into a web application project?Edit:The following situation has required me to ask for clarification in this matter:I have a class library that is being referenced by several other projects in my solution in Visual Studio. One of the projects is a windows application that will be deployed to specific external users. In order to make sure that the application is using the correct assembly and to also prevent others from using the assembly (I am aware of the limitations with respect to its effectiveness), all assemblies have been signed and all the classes in the library are declared as Friend (internal).
The website project doesn't seem to have a way for me to sign its assembly and I get the following message when attempting to use anything from the library: "CLASS is not assessable in this context because it is 'Friend'", which is to be expected.The following attributes are inside the AssemblyInfo.vb file in my class library project:
<Assembly: InternalsVisibleTo("OtherProject1, PublicKey=AAA...")>
<Assembly: InternalsVisibleTo("OtherProject2, PublicKey=AAA...")>
...
My Conclusion:Looks like the cleanest way to do this would be to convert the website into a web application but this would require a bit of time to do since our site is pretty fleshed out already and as pointed out in other discussions, can be quite a pain to do. Going forward, I think creating a web application in the first place may have been a better idea and much more flexible for future development.
im trying to implement a gallery of sorts where the usercan view and upload images (he can only upload once signed in). Does anyone know where i can find a gallery like this, or do i have to code it myself?
View 5 RepliesLet suppose, I am building an asp.net website which has login scenario in it. I want to provide a certain functionality to the website that if the user is already login on computer 1 and now try to login on computer 2, so he will be allowed to remain login on computer 2, while automatically logout him from computer 1. I also know that http is a stateless medium, so whenever user interact with computer 1 and try to interact with the page, it will get noticed at that time.
View 2 RepliesOn our website users can sign up. The sign up controls (converted to a template) has the usual text boxes and then the create user button. When pressing this button the account is created. After reloading the website, the user can see his credentials in his 'my account' tab. Question: How can we access the newly created user (especially his userid) right after the create user button was clicked? Right now this does not work, we can only start accessing this after the page has been reloaded. But surely the account is created the instant the button was pressed. I have tried this:
MembershipUser myObject = Membership.GetUser();
UserID = (System.Guid)(myObject.ProviderUserKey);
But it looks as if the user is not yet logged in at this stage. Can this somehow be forced so that we can access the newly created userid right after the user has clicked the create user button?
