Is there a security risk if an application called page.ashx called internal only page.ashx, can a hacker conclude that another page is called.I don't want anyone to access this page. it looks stupid I know, but it is a part of more complex problem.
View 3 Replies
We currently have a public-facing .Net 4 application running with the default session timeout value of 20 mins. Are there any significant security risks with lengthening that to 60 mins or longer?
View 1 RepliesI am facing a problem ' HTTP/1.1 500 Intenal Server Error' while I want to create a new project of Visual Studio .NET.
It's running on VS 2003 which is quite old now rather than VS 2010 already came out.
I've tried to re-installed the aspnet account by running 'aspnet_regiis -i' and then reset the iis, and the result is nothing
I also tried to reinstall the IIS and VS 2003. And currently I'm still facing the same problem.
I am currently writing a C# web service which has several methods, one of which has to receive HTTP POST requests. The first thing i have done is alter the web.config file in the web service project as below.
[code]....
But when i run this i get "The remote server returned an error: (500) Internal Server Error". If i remove the parameter, by removing the stringbuilder and byte code, as well as having no parameter in the web service, it works. So it is obviously a problem with the parameters. I actually want to send more data, and was using a string[] parameter in the web service, but this also failed.
Background:
We are using the Facebook API and receive back URLs for profile image thumbnails. Unfortunately the protocol is restricted to just HTTP and it doesn't support HTTPS. The page on our site that hosts the thumbnails is always delivered via HTTPS, and if we use HTTP for the thumbnails the user will receive security warnings from their browser.
Solution:
Build an HTTP Handler that "passes through" the image from the Facebook URL, but allow the handler to be called via HTTPS. Before I started coding I thought I could something like this:
Response.OutputStream = WebRequest.Create(FacebookUrlForThumbnail)
but I ended up having to save the image to an object in memory than write the image to the Response.OutputStream using the image save function.
Current Code:
[Code]....
This seems inefficient but I can't find a way of using the HTTP Handler as I orginally intended. Is there way of accomplishing the goal without creating the image memory and just "passing through" the call?
using vb.net/asp.net 2005
when a user enters a bad email I am doing a check on this and throwing an exception message as follows, this works fine on the test site but for some reason the same code on the live site gives a "internal server error" (http code 500). The code below:
[Code]....
not certain why this is happening, I assume that it's some server or config difference between the test and live sites. has anyone seen this before? For a quick fix i'm registering javascript alert and showing the same text so it works but I would like to figure out why the code above is not working.
I have a mvc controller that communicates with a we service for user authentication, when user clicks login button, onclick event makes a call to javascript function using ajax and it makes a call to an action in server.The problem is when a use fiddler tool shows ajax call to the controller and also web service call, web service is called from controller never javascrit, how I can protect visibility of web service calling?, using web forms with the same scenario never shows a web service call.
View 2 RepliesI have just installed IIS manager version 6.1 build 7600 and visual studio 2010 (latest additions of both).
I have followed all the instructions and given the correct permisions ect for IIS to work with my directory. I have a helloworld website that has worked via the localhost server many times, but almost hourly something happens to the settings in IIS and it starts throwing errors.
The current error copied below. Basically I am wondering a few things...
1. Why does my IIS constantly do something so that it works one minute and then it wont the next (this is with an identical helloworld.htm file so I know it is not something I am doing with the file that is messing it up).
HTTP Error 500.0 - Internal Server Error
Calling LoadLibraryEx on ISAPI filter "C:WindowsMicrosoft.NETFrameworkv4.0.30128aspnet_filter.dll" failed
Module
IIS Web Core [code]......
I am currently trying to setup our website on a windows 2008 R2 64bit machine without much success. When I try to run the website I get the error detailed below. This only happens when I run the site under .NET 4. It works when I run it under .NET 2.
I have also tried going to a test aspx page to see what happens and it also give me the same error so it is obviously something to do with .NET 4 or the way I have it set up. I am thinking it might be a permissions thing but I am not sure what permissions should be set where. Please note this is the full version of .NET 4. The error I keep getting is:
HTTP Error 500.0 - Internal Server Error
An error message detailing the cause of this specific request failure can be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur.Detailed Error Information
Module AspNetInitClrHostFailureModule
Notification BeginRequest
Handler PageHandlerFactory-Integrated-4.0 [code]....
Most likely causes: The module could not be found.IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application. The authenticated user does not have permission to use this DLL.
The code in the test.aspx is
<%@ Page language="vb" %>
<html>
<body> [code]....
