C# - Protect A Public ASMX Page That Posts Important Data To Database?
Jan 19, 2010
I have a site in development with several web services (ASMX) that post important data to my database. When I navigate to the ASMX file in my browser, I can fill in the form with the parameters and post to the DB. If someone finds the URL to my WS, they can severely alter my database. I want to prevent people from being able to post to my WS publicly. So far, I've thought of two things that may but I'd like to know if there are any other ways:
Check to see if the HTTP Referrer to the WS method is the domain the WS is on Add an additional parameter called Key to all important WS methods and have this be an encrypted "password." Then encrypt my stored password on the WS side and compare if the keys match.
View 3 Replies
Similar Messages:
Jul 28, 2010
I've got SL application where i should implement file managment subsystem. I've got hierarchical structure of filesfolders(just description). Also each filefolder has its own permissions to usersgroups. I would like implement that one user who has permission to download file couldn't give it to another user, who hasn't this permission. So if user has download permission he get link [URL] and download it. But he could give this link to another person without permission.
View 2 Replies
Jun 16, 2010
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
View 2 Replies
Jun 22, 2010
I have a website where people can send an email to a group of people and then choose to have that letter posted on our website.
The problem has now become that I get so many of them, I can't keep up with doing it manually. What I'd like to do is have it go to a database and then have it automatically update the site. So, one page will have "teasers" with the Author's name, etc and a few lines of the letter and then it links to another page that has the entire letter.
Can anyone tell me if:
a) that's possible
b) how to implement it
Doing it manually has gotten out of control!
View 2 Replies
Feb 11, 2010
I was recently asked to speed up a C#/ASP.NET/SQL Server business app website. Since I just started, I don't know too much about the internals. So where do I start? Sight unseen, what is the single most important thing affecting performance on a system like this? Database tuning? Hardware? Individual page optimization? What is the first thing you'd look at? EDIT: After I actually do the work, I'll come back and post the answer. ;)
EDIT again: "Profile" is currently the most-voted answer, and I agree that that is clearly what one should do. But I was looking for guesses/experience as to what the profiling results would show, so I don't think that answer counts...
View 8 Replies
Aug 3, 2010
I heard that for java (jboss + any DB) it's really important cuz there is going to be lot of problems, but for .net not so much, is it ?
View 4 Replies
Aug 26, 2010
How do declare a public variable .aspx web page that can be used in all the pages within my web application? And/or create a Public Sub?
View 3 Replies
Jan 18, 2011
I am designing a forums website. I have prepared two tables - topic and post
topic - topicid (pk),sub, message (content), replies (count of replies), catid(fk), createdby, createddate, updatedby, updatedon, viewers( count of views)
post - postid(pk), topicid(fk), post (content), createdby, createddate, updatedby, updatedon.
retrieving data from both tables in posts page where the 1st post is in the topic table and rest i.e. replies are in the post table.
View 8 Replies
Jan 20, 2011
topic - topicid (pk),sub, message (content), catid(fk), createdby, createddate, updatedby, updatedon, viewers( count of views)
post - postid(pk), topicid(fk), post (content), createdby, createddate, updatedby, updatedon.
As i told in my last post, I am designing a forums website. I am not able to design the query to retrieve the topics for a category for example say catid=1. I want to display it in a grid view as done in every forums.
I made some query :
SELECT Topic.Sub, Topic.CreatedBy,COUNT(Topic.viewers) from topic where catid=1
group by Topic.Sub,Topic.CreatedBy
This is for retrieving the topic name from the subject and the createdby giving the topic starter and the total no. of views of that topic.
Now i want to make a query from the post table displaying the last post in the topic and if the post does not exist, i want to display the 1st post from the topic table as the last post done.
View 22 Replies
May 14, 2010
By default web service is enable for windows authentication. But if we want to expose our service to public domain, then I guess we have to use some specific credential for web service authentication. Can anyone tell me how to set those credential at service side and validate it for client and how the client will send those credentials?
View 1 Replies
Nov 28, 2010
I have this Internet web service page(webservice.asmx) being consumed jquery ajax call.
And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).
The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.
So users can't just type www.mysite.com/webservice.asmx to access my webservice.
View 2 Replies
Aug 2, 2010
i have websrvice class in this i declared a webmethod and a public property my problem is i want to acess service class public property in my asp.net web application after creating proxy object.
service class:
[Code]....
View 1 Replies
Mar 23, 2011
So I have a ntext column in a table with a combination of large random data (hence why ntext in the first place) and sometimes contains a uniqueidentifier.
I need to find and delete rows based on the uniqueidentifier.
I can't do the comparison with it being ntext, but I changed it to varchar(max) in my dev enviornment and it let me do it without any warnings and I can now do my comparison like I want to, so all is good.
I just want to make sure I'm not changing any of my large random data by changing the data type.
View 4 Replies
Dec 4, 2010
Code:
Sub btnLogin_OnClick(Src As Object, E As EventArgs)
Dim myConnection As OleDbConnection
Dim myCommand As OleDbCommand
[code]....
I found this code for user authentication. How secure is this? Can this be bypassed? Can I protect a MySQL database with a password? Can people see a MySQL database's data if it's not protected?
View 19 Replies
Jan 19, 2010
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
View 4 Replies
Aug 22, 2013
I have written below function to post single Photo to FB page. But getting error saying "(OAuthException - #200) (#200) Unpublished posts must be posted to a page as the page itself."
View 1 Replies
May 29, 2010
how to publish posts automatically in web site page (asp)?
View 5 Replies
Jul 22, 2010
Clicking the save button on my webform that's on our dev server:
http://DevServer/Page.aspx
Posts back to the same page on my local machine:
http://LocalMachine/Page.aspx
How does the DevServer even know my computer exists? I haven't hardcoded any URLS in my code.
View 2 Replies
Mar 15, 2010
How to bind a GridView Column to a public method in a Page. I have done this before but forgot the syntax. Basically the DataSource has a column named "EndDate" and based on value of the enddate i want show some text in column.
[Code]....
where GetEndDateText is a method in a Page
View 2 Replies
Jul 16, 2013
how to display latest recent posts in my facebook page to my website.
View 1 Replies
Aug 23, 2012
I have images on my page. I want to protect them. so, i want to protect my page and images from print screen. How i will do it.
View 1 Replies
Feb 10, 2011
I can access a module from code behind but not from the aspx page in inline VB code <% ... %>.
I know its got to be something simple but I can't seem to find the answer anywhere.
View 1 Replies
Oct 20, 2010
Why is knowing the Asp.net lifecyle important to coding in Asp.net?
View 10 Replies
Oct 25, 2010
I am to access a method on my master page. I have an error label which I want to update based on error messages I get from my site.
public string ErrorText
{
get { return this.infoLabel.Text; }
set { this.infoLabel.Text = value; }
}
How can I access this from my user control or classes that I set up?
View 3 Replies
Apr 26, 2010
to whom it may concern,
I wish to access a public property in a master page from a nested content page
is there anyway to do that without using "master type"
i found this link
http://www.velocityreviews.com/forums/t110057-accessing-properties-from-nested-master-pages.html
but i dont understand what "companywide" is
((CompanyWide)this.Master.Page.Master).HtmlTitle = "now it is working";
i dont want to use "MasterType" i would rather cast..
View 11 Replies
