Search Results

Search found 63938 results on 2558 pages for 'asp net security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/2558 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • Take,Skip and Reverse Operator in Linq

    - by Jalpesh P. Vadgama
    I have found three more new operators in Linq which is use full in day to day programming stuff. Take,Skip and Reverse. Here are explanation of operators how it works. Take Operator: Take operator will return first N number of element from entities. Skip Operator: Skip operator will skip N number of element from entities and then return remaining elements as a result. Reverse Operator: As name suggest it will reverse order of elements of entities. Here is the examples of operators where i have taken simple string array to demonstrate that. C#, using GeSHi 1.0.8.6 using System; using System.Collections.Generic; using System.Linq; using System.Text;     namespace ConsoleApplication1 {     class Program     {         static void Main(string[] args)         {             string[] a = { "a", "b", "c", "d" };                           Console.WriteLine("Take Example");             var TkResult = a.Take(2);             foreach (string s in TkResult)             {                 Console.WriteLine(s);             }               Console.WriteLine("Skip Example");             var SkResult = a.Skip(2);             foreach (string s in SkResult)             {                 Console.WriteLine(s);             }               Console.WriteLine("Reverse Example");             var RvResult = a.Reverse();             foreach (string s in RvResult)             {                 Console.WriteLine(s);             }                       }     } } Parsed in 0.020 seconds at 44.65 KB/s Here is the output as expected. hope this will help you.. Technorati Tags: Linq,Linq-To-Sql,ASP.NET,C#.NET

    Read the article

  • ASP.NET MVC Get a list of users with particular profile properties

    - by Sam Huggill
    Hi, I'm using ASP.NET MVC 1 and I have added a custom Profile class using the WebProfile Builder VS add-in (found here: http://code.msdn.microsoft.com/WebProfileBuilder/Release/ProjectReleases.aspx?ReleaseId=980). On one of my forms I want a drop-down list of all users who share a specific profile value in common. I can see that I can get a list of all users using: Membership.GetAllUsers() However I cannot see how to get all users who have a specific profile value, which in my case is CellId. Am I approaching this in the right way? I have used membership roles to define which users are administrators etc, but profiles seems like the right place to group users. Any pointers both in specifics of how to access the user list but also comments on whether am I pursuing the right avenue here would be greatly appreciated. Many thanks, Sam

    Read the article

  • Anyone have BlazeDS working with WebLogic Security (j_security_check) ??

    - by Brian
    I'm working on a Flex implementation (currently using SDK 3.5) on WebLogic 10.3 (11G.) We originally used Glassfish v2.1.1 with zero issues (there was an active directory group lookup bug but it did not hinder our progress.) Since transitioning to WebLogic we have an issue where the flexsession is invalidated after logging in using j_security_check: [BlazeDS]Unexpected error encountered in Message Broker servlet flex.messaging.LocalizedException: The FlexSession is invalid. at flex.messaging.FlexSession.checkValid(FlexSession.java:943) at flex.messaging.FlexSession.getUserPrincipal(FlexSession.java:254) at flex.messaging.HttpFlexSession.getUserPrincipal(HttpFlexSession.java:286) at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:296) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) I've tried almost every option in services-config.xml: [security [login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/> [!-- Uncomment the correct app server [login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss"> [login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/> [login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/> [login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/> --> [/security> I've even completely removed this section with no luck. The login functions correctly from a non-BlazeDS perspective. It authenticates the user correctly. Without authentication, BlazeDS works fine (no errors for any remote calls.) Together its a big ball of fail (invalid flexsession every time.) Has anyone got this working? Any tips?

