C# - Transferring Info In A ViewModel Between Views And Controllers In MVC 2 Site Without Allowing Modification Of Info?
Jul 22, 2010
I'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
View 1 Replies
Similar Messages:
Apr 2, 2011
i'm having problems with this. I am developing an asp.net mvc 2 application. I have a partial view menu.ascx defined. this gets included on all the pages of my site in the Site.Master masterpage. Now the thing is I want my menu to change according to the type of user.Here's what I did at first:
<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<dynamic>" %>
<li><%: Html.ActionLink("Home", "Index", "Home")%></li>
<% [code]....
I shouldn't be doing this in the view ! But since this is the MasterPage no controller actually calls it so I don't know where to put the info in the ViewData dictionnary or ViewModel to pass it to this masterpage.
View 1 Replies
Apr 19, 2010
Basically what the title says. I created a new MVC application. I'm trying to add new pages to the site, but anytime I do I get the following error:Server Error in '/' Application.The resource cannot be found.Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
namespace MyAppMVC.Controllers
{
public class ProductsController : Controlle{
public ActionResult Index()
[code]...
View 3 Replies
Jan 20, 2010
For applications that need to have fastly different view layers, and I would like to still use the idea of the controller. I would ideally like to but the controllers in a Class Lib. and then have only the Views in a MVC Web Application. Taking the model out in this way works well, but I can't find a nice way to split the views and controllers.
View 7 Replies
Jan 7, 2010
I am new to MVC. my question is when we add a view to the controller event by doing the right click and add view.then we give a view name and click on add button. where is this information stored that which view is linked to which view?
View 2 Replies
Apr 14, 2010
I'm building a CMS type of application in MVC. I want to reuse my views and controllers for adding/managing content in at least two other MVC sites. Obviously I dont want more than one code base for the CMS stuff. I figured out a way to do so:
Controllers:
Controllers are easy. Nothing more than creating a new Class Library Project and adding your controllers. Be sure to reference System.Web.MVC. In your MVC project just reference your controller assembly.
Views:
Views are a bit trickier. My solution was to add the folder structure to my assembly
CMSViews
CMSViewsWhatever
Then start adding my view pages. For each page, you have to set the 'Copy to Output Directory' to 'Copy Always' (right click -> properties)
Then I created a new class which inherits from 'WebFormViewEngine'. In the constructor I call the base() and then I add paths to the base.MasterLocationFormats and base.ViewLocationFormats to specify the new locations to look for views.
[Code]....
Setup in MVC project:
To get the controllers and views to work from the assemblies, you have to add two lines of code in the global.asax. Under the RegisterRoutes() method, add
ControllerBuilder.Current.DefaultNamespaces.Add("YourAssemblyNamespace.Controllers");
then under the Application_Start() method add:
ViewEngines.Engines.Add(new YourAssemblyNamespace.MyViewEngine());
What I dont like is that the Views get put into the Bin directory when published and you have to make sure to set the Ouput to Copy Always which is going to be a PITA for larger projects with lots of views.
View 1 Replies
Feb 11, 2011
We're throwing together a quick project (CRUD forms) and decided to skip view models and use EF entities directly in controllers and views. Since I'm not used to this approach, I'm confused about handling validation.
For example: a DB field has a length of 25. How does that get transferred (if it can) to a validation constraint in my view? If i was using an intermediate model, I would attach attributes to the model properties and it would work. How would I do this using EF objects directly?
View 3 Replies
Jan 15, 2011
I have a subdirectory in Controllers named Admin, which contains several controllers.
Is there a way to change the route so that I can put all the views in "/Admin" for every controller in the Admin directory? Or do I need to map a route for every single controller?
View 1 Replies
Jan 20, 2010
We have a legacy ASP.NET webforms application that we're engaged in stabilising and removing technical debt from. Is it possible to take a hybrid approach - ie, can ASP.NET MVC coexist with webforms within the same web-project? Are there any gotchas for that? If it is possible, I assume one just has to initialise the routes table, register the ASP.NET MVC handlers,
View 1 Replies
Feb 3, 2011
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
View 2 Replies
Oct 11, 2010
what is MVC , what is the use of mvc and what i need to learn the MVC, what are the initial requirements for the Learning and MVC is a three tier architecture or not.
View 1 Replies
Nov 14, 2010
in PHP, I can know these info for the visitor: IP Address. IP HostName. Natted IP Address. Natted IP HostName. User-Agent (Web Browser, OS version, framework, infopath, etc...) Web REQUEST. Web Referrer. Language. DateTime. How can I know that in asp.net? And what additional info can I know using asp.net? And how can I know if the visitor have special software installed?
