Javascript - Security Practice For Web Based Systems?
Nov 17, 2010
My system is an asp.net website which uses sql server 2008 (mostly stored procedures, but for asychnronous calls I directly insert the sql commands). I have a web service which polls multiple databases, I use external libraries(Including office interop), and allow for uploading and downloading files - without restriction.
My asp pages use javascript and jquery for most of their functionality.
View 1 Replies
Similar Messages:
Jan 28, 2010
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
Following is the settins of my web.config:
[Code]....
View 2 Replies
Feb 25, 2010
I started removing part of a view into a partial so that it could be reused on another view. However, I got stuck because there are some JavaScript functions on the original view that call some of the functions that belong to the partial. It seems wrong to call functions that are defined on the partial from the containing view (and vice-versa). What is the best practice for this situation?
View 3 Replies
Apr 27, 2010
1) All users can browse open web site content.
2) To access memebrs area users must login.
3) Users can create , edit/update, delete there profile/information only.
4) Users can see / view other users profiles.
5) Admin can browse, create, edit/update, delete an any profiles.
I found many different ways to implement it, but what the best practice. May be you can point me in right direction.
Application Web based, MsSQL 2005, .NET 3.5, Server 2003.
View 1 Replies
Apr 14, 2010
I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.
View 5 Replies
Jan 14, 2010
I have been investigating the best way that I can secure my MVC application and restrict specific functionality from users. My first approach was using role management. I thought of expanding the membership database by writing an interface that would allow me to create groups of functionality i.e. 'manage customer' and then another table would hold 'activity' information for that group i.e. 'create', 'edit', 'transfer', etc. I would then create another table to link groups of functionality to specific roles and then assign my users to the roles. At first this seemed ok but I soon realised that I was a level of granularity missing. Not every user who is assigned to a specific role should have access to all of the functionality for a given group attached to a role, damn! I then thought that I could create another linking table that would hold 'access exceptions' i.e. this table would contain entries of a userid and activity id that a specific user was excluded from.
Does this approach make any sense? Is the creation of databases tables and an interface the best approach to this?
View 1 Replies
May 21, 2010
Just wanted to know what is the best pratice for storing new fields data when an user sign up ?
Also...
1- Is there a way to make the login controls use the same database than my website database?
2- It is okay to use the Membership and Role API to manager users from an user interface (without the ASP.NET Web configuration tool) ?
View 9 Replies
Mar 26, 2010
which i added one sitemap in whcih i added all the pages n i want to retrive that sitemap in masterpage based on login in whcih suppose admin hs login then display only admin pages with sitemap n if normal user hs login then it ll display only normal user pages with sitemap. here i didn't use login control but i create login page manually.
View 1 Replies
Apr 14, 2010
If I am going to use the asp.net membership and roles, the asp.net database includes an aspnet_Users table that has the userid and email address. If I have custom fields is it best practice to maintain a separate usert table and link on user id or to add fields to the aspnet_Users table?
View 1 Replies
Jan 12, 2011
I have 2 Web applications in the same IIS with the virtual directory structure below:
http://www.mydomain.com/site1
http://www.mydomain.com/site2
both site1 an site2 are using form authentication and creating the token further adding in cookie as below,
FormsAuthentication.Initialize();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,username,DateTime.Now, DateTime.Now.AddMinutes(20),rememberMeSet,globalID ,FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
String hash = FormsAuthentication.Encrypt(ticket);
//Create the authentication cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
My problem is when I'm logging in to Both site1 and site2 then these two are not running simultaneously on single browser using different tab for same user name.one is being logged out when logging to the other application and vice verse.
View 3 Replies
Jun 22, 2010
First, My project is to develop a loyalty system similar to air miles. The objective is to capture items bought in stores by means of a magnetic stripe card. The problem is I dont know how POS (Point of sale) systems work. Do I need to contact all the grocery stores individually or do I need to contact all the POS software designers individually?
Second, The objective is not just to capture a number from the card but to actually have access to the individual items bought at the store by means of the card in the form of a database.
View 1 Replies
Jan 12, 2010
This is more of a general question about which direction would be a better investment for the company.
Our company's core business application is written in Visual FoxPro and is about 9+ years old. The database is huge 15+ gigs and the core logic is complex and to make matters worse the data model is terrible. The two guys that built it and have maintained it all these years are at least in their 50's, so needless to say retirement or possibly death could come within the next decade or so.
