I'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
I have an ASP.NET application that uses a MasterPage. In the MasterPage I have an image. This displays well on the development environment and on the default page that inherits it. But now I have set the website to prompt for a login using Form Authentication. The Login page also inherits MasterPage but it can't seem to find the image. Both aspx files (default and login) are in the same directory as the MasterPage. There is only one image placed in the Images folder. Has anyone seen this before?
i have a page with one master page.in my master page i have a image control(the id is testimg) in codebehind and in pre_init in want to chang picture.when the user is user1 img1 and when user is user2 ,img2 i wrote this code,but it has error
I have a gridview on which there is a colume of image button for user to select a particular row. When a row is selected, a modal pop up appears for user to edit data and finally uers hit update button (within modal pop up). I expect to update the selected gridview row with info on modal pop up. My question is how do I get the row number within the Update_Click event.
I've been hunting for a solution to grab the radiobuttonlist when they answer that particular question. It varies for the number of questions, but only one displays at a time, but there could be a radiobuttolist or checkboxlist based on the question type. I was figuring I could do this easy in the row command of the gridview, but that hasn't worked out so well since I can't get the datarow for some reason.
I am making a page that can get some info from a DB from a gridview and then print it to a PDF file. But I am having problems with the background color. If I use this line of code
Code : cell.BackgroundColor = New Color(System.Drawing.ColorTranslator.FromHtml("#008000"))
Then i get this error : System.Drawing.Color' has no constructors
Then I get this error: Value of type 'System.Drawing.Color' cannot be converted to 'iTextSharp.text.BaseColor'.
My code is: (the error is underline)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim cmd As New OleDbCommand() Dim myAdapter As New OleDbDataAdapter() Dim myDataSet As New DataSet() cmd.CommandType = CommandType.Text cmd.CommandText = "select CustomerID,City,Country from customers"
I have a gridview that has a dropdown on a template on the row. The user is wanting to change the value and update the record automatically. I know that when the value changes, I need to have the OnChange to trigger. I am not sure how to get the row so I can get the record ID so I can create a SQL statement to update this field.
Should I be using something other than the gridview?
I have two gridviews, where the first is databound to a sql table (but does not display the primary key info), and want to filter the data displayed on the second gridview by using the primary key info from the first gridview table, indicated by the selected row in the first gridview - how I could achieve this? its kind of like using the gridviews as a menu and sub menu display!
I want to display images in the Gridview from the image folder in this way:
But without saving the image location in the Database (i.e;i want to do this using the System.IO)
I can fetch the names of all the images present in the "img" folder but my problem is i cant set the src of the <img> tag properly which would display the image here is what i did:
I have a MasterPage (MasterPage.master) with 2 child MasterPages (specialMaster.master and standardMaster.master). From the MasterPage.master I need to get at some of the controls in one of the children, specialMaster.master, say for example to hide certain content if a session variable is not null.
almost typical master-detail scenario except the 'detail' data I want to display below the gridview will be coming from both the table that is bound to the gridview (master) and a related table.
simplified example: tableMain with field1, field2, field3 bound to master gridview. I need to select a row from the master gridview and have a form display below with field4 and field5 from tableMain, as well as all fields of tableDetail where field1 of tableMain equals field1 of tableDetail.
Is this what a 'formview' control is for? or do I just arrange my own controls to accommodate the data? Would a formview work considering my source will be partially from both the main table and the detail table? This is one of the scenarios were I know I could come up with something using none of the databound controls (except the master gridview), but I want to use the controls provided when it makes sense to do so, and utilize their benefits etc...
I have 2 masterpages. (Default.master and User.master).I have a hidden field in Default.master then how can i get the hidden field value of Default.master file from User.master.is there any way to access that hidden field like: Request.form("hidID") ?
