I have a very simple (rather stupid) question, I hope someone can clear my mind on this :)
I want to send an email to my site user once he clicks a button. This email will contain a link with the userID of a user in the link URL (as query param of a link).
Once the user clicks this email link, my server side code will parse and decrypt the userID query string key to get the user ID and perform some action on it.
I cannot use base64 encoding as it can be reversed and 'hackers' can get to know the real userID. I have to encrypt the ID but when I am using AES alogrithms for encryption, the encrypted text is not "understandable" by the browser, ie I cannot pass the encrypted userId text as a part of the URL because it contains un-encoded characters like "/" which the browser cannot by pass. One option I can think of is to base64 encode the encrypted text once I send it across via URL. Then I can bease64 decode and decyrpt it.
Is this approach better than using Uri.EscapeDataString() on the encyrpted text?
I am working on document storage and retrieval application. In which i display the pdf document as an png image , but i have a email button on the top. On clicking that the user would be able to provide an email address to which the document needs to be sent, and I need to send this pdf as an attachment. I need to password protect the file for security reasons. I have no clue on how i can do this in asp.net mvc.
I am sending an email for forgot password to the user. i have formatted the body text of Email but when i have checked that email, it is coming without any formatting.
here is the formatting code which i am sending as a string.....
I am developing SMS portal in asp.net c# where people register & send sms.I M Using multiline asp:textbox for input message. i want to break line where user hit enter/new line in textbox. if there any textboxeditor which support only <br/>.
I am working on sending twitter updates from my asp.net website. I have the authorization down but I am stuck when it gets to sending the tweet here is my code behind:
protected void btnAuth_Click(object sender, EventArgs e) { // add these to web.config or your preferred location var consumerKey = ConfigurationManager.AppSettings["consumerKey"]; var consumerSecret = ConfigurationManager.AppSettings["consumerSecret"]; //If User is not valid user if (Request.QueryString["oauth_token"] == null) { //Step 1: Get Request Token OAuthTokenResponse RequestToken = OAuthUtility.GetRequestToken(consumerKey,consumerSecret); //Step 2: Redirect User to Requested Token Response.Redirect("http://twitter.com/oauth/authorize?oauth_token="+ RequestToken.Token); } else { //For Valid User string Oauth_Token = Request.QueryString["oauth_token"].ToString(); var accessToken = OAuthUtility.GetAccessToken(consumerKey, consumerSecret, Oauth_Token, txtPIN.Text.Trim()); lblMessage.Text = "<b>Hello " + accessToken.ScreenName + ", Welcome to my Twitter App<b>"; lblMessage.Text += "<br/> Token: " + accessToken.Token; lblMessage.Text += "<br/> TokenSecret: " + accessToken.TokenSecret; lblMessage.Text += "<br/> UserId: " + accessToken.UserId; lblMessage.Text += "<br/> VerificationString: " + accessToken.VerificationString; } } protected void btnTweet_Click(object sender, EventArgs e) { // add these to web.config or your preferred location var consumerKey = ConfigurationManager.AppSettings["consumerKey"]; var consumerSecret = ConfigurationManager.AppSettings["consumerSecret"]; OAuthTokens accessToken = new OAuthTokens(); accessToken.AccessToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"; accessToken.AccessTokenSecret = "xxxxxxxxxxxxxxxxxxxx"; accessToken.ConsumerKey = consumerKey; accessToken.ConsumerSecret = consumerSecret; TwitterStatus TweetStatus = new TwitterStatus(); TweetStatus.Update(accessTokens, txtTweet.Text); }
I dont know how to get the AccessToken & AccessTokenSecret.
My aim is to make the web.config not readable by external users, but my application should be able to access it. Is there any way to do this?
I have tried the following way, but how to set the application to use string instead of web.config?
I want to encrypt my web.config file so that others do not open the file using any editor like notepad. But my application should be able to use the same web.config file. I could encrypt the web.config file and decrypt it inside the application and I saved the entire web.config to a string file. Now I want to use this string variable instead of web.config(now in encrypted form, which cannot be accessed by the application).
I am having a lot of trouble with WCF web service over SSL / HTTPS, so I was wondering if (as a quick fix) I could serialize the object, convert that to a byte array, encrypt the array, pass the encrypted array.
On the other side receive the encrypted array, decrypt the array, convert from the array and then deserialize the object.
I'm finding surprisingly little information on converting an existing database from Encrypted passwords to Hashed passwords. (I was able to find a bit more information on converting the other way, but it wasn't of much help.)
As most people know, changing the passwordFormat setting in web.config only affects new users. I have a database with a couple of hundred users and I'd like to convert them to use hashed passwords without changing those existing passwords.
I am using a standard implementation of the membership provider. I however, need to compare a supplied password (from a textbox) with a saved encrypted password. This is for a new security policy at work.
I need to send password encrypted email in C# -how hard is this to do ?, and how to do it ...??Do you nee SSL certificate or not ?I know how to send normal emails becuase i did it already but not encrypted emailsIf you have personal experience , then tell me the how.
i'm having a problem with symmetric key and certificate. the issue is, this database i'm using now is restored from a different source and ever since, i've been having problem regarding the symmetric key or certificate the error message i'd get from the aspx web pages would be "Please create a master key in the database or open the master key in the session before performing this operation" yes i did open the master key
For testing I used this:[URL]Encrypts only the password is not encrypted and username.Why not?For security reasons, I would like also to encrypts username.
I need to design two apps who can interact with each other. The first app, App A needs to send an encrypted string over to App B and App B will have to decrypt it and do some stuff. How would I go about that?
App A - http://MachineA/default.aspx App B - http://MachineB/default.aspx
I tried encrypting the data using AESCryptoServiceProvider and it returns a byte[]. Now how would I transfer it over to another application? Via query strings?
I am having two reports Report1 and Report2. From Report1 i have to call report2 while clicking link.
I have acheived this by using Jump to report and also i have passed some parameters to report2.
Using report viewer i am viewing this report1. In link field right click properties i am getting report2 url. In new browser if paste the report 2 url with paramters values URL report is coming and also it allows to change report parametes in address bar.
Is it possible to excrypt parameters values while calling report2
for maintain security, i encrypted my password and store in database like following
Dim PWD As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text.Trim(), "SHA1").Trim()
but problem is suppose user forget his password and need to know then how can i decrypted the password and send to the user?is there any other suitable way to handle password?
Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.
The way I see understand it currently:
Encrypted cookies:
Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one
Problems:
Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?
How do I know that computer A is computer A and not just computer B that copied computer A's cookie?
Client Certificates:
A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised
Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?
I have a encrpted web.config file. How to decrypt this file. Because I need to update connection string information in that file. So i need to decrypt the existing encrypted config and update the connection string then again I have to encrypt.Did not work below command. getting error(Decrypting configuration section...Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error mess age from the provider: Bad Data.)
aspnet_regiis -pdf "connectionStrings" <physical path of the we b.config file in server>