    Read the article

  • Redirecting from ASP.NET WebForms to MVC

    - by Paul Gordon
    Hi there, We have a large existing ASP.NET WebForms application, but we are now moving over to MVC. Rather than go through a painful process of trying to integrate MVC into the existing app, we're looking at creating a brand new VS project to completely isolate the new code. As a first step, we are wanting to use the existing login process of the WebForms app, then redirect over to the MVC app. Does anyone know of an easy way to do this (i.e. redirect from a WebForms project to the MVC project, in the same VS solution)? All the information I've found so far suggests either starting from scratch in MVC, or combing MVC into the existing Webforms project - neither of which is very feasible. Many thanks, Paul

    Read the article

  • ASP.Net MVC per area membership

    - by AdmSteck
    I am building an ASP.Net MVC app that will run on a shared hosting account to host multiple domains. I started with the default template that includes membership and created an mvc area for each domain. Routing is set up to point to the correct area depending on the domain the request is for. Now I would like to set up membership specific to each mvc area. I tried the obvious first and attempted to override the section of the web.config for each area to change the applicationName attribute of the provider. That doesn't work since the area is not set up as an application root. Is there an easy way to separate the users for each area?

    Read the article

  • ASP.NET MVC 2.0 Client-Side Validation HOWTO

    - by AlexWalker
    Where can I find some good information on the new client-side validation functionality included in ASP.NET MVC v2? I'd like to find information about using the client-side validation JavaScript without using DataAnnotations, and I'd like to find out how custom validations are handled. For example, if I want to validate two fields together, how would I utilize the provided JavaScript? Or if I wanted to write validation code on the server-side that queried a database, how could I use the provided JavaScript to implement a similar validation? I don't see any books on MVC2 yet, and the blog entries I've found are not detailed enough.

    Read the article

  • Implementing a Suspension or Penalty System for Users in ASP.NET MVC

    - by Maxim Z.
    I'm writing a site in ASP.NET MVC that will have user accounts. As the site will be oriented towards discussion, I think I need a system for admins to be able to moderate users, just like we have here, on Stack Overflow. I'd like to be able to put a user into a "suspension", so that they are able to log in to the site (at which point they are greeted with a message, such as, "Your account has been suspended until [DATE]"), but are unable to do the functions that users they would normally be able to do. What's the best way of implementing this? I was thinking of creating a "Suspended" role, but the thing is, I have a few different roles for normal users themselves, with different privileges. Have you ever designed a feature like this before? How should I do it? Thanks in advance.

    Read the article

  • How to manually verify a user against the asp.net memberhip database

    - by Ekk
    I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access. So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table: private bool CanLogin(string userName, string password) { // Check DB to see if the credential is correct try { string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"); string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash); using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString)) using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn)) { sqlConn.Open(); int count = sqlCmd.ExecuteNonQuery(); sqlConn.Close(); return count == 1; } } catch (Exception ex) { return false; } } The problem is the password value, does anyone know how the password it is hashed?

    Read the article

  • export excel taking long time from ASP pages?

    - by ricky
    i am using following code for export to excel from .ASP page? GMID = Request.QueryString ("GMID") Response.Buffer = False Response.ContentType = "application/vnd.ms-excel" DIR_YR = Request.QueryString ("DIR_YR") CD = Request.QueryString("CD") YEAR = Request.QueryString("IND") Problem that I am facing is that When records are around 2,000 or more{ export to excel ask for open option .When i click on that option only Download in progress... shown but actually no excel pop up will open .How can I fixed this bug because for 700-800 rows its working Fine. I am not looking for whole change codes because there is a problem with only One Sale rep who is having more than 2000 rows.I am looking for one or two rows changes.

    Read the article

  • What type of security problems are mitigated by this .NET architecture?

    - by Jonno
    Given the following physical layout for a .NET web application: DB (sql server, windows) - No public route (no table access, only stored procs) Web Service DAL (iis, windows) - No public route (can be accessed by web server via port 80 and 443) Web Server (iis, windows) - Public route (only via port 80 and 443) What type(s) / examples of attack could be used to compromise the public web server but would be blocked by the Web Service DAL? i.e. can you think of concrete attack types that the DAL stops? Please note, I am interested only in the security aspect, not scaling / fault tolerance / performance / etc. In my mind if the web server has been compromised using an attack over port 80/443, then the same attack would work over port 80/443 to the Web Service DAL box.