I generate dynamic grids based on a count value returned from some DB tables. the code for it goes like this : I give and Id to each grid that is generated.
if (myDataList1.Count >= 1) { for (int i = 0; i < myDataList1.Count; i++) { //retrieving the exact i count from pageload ViewState.Add("newCount", i); //creating the dynamic grid with its corresponding gridview properties. grvDynamic = new GridView(); grvDynamic.ID = "GridView" + (i+3); grvDynamic.AutoGenerateColumns = false; grvDynamic.RowCreated += GridViewRowCreated; grvDynamic.RowDataBound += grvDynamic_RowDataBound; //adding bound field columns to retrieve data from stored proc BoundField metric = new BoundField(); metric.HeaderText = "Goal "; metric.DataField = "metric"; grvDynamic.Columns.Add(metric); BoundField mtd = new BoundField(); mtd.HeaderText = "MTD"; mtd.DataField = "value_MTD"; grvDynamic.Columns.Add(mtd); BoundField goal = new BoundField(); goal.HeaderText = "Tier Level Achieved"; goal.DataField = "value_goal"; goal.HeaderStyle.Width = Unit.Percentage(10); grvDynamic.Columns.Add(goal); BoundField you1 = new BoundField(); you1.HeaderText = "Month End"; you1.DataField = "firstLevel_you"; grvDynamic.Columns.Add(you1); BoundField you2 = new BoundField(); you2.HeaderText = "Month End"; you2.DataField = "secondLevel_you"; grvDynamic.Columns.Add(you2); ButtonField singleClick = new ButtonField(); singleClick.CommandName = "clickHyperlink"; singleClick.Visible = false; grvDynamic.Columns.Add(singleClick); BoundField metricId = new BoundField(); metricId.HeaderText = "Metric Id"; metricId.DataField = "metricID"; metricId.Visible = true; grvDynamic.Columns.Add(metricId); //binding the gridview to data. grvDynamic.DataSource = data; grvDynamic.DataBind(); grvDynamic.Columns[5].Visible = false; } }
protected void grvDynamic_RowDataBound(object sender, GridViewRowEventArgs e) { //this basically gets the metric Id's of rows with the ishyperlink flag set to 'Y'. I need to make these particular cells clickable var isClickable = (from md in myDataList3 where md.IsHyperLinkFlag == 'Y' &&
md.value_MTD != null select md.metricID).ToList(); if (e.Row.RowType == DataControlRowType.DataRow) { // Get reference to button field in the gridview. LinkButton _singleClickButton = (LinkButton)e.Row.Cells[5].Controls[0];
This code works perfectly fine , depending on the ishyperlink flag in the database...specific cells in the grid are made clickable and then redirected to page2.aspx My Issue: I need to capture which specific cell in which specific grid the user has clicked. store some information in sessions based on the cell clicked and use that information in page2.aspx.
I have a peice of code for a custom Gridview that works great if it is not in my Master.Page. As soon as I put it in my masterpage /ajax update panel it seems the autopostback function of my checkbox stops working..... Here is the relevent code :NOTE: (I have tried to turn on ViewState in every thing I could think of.....still nothing)
I have to update a gridview inside an updatepanel in a button click.The thing is i'm having gridview in contentpage.I have placed scriptmanager in masterpage.when i clicked on the button to trigger the updatepanel,no update is happening in gridview.Moreover,after placing updatepanel control in contentpage,i saw a redcurvedline (which is an error basically) below the updatepanel control's text which is showing an error as "Element 'updatepanel' is not known element.This can occur if there is a compilation error in the website" in .aspx page's source view.I have attached the screen shot here of that page here for your reference.
I have a gridview on my page which i can export to excel. The download button is located on the masterpage and i set the visibility of the download button on the master page by using a property like below:masterpage
[Code]....
other page
[Code]....
this all works fine but now i need to somehow pass through the name of the gridview to export. So in my masterpage code behind i have this code which works if i put the button on the page but not if i have the button on the masterpage:
[Code]....
and the gvResults is on another page (not on the masterpage) so how do i pass through the gvResults from the page to the masterpage for downloading.
I am trying to change the image url of an image button in my gridview. I cannot seem to be able to do this in the code behind. Is there a way I can do this through the image buttons controls?
