From what i know Random() is initialize to the current time. If two connections hit during the same second i should get the same two random numbers? With a large site that can be likely. Locking is bad so how should i solve it? note: the number is used for the session id.
-edit- i am stuck using a long. It feels wrong to shorten a 128bit GUID
I am trying to generate a random number from within a class and am getting "Type 'Random' is not defined" - does anyone have any ideas. Here is the code
**note the code works on an aspx.vb page, but not from within my class Dim RandomClass As New Random() Dim RandomNumber As Integer RandomNumber = RandomClass.Next(3)
I want to generate a unique random number everytime a user submits a form. As the form is submited the data of the form should be placed in a database and a unique random number should be generated so that the user can later use this unique random number to reterieve his details from the database that refer to his unique random id. The unique random number should be atleast 9 digits long.
I am trying to create a Question Bank application for one of our clients. What is the main challenge I am facing is a typical demand from the client. What they want is : Whenever users open this site a set of random numbers(range say 1 to 20) should be generated and questions with the QuestionID(column in a table in Database) according to the numbers would be displayed in the page. I have done it to some extent but, still not satisfied with it.
public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { int[] n = new int[10]; int rn; bool Check = true; int[] n1 = new int[10]; Random rand = new Random(); n1[0] = rand.Next(1, 21); for (int i = 1; i < 10; i++) { rn = rand.Next(1, 21); for (int j = 0; j < n1.Length; j++) { if (n1[j] == rn) { Check = false; break; } else continue; } if (Check == true) n1[i] = rn; } for(int i=0;i<10;i++) Response.Write(n1[i] + " "); } }
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I'm getting this exception randomly in one webservice, it used to happen in the first call only, and in the second calls and so on it works fine ... and after a while without use the webservice it happens again. It seems to be that when the AppDomain is not loaded, the first time fails... and subsequent calls are ok; when IIS shutdown the AppDomain... the next call will fail again.
I have a Menu with various Web Pages, as I click to nagivate from one Page to a nother, at random but not often, when I click on to open a Page it took me back to my Login page where user must enter the Name and Password again it then open the page else it doesn't do anything and stay on the login screen. This doesn't occur on my local development test.
On my Pages' Page_Load event I have this code If Not Me.User.Identity.IsAuthenticated Then Response.Redirect("~/Login.aspx") End If
I'm creating a ASP.NET/SQL Server 2005 Express app which requires users to upload supporting attachment or documents in .docx and .pdf format. The web server is IIS 6/Win 2003. I'm trying to come up with a good way of securing these documents so anonynous users cannot see them and creating a separate Windows login for every user is not an option. SQL Server Express does not have blob data types. I'm storing each user's authentication information in the SQL database and not really using forms authentication.
I would like to send email securely to third party with attachments containing sensitive info. The website is configured with SSL. I'd like to know how to send email securely via asp.net app.
i have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
I've got IIS 6 with a self-signed certificate installed. This is now securing the whole site (all urs are HTTPS). How do I only apply HTTPS to logged in areas, leaving publicly viewable data with HTTP?
I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if:If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it?If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?
I'm building a forgot password feature for my first secure backend.
I want to email a url containing an encrypted parameter to the user which will lead them to a password reset form that can only be accessed via the url with the encrypted parameter.
But what if the email gets intercepted?? then anyone who intercepts it will have the link to the reset page.
Is there a way I can send a secure email? I know nothing about email really. Is it even possible to send a secure email? Can I encrypt the email, will that help? But if it is encrypted then how does the recipient read it?
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
I wish to do a simple and secure login form, for which I have seen tutorials keeping login information and roles set through the ASP.Net WebSite Administration Tool.
Is there any secure way to do a login page without using WSAT at all. provide me good tutorial links for creating a custom login form, having the capability of redirecting to login page if user is not authorized etc.
I don't wish to use the WebSite Administration Tool.
I have a masterpage that contains a number of links. When I login to the secure area of my website, the links are broken they are trying to access the page as if it was stored in the SecurePages folder. Code below:
i was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
I want to save the user_email and user_password in my website Session and clear it when loggin out but i wantg to know how secure it is to store passwords?
I don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?