Prevent Records From Being Created For Users Who Don't Accept Cookies?
Oct 8, 2010
I am using ASP.NET profiles with allowAnonymous="true". I am NOT using ASP.NET membership. I recently took a hard look at the aspnetdb database and noticed that although my site gets 600-800 unique visitors daily, there are 4000-5000 "users" being created in the database.
Clearly what is happening here is the users with cookies disabled end up creating a record for every request.
My question: How do I prevent user and profile database records from being created if the client doesn't support cookies or has them disabled?
I had to disable cookies for some testing in a web application. now for some reason in IE I cannot get cookies working on localhost any more. They work as expected in Safari, Firefox, and Chrome, but for some unknown reason I cannot for the life of me get cookies working on localhost. I have tried literally every setting imaginable with absolutely no luck. If I change the Url to 'localhost." it works as expected, but when I just use "localhost", without the "." period, cookies are absolutely not written. What the heck did i do? I tried upgrading to IE 9 and that didn't work. I reverted back to IE 8 and still have the same problem. I'm going absolutely mad trying to firgure out what is causing this. I tried tools, internet options, privacy, advanced, and explicit tell the browser to accept all 1st and 3rd party cookies and I'll be damned if I'm on a localhost site, the cookies are not written. This has worked perfect in the past, so it's no doubt some setting I changed but I cannot for the life of me figure out what the hell is going on. If anyone has any idea of how I can remedy this, please do let me know. I've tried every setting imaginable with absolutely no luck. I hate internet explorer but that a conversation for a different day.
I am developing questionare web site, where user has to answer around 55 questions. Its basically a check / uncheck option. So when user submit I store the value in DB.
The issue I am facing is if user selectes all the option, cookie value is lost. I see only 50 records can be stored (Request.Cookies.AllKeys)
Even the SessionID value is lost.Any solution / work around.
I need to store in the client side only. because if the user choose all options and do not submit. The values can be stored in the cookie and later point if he comes back we can read and give to him
I've a code to persist information in cookies about users like UserName and password.
Question is:
Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash string would be too long for it.
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
I am trying to make ActionFilter which redirects banned users to /Error/NoAccess site, so I have ActionFilter:
[Code]....
Before each public class xxxxxxController : Controller I use [NoBannedUsersActionFilter]. But for example on website /Account/LogOff I have error: 'Server cannot modify cookies after HTTP headers have been sent.' and VisualStudio shows me AccountModel.css file and this method:
i have created Array of Linkbutton and when user click on link button it will create an array of Radio Buttons but it requires Postback all time so page load takes more time...
i have been writing a music website for my customer using ASP.NET. Everything has been cool except I don't know how to prevent the users from downloadng the song which is being played. For example, I click "Heal the world" to play and while the song is playing, I dont't want the IDM download manager or other download programs appear the download dialog
I have a textbox with a calendar icon next to it. When the icon is clicked a popup form displays the calendar control. I have it set up where they can only select the week ending date(saturday) and that date is displayed in the textbox.
I want to prevent users from editing the textbox. I've tried using the readonly and enabled properties but that doesn't work.
How can I keep users from modifying the date in the textbox?
I am making a small file hosting website, and each user can upload multiple files, and will have access to just his files and can't access others files, for example by guessing the URL. Is there a way to secure files to have access by just the owner and no body else "may be website administrator also will have access"
I am using visual studio 2008 and from toolbox i have used create user wizard. I am able to create users and when a user is created it says successfully created a user.
how can the created users "name" be retrieved. I want to use this name for updating my local database.
In my website their is a module in which I m retrieving the data from the student master table..
In my gridview their are 5 columns (Student Id,Student name,Roll no,and a checkbox column,Date Textbox column which is empty) in which the data is retrieved from student master table....
I m adding the date in the textbox which is out of the gridview and when i check the checkbox for each student the data is stored in another table in database with a status as present for the checked students and absent for the unchecked students...
What i want is dat when i check the student and i select the date for the student and the data is entered in new table after all this i wld not be allowed to make the attendance for the same student for the same date bt i wld be allowed to mark attendance for the same student for another date..
for example i check the checkbox for the student "Rohit" and entered the date 1/1/13 and rohit is stored with status present in the another table for date 1/1/13 and now he shld be disabled so dat i wld not be able to mark his attendance for the date 1/1/13 and prevent the duplication...Bt after dat i would be allowed to mark "Rohit's" attendance for the date 2/1/13...
means he should be disabled for the single date...
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
How can we prevent non ahuthenticated users from like and dislike multiple times?one way : save Ip address in a cookiebut theres's two problem1. I heard Ip address isn't unique and changes frequently2. cookie can be deleted by userI'd .
I have looked and so far not been able to find the answer. When a user creates a new account i want the user to be automatically logged into the site as opposed to just being redirected to the log in page. I am able to create the users but am unsuccessful at finding logging them in.
I have a asp.net chech box control in the top of my page. I have a html table getting populated from DB on the page load. But, during the page load checkbox got rendered before the html table gets populated. So, the user is able to select the checkbox before the page completes the action and becomes unstable. My problem is, I couldn't disable and enable the checkbox after the page compltely loaded. As I tried this in the last line of Page_load event and also, using a Page_UnLoad event - no use. These events fired before I see the HTML table in my browser. Also, I tried in javascript (which is running after the html table populated), but there I could not enable the disabled check box.
I am trying to prevent users from submitting ascii codes in a textbox using a RegularExpressionValidator.
This works fine and I am able to display an error.
However when the user clicks on another button on the page I get the "A potentially dangerous Request.Form value was detected from the client" error. Is there a way to prevent this?
i have create web application for school management system...bt when i run my webside...(my welcome page is defaul.aspx bt if i want to acces studentdetail.aspx then i only enter url and i get studentdetail.aspx)
