I am building a ASP.NET website that has members pages. I have created a folder where I keep the members pages in and that can only be accessed by logging in or creating a new account. The problem is how do I make the url of these members pages secure, so that someone cant simply give the url to another user for them to copy into a browser or bookmark.
Our site has a page for maintenance of existing members (e.g. adding / changing roles, etc.)This page currently uses a gridview to show a complete list of all members, based on GetMembers() method to populate it.However, as the number of users has grown to several hundred, it has become difficult to locate a particular user by paging through several pages.Is there a way to narrow down this list, maybe with a filtering textbox, so that as you start typing into that textbox, only members whose name contains the typed characters will show up in the gridview?
I'm using a masterpage on my website and the images appear correctly on all pages except the secure pages. The login page is formatted correctly, its just the page that is held in the secure folder. Both the header and footer images are either not appearing or are formatted incorrectly.
How to make web services secure in asp.net both the asmx and on WCF. Currently we have web services and now are in process of converting them to WCF in some modules in our application. Now as upgradation is in process we like to incorporate security on the web services as we intend to open some of them to all our clients via web (they contain both asmx and WCF as well).
On code behind I do subit after the user clicked a button.After this, I am trying to refresh the page, and it sends the submit again. and so, there are duplicates in the database.How can I delete the form details immidietly after the first submit?? orelse, what are my options to deal with such scenarios?
i have a above connections string in which i use UserName: taha1_ID2, Password: taha321, and SQL Server DataBase Name:taha1_web2 How can we encrypt it in web.Config
I have four servers 2 App Server(behind firewall) and 2 webservers and each server is accessing through Load Balancer.
App Server is a modules for Data Access layer and webserver is for Presentation layer.
My Issue is My Load Balancer has Secure certificate installed but certificate is not installed on servers and I want to make cookie as secure in site , as per my understanding " cookie should be set as secure only for SSL site other ways new session will get create every time" so should I install SSL certificate on webserver to make my cookie as secure or will it work properly even if only Load Balance has SSL.
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I have a project that uses a CSSHandler with images and css style sheets in the project root directory in their own folders (img, styles, App_themes). I also have a sub application that comes with a MasterPage. The sub application is located in a separate folder in the root directory with all its images, css, and pages. Functionally the sub application works, but the formatting is lost. The images and colors are not displayed. How can I make the sub application's css visible to its pages? It has probably something to do with the way the CSS handler delivers themes and css style sheets?
.net and I love it already,how to make my LOGO (not image just a text) on my website clickable as back to home link but ONLY on some pages? I have the logo text on my Site.master page but as soon as I make the logo as a link then the logo will be clickable even though I am already on the home page which is pointless.
I'm working on a webforms aspx app (not MVC) and I'm not sure if I should just create separate pages or somehow make multiple views on the same aspx page for the following scenario: Basically, I need to give the user the option to view a set of data a few different ways (essentially different group by's from a data perspective)... the data is always the same, its just a matter of how to arrange on the page...
each way I need to present the data will essentially consist of 2 repeaters, one nested inside the other. The outer repeater will display a nice header section with the nested repeater showing the list of items under that heading. view by book title (title is outer repeater, with the book list being the nested repeater, yes, multiple books with same title for this example - the app has nothing to do with books, this is just to illustrate)
Book Title: A Good Story Author - Publisher - ISBN Dan Johnson - Smith Publishing - kjdkjfd99898989 Susan Day - Smith Publishing - aa777fd99ff Greg Greger - Corp XYZ - amkj897hgrt554
Book Title: Another Good Story Author - Publisher - ISBN Frank Franky - Corp XYZ - kj3kjfd9d9980 Jason Cambel - Smith Publishing - 7g7fddddttt Jill Breker - Smith Publishing - d9ddt523321
Or, view books by publisher (here the publisher would be the outer repeater and the list, with different fields compared to first view, is the nested repeater.
Publisher: Smith Publishing Title - Author - ISBN A Good Story - Dan Johnson - kjdkjfd99898989 A Good Story - Susan Day - aa777fd99ff Another Good Story - Jason Cambel - 7g7fddddttt Another Good Story - Jill Breker - d9ddt523321
Publisher: Corp XYZ Title - Author - ISBN A Good Story - Greg Greger - amkj897hgrt554 Another Good Story - Frank Franky - kj3kjfd9d9980
so what do I do here? Just making separate pages is simple and would work, but is there something else I should be considering? There will be 3 different views, so 3 pages total if I went that route. Something is making me think I should be doing this all within one aspx page? maybe just toggling the visible property of the repeater controls? but then I was thinking each of these repeater controls is databound, and I assume even if they are not visible they still incurred database hits to get the data, right? and that could be bad?