I try to upload web application to the server. After that I access it through http://..., but get
[Code]....
I search on the web, and add IIS_IUSRS to security of the folder of web application, and upload again. But still get same error. I need help on this,
the same application is working fine in 32 bit machine of my colleague where as in my 64 bit machine I am getting the following error. I also tried by changing Target Platform of the web app, under Properties-->Build-->Platform Target: From X86 to X64, in fact I tried all 3.
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module
IIS Web Core
Notification
BeginRequest
[Code]....
Config Source:
18: <validation validateIntegratedModeConfiguration="false"/>
19: <handlers>
20: <remove name="ChartImageHandler"/>
More Information: This error occurs when there is a problem reading the configuration file for the Web server or Web application. In some cases, the event logs may contain more information about what caused this error.
View more information »
I'm very new to ASP and have been writing a site which has been working fine both in development and on my production server.
However I added some reports to my site and now it works fine when I run debug on my local machine, but when I package the solution and move it onto my production server I get:
HTTP Error 500.23 - Internal Server Error
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
I'm suing server 2008 STD X64 with IIS7. I've made sure all my windows updates are done.
I've no idea whats causing this. I've tried removing the pages with reports on and I still get the same issue.
what is the difference in C# between the access modifiers internal and protected internal?
View 4 RepliesI have an existing ASP.NET application and there is a requirement in which i need to use ASP.NET MVC in that.
So altogether i need to mixing ASP.NET Webforms and ASP.NET MVC I am following an article [URL] I am done with all the steps. But its not working as expected.
[Code]....
When ever i add this to the web.config i am getting error. HTTP Error 500.22 - Internal Server Error An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode. ERROR CODE: 0x80070032 My OS is Vista Enterprise Edition.
I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.
I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?
From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?
I am trying to call WCF 4 Http Web Services which are hosted within an ASP.NET application. The Service is protected behind SiteMinder.
I was wondering how I could programmatically call the web service, and more specifically what information will I need to pass to be authorized within SiteMinder to access my resources.
I am making the request from the ASP.NET application running on the same server, so I have access to the authentication cookie.
[Code]....
I have the above statement in the Page_Load sub on the masterpage. When I run "Start Debugging" from VS 2008 it works fine. However, when I publish the Web Site (on the same machine) and try to load the site from our internal network, the information is blank.
I have one ajax call web service, and want to add some http headers using javascript, can we do that use setrequestheader in ms ajax?This is my javascript
[Code]....
[Code]....
When I was reading the blog Using jQuery to Consume ASP.NET JSON Web Services
I have seen this argument:
"By using jQuery to call the web service directly, we've eliminated over 100 KB of JavaScript and three extra HTTP requests. "
Why does the ASP.NET AJAX call to a .NET Web-Service needs 3 extra HTTP requests? What are those requests? (I wonder how jQuery manages the call with lesser HTTP requests in this case).
I'm writing an Asp.Net WebForms app where I am calling an edit page an passing in the data about the record to be edited using query string parameters in the URL.Like:
http://myapp.path/QuoteItemEdit.aspx?PK=1234&DeviceType=12&Mode=Edit
On a previous page in the app, I have presented the user with a GridView of screened items he can edit based on his account privileges, and I call the edit page with these above parameter list, and the page know what to do.
I'm writing an Asp.Net WebForms app where I am calling an edit page an passing in the data about the record to be edited using query string parameters in the URL.Like:http://myapp.path/QuoteItemEdit.aspx?PK=1234&DeviceType=12&Mode=EditOn a previous page in the app, I have presented the user with a GridView of screened items he can edit based on his account privileges, and I call the edit page with these above parameter list, and the page know what to do. I do NOT do any additional checking on the target page to validate whether the user has access to the passed in PK record value as I planned to rely on the previous page to filter the list down and I would be fine
View 7 RepliesIs it possible to call (Post to) a Method in a ASPX (Code behind) page via HTTP endpoint in Sql server 2008/2005.
View 1 RepliesConsidering the recent ASP.NET vulnerability, what should I look for in my httphandlers that would cause such a Padding Oracle vulnerability?
Asked in another way... what did MSFT do wrong and what did they fix in their handlers?
I have an extranet site (asp.net), we want that if an employee click on the link, it will automatically get them in. But if an external user does it, they will be redirected to a login page.
is it possible? how to know if a request come from internal user (employee) or external user (vendor).
I want to call my WebService using HttpWebRequest, but I get Error:The remote server returned an error: (500) Internal Server Error. The webservice works fine through the following url: [URL]
[Code]....
