C# - Protect A Public ASMX Page That Posts Important Data To Database?
Jan 19, 2010
I have a site in development with several web services (ASMX) that post important data to my database. When I navigate to the ASMX file in my browser, I can fill in the form with the parameters and post to the DB. If someone finds the URL to my WS, they can severely alter my database. I want to prevent people from being able to post to my WS publicly. So far, I've thought of two things that may but I'd like to know if there are any other ways:
Check to see if the HTTP Referrer to the WS method is the domain the WS is on Add an additional parameter called Key to all important WS methods and have this be an encrypted "password." Then encrypt my stored password on the WS side and compare if the keys match.
I've got SL application where i should implement file managment subsystem. I've got hierarchical structure of filesfolders(just description). Also each filefolder has its own permissions to usersgroups. I would like implement that one user who has permission to download file couldn't give it to another user, who hasn't this permission. So if user has download permission he get link [URL] and download it. But he could give this link to another person without permission.
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
I have a website where people can send an email to a group of people and then choose to have that letter posted on our website.
The problem has now become that I get so many of them, I can't keep up with doing it manually. What I'd like to do is have it go to a database and then have it automatically update the site. So, one page will have "teasers" with the Author's name, etc and a few lines of the letter and then it links to another page that has the entire letter.
I was recently asked to speed up a C#/ASP.NET/SQL Server business app website. Since I just started, I don't know too much about the internals. So where do I start? Sight unseen, what is the single most important thing affecting performance on a system like this? Database tuning? Hardware? Individual page optimization? What is the first thing you'd look at? EDIT: After I actually do the work, I'll come back and post the answer. ;)
EDIT again: "Profile" is currently the most-voted answer, and I agree that that is clearly what one should do. But I was looking for guesses/experience as to what the profiling results would show, so I don't think that answer counts...
post - postid(pk), topicid(fk), post (content), createdby, createddate, updatedby, updatedon.
As i told in my last post, I am designing a forums website. I am not able to design the query to retrieve the topics for a category for example say catid=1. I want to display it in a grid view as done in every forums.
I made some query :
SELECT Topic.Sub, Topic.CreatedBy,COUNT(Topic.viewers) from topic where catid=1
group by Topic.Sub,Topic.CreatedBy
This is for retrieving the topic name from the subject and the createdby giving the topic starter and the total no. of views of that topic.
Now i want to make a query from the post table displaying the last post in the topic and if the post does not exist, i want to display the 1st post from the topic table as the last post done.
By default web service is enable for windows authentication. But if we want to expose our service to public domain, then I guess we have to use some specific credential for web service authentication. Can anyone tell me how to set those credential at service side and validate it for client and how the client will send those credentials?
I have this Internet web service page(webservice.asmx) being consumed jquery ajax call.
And I am hoping to restrict public request to this webservice other than request from local pages (aspx or jquery ajax call).
The web service checks for form-authentication before it gets executed but I just don't feel comfortable the .asmx page and list of services are viewable.
So users can't just type www.mysite.com/webservice.asmx to access my webservice.
i have websrvice class in this i declared a webmethod and a public property my problem is i want to acess service class public property in my asp.net web application after creating proxy object.
So I have a ntext column in a table with a combination of large random data (hence why ntext in the first place) and sometimes contains a uniqueidentifier.
I need to find and delete rows based on the uniqueidentifier.
I can't do the comparison with it being ntext, but I changed it to varchar(max) in my dev enviornment and it let me do it without any warnings and I can now do my comparison like I want to, so all is good.
I just want to make sure I'm not changing any of my large random data by changing the data type.
Code: Sub btnLogin_OnClick(Src As Object, E As EventArgs) Dim myConnection As OleDbConnection Dim myCommand As OleDbCommand [code]....
I found this code for user authentication. How secure is this? Can this be bypassed? Can I protect a MySQL database with a password? Can people see a MySQL database's data if it's not protected?
I have written below function to post single Photo to FB page. But getting error saying "(OAuthException - #200) (#200) Unpublished posts must be posted to a page as the page itself."
How to bind a GridView Column to a public method in a Page. I have done this before but forgot the syntax. Basically the DataSource has a column named "EndDate" and based on value of the enddate i want show some text in column.