This VFP app drives all our core business functions and requires terminal services and citrix to access it from the outside world. Our web apps have to interface with it via ODBC and we are always having performance issues with it. The servers that run this system are also very old, like Win 2000 server and are falling apart.
Recently we have been having meetings about upgrading the systems that run this core app as well as other services like email and file storage. The biggest expense however is buying new server hardware, OS licensing, Terminal Services licensing, Citrix licensing etc to solve some performance and outside access issues we are currently having as well as just generally bringing us to date on our systems.
The price tag is going to be in the $55K to $65K price range. So as a web developer my point of view is that this is a huge waste of money! My solution would be to invest that money in rewriting the core system to run on the web based .Net platform. This would eliminate the need for Terminal Server and Citrix licensing along with the pricey hardware and configuration management to run it on. I don't see the point in investing this kind of money in an antiquated system that should be on it's way out anyways.
I am looking to get some convincing arguments as to why this is a waste of money. Hopefully there is someone here that has faced this type of situation before that can give me some points of view. The hardware upgrade seems to be the easiest road to take because they will just have a consultant come in and do it all. A software development project would take longer, require more resources and possibly cost a little more money.
View 10 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Nov 16, 2010
Suppose I have two threads(Thread1, Thread2) where the threads are accessing the cache for a given object such as in the code below nearly at the same time:
Dim expensiveToGetData = Cache("ExpensiveDataKey")
If ExpensiveToGetData is nothing then
'because the cache has expired
ExpensiveToGetData = LoadExpensiveDataFromDataSource()
Cache("ExpensiveDataKey") = ExpensiveToGetData
end If
ProcessExpensiveData(ExpensiveToGetData)
Isn't it possible for both threads to load the cache because they both requested data from the cache that was nothing/expired? I've run some tests on a local machine and it seems that the cache is being loaded more than once. Is this a normal pattern?
View 2 Replies
Jun 25, 2010
I like the look of SIteInifinity by Telerik as a content management system. Unfortunately it is not WCAG 2.0 compliant.Are there any third party CMS systems that are WCAG 2.0 complaint?
View 2 Replies
Dec 4, 2010
i'm using ssrs2008 without IIS ...
i've created my reports and deployed in my system.. i.e
http://localhost:8080/rpt which are working fine.. (" i.e in XP prof SP3")
now i've developed an application in different system which windows server2008
in that i'm using reportviewer now.. what i want is when i run the project in
windows server the reports display from my system.. i.e my url http://myip:8080/rpt
error msg("enable to connect remotely")
i've tried by giving my [URL] in another system .. but it will ask username and password i've tried giving my system and password .. and also the system name and passward where i'm trying to execute.. the error is displayed
("An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.")
View 1 Replies
Apr 26, 2010
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Replies
May 7, 2015
I want to implement Login session , in which one user can login from one device only ..and if on other device try to login with same ID the First Device get an Alert..
View 1 Replies
Feb 9, 2010
I migrated a project from vs 2005 to vs 2008, in the vs 2008 project we will continue to use framework 2.0 only so i didnt migrated to 3.5
When I open a page in 2008 I got this problem in the scriptmanager.
I found this on the web.config
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
View 4 Replies
May 17, 2010
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies
Jan 21, 2010
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
View 2 Replies
Jun 26, 2010
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 Replies
Jan 18, 2011
I am trying to put in scripts for google analytics in my code. But I want it to run only if the environment is production and not in dev or qa. This javascript runs at page load itself and I am confused how to make it run conditionally. My app is an asp.net app.
Javascript is always confusing to me. There are many other javascripts in the page and I just need to disable this one. Had it been a .net code/function I would check for the environment and conditionally run the function. But I am confused about how to accomplish this type of functionality with javascript
View 4 Replies
Jan 8, 2010
I am not sure if is it possible or not but I have to change some classes of <li> tag which I am getting from ascx file.Now the condition which li to change or no is based on html that I am producing with the help of xsl(written in code behind).I know i can do this with the help of Javascript. But what if I don't wanna use javascript and want to do it wth the help of code behind itself.Is this possible let me explain this with the example also
<li>A</li>
<li>B</li>
<li>C</li>
I am getting A,B,C from the user control using Datagrid for it. now In this user control I have xslt and from this xslt I am getting html A,B.... and I want to change classes of li tag of A and B to sth else now.Can I do it withot using javacript. I want to write sth in my codebehind to acheive this.
View 1 Replies