View 3 Replies
Feb 28, 2011
Where I work, we're planning to develop a web application (for internal use) with the help of ASP.NET MVC, me being the intended developer. I have no real background in web app development, but I have dabbled a bit with RoR in my spare time and loved that way of doing things. At work .NET is de rigeur however, so I am looking at ASP.NET MVC (looks promising so far, for that matter).
Since we're new to developing web applications, we're unsure about how to best handle the administration of the application's platform (i.e., the web server and the database server etc.), and are wondering if we might be better off deploying it on Azure. While I know that there is support for ASP.NET MVC on Azure, I don't know the concrete methods of managing an application throughout its lifecycle: create it initially, deploy new versions, change database schema etc. On the other hand, I know at least superficially how to manage Rails applications on Heroku.Could someone please provide us with some much needed advise on running ASP.NET applications on Azure compared to on-premise, and thus help us decide? If we could be pointed toward some practical info, tutorials perhaps, showing how an ASP.NET MVC application (or even just a straight ASP.NET application) on Azure is managed throughout its lifecycle,
View 3 Replies
Sep 27, 2010
I wanted to know if there is a way to get the following info from a website if all i put was give was a url:
1. Title of page
2. A piece of the the text on the front page, or even the info that would be within one of the meta tags.
3. The logo
I,m not sure where to start on trying to get this info, but maybe there is a plugin that exists that i could buy or even a web service out there that i could use.I found Amazon's AWS which does kind of what i am looking for,but i've talked to a few people who've used it and they said it sucked.
View 1 Replies
Mar 16, 2011
I would like to ask a plain and simple question about the Model-View-Controller architecture - should the UML Class diagram for my application include all the controllers and views and their relationships, or should it just include my model classes, i.e. the entities that are the heart of the application, you know - like in an ordinary application - i.e. User, Administrator, Student, Teacher, Course, Grade etc...?
View 1 Replies
Feb 9, 2010
i'm back again,i need some info about the login page. hope some 1 provide some useful link .i want to let the user login first before redirect to the my main page. I don know how to restrict the user access to my main page without login.
View 3 Replies
Jan 6, 2010
I have a Masterfile that has a header control with a button, and the ContentPlaceHolder which would be another page with multiple text boxes.
When I press the button in the header, I need to iterate through all the text boxes and grab their text, how exactly would I do this using C#?
View 1 Replies
Apr 16, 2010
I'm working on a ASP.NET (C#) site that pulls most of its data from Dynamics CRM over SOAP using Microsoft's CrmService SDK. I'm at the point where a query has returned an entity with a property of the type Customer. I need to get the name string of that customer record, but cannot figure out how to do so. By doing a little guess work I figured out that what I have is GUID for the customer. How can I use this GUID to get the customer's name as a string? Relevant Links:
CrmService Docs
Customer Property
Customer Class
View 1 Replies
Jan 14, 2010
I've been reading others questions regarding storing settings in the web.config. Most of you agree that's a good way to store settings.I just have another doubt about that.
In my app, I need to map some ID's in the web.config. For example:
[Table = UserType]
1 - User
/2 - Admin
Is it a good idea to store these settings in the web.config so I know what is the right ID in my application? Do you have a better solution?
View 3 Replies
Mar 31, 2011
I want to retrieve info from more than 1 table. I have tried to look into using the ViewModel but do not fully understand how to implement it. My Model is setup using ADO.Net framework.
View 1 Replies
Feb 10, 2011
Can you read the servers hardware info via a web app in c#?
View 5 Replies
Dec 22, 2010
i want to write a WCF service to get some info from the database. The service will be called by web application. SO first of all what type of WCF project should I use.. is it WCF Service Library or WCF Service application.
Next, where should I define the connection string? The connnection string that I use inside the web.config of my web application can be used or propogarted to my WCF service? Or SHould I define the connection string again in my WCF service..?
Any examples on WCF with ado.net examples? so I will know how to define connection strings and utilize the service inside my web app?
View 7 Replies
Nov 4, 2010
So i have a aspx that gets IP Addresses. but if i have multiple machines coming from an IP address I need some info that will distinguish each machine differently.
View 4 Replies
Mar 19, 2010
I'm using MapXtreme 2008 v7 for a learning project, and was wondering is there any way to make a bubble appear with data when you pass a mouse over a point?.
View 1 Replies
Dec 14, 2011
I am working on a program to pull info from sql and display it in a gridview. However I am getting the following error message :
Must declare the scalar variable "@branchparam".
All I am wanting to do is check to see if something exists in the sql database, if it exists then boolean active user=true else false.
If it is true then I want to fire the other subs, if it is false, then exit sub and display message.
HTML Code:
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="FinancialManager.aspx.vb" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
[Code] ....
View 2 Replies