    Read the article

  • add_shown & add_hiding ModalPopupExtender Events

    - by Yousef_Jadallah
        In this topic, I’ll discuss the Client events we usually need while using ModalPopupExtender. The add_shown fires when the ModalPopupExtender had shown and add_hiding fires when the user cancels it by CancelControlID,note that it fires before hiding the modal. They are useful in many cases, for example may you need to set focus to specific Textbox when the user display the modal, or if you need to reset the controls values inside the Modal after it has been hidden. To declare Client event either in pageLoad javascript function or you can attach the function by Sys.Application.add_load like this: Sys.Application.add_load(modalInit); function modalInit() { var modalPopup = $find('mpeID'); modalPopup.add_hiding(onHiding); } function onHiding(sender, args) { } .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }   I’ll use the first way in the current example. So lets start with the illustration:   1- In this example am using simple panel which contain UserName and Password Textboxes besides submit and cancel buttons, this Panel will be used as PopupControlID in the ModalPopupExtender : <asp:Panel ID="panModal" runat="server" Height="180px" Width="300px" style="display:none" CssClass="ModalWindow"> <table width="100%" > <tr> <td> User Name </td> <td> <asp:TextBox ID="txtName" runat="server"></asp:TextBox> </td> </tr> <tr> <td> Password </td> <td> <asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox> </td> </tr> </table> <br /> <asp:Button ID="btnSubmit" runat="server" Text="Submit" /> <asp:Button ID="btnCancel" runat="server" Text="Cancel" /> </asp:Panel>   You can use this simple style for the Panel : <style type="text/css"> .ModalWindow { border: solid; border-width:3px; background:#f0f0f0; } </style> .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }   2- Create the view button (TargetControlID) as you know this contain the ID of the element that activates the modal popup: <asp:Button ID="btnView" runat="server" Text="View" /> .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }   3-Add the ModalPopupExtender ,moreover don’t forget to add the ScriptManager: <asp:ScriptManager ID="ScriptManager1" runat="server"/> <cc1:ModalPopupExtender ID="ModalPopupExtender1" runat="server" TargetControlID="btnView" PopupControlID="panModal" CancelControlID="btnCancel"/> .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }     4-In the pageLoad javascript function inside add_shown event set the focus on the txtName , and inside add_hiding reset the two Textboxes. <script language="javascript" type="text/javascript"> function pageLoad() { $find('ModalPopupExtender1').add_shown(function() { alert('add_shown event fires'); $get('<%=txtName.ClientID%>').focus();   });   $find('ModalPopupExtender1').add_hiding(function() { alert('add_hiding event fires'); $get('<%=txtName.ClientID%>').value = ""; $get('<%=txtPassword.ClientID%>').value = "";   }); }   </script> .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }   I’ve added the two alerts just to let you show when the event fires.   Hope this simple example show you the benefit and how to use these events.

    Read the article

  • ASP.NET Server-side comments

    - by nmarun
    I believe a good number of you know about Server-side commenting. This blog is just like a revival to refresh your memories. When you write comments in your .aspx/.ascx files, people usually write them as: 1: <!-- This is a comment. --> To show that it actually makes a difference for using the server-side commenting technique, I’ve started a web application project and my default.aspx page looks like this: 1: <%@ Page Title="Home Page" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="ServerSideComment._Default" %> 2: <asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent"> 3: </asp:Content> 4: <asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent"> 5: <h2> 6: <!-- This is a comment --> 7: Welcome to ASP.NET! 8: </h2> 9: <p> 10: To learn more about ASP.NET visit <a href="http://www.asp.net" title="ASP.NET Website">www.asp.net</a>. 11: </p> 12: <p> 13: You can also find <a href="http://go.microsoft.com/fwlink/?LinkID=152368&amp;clcid=0x409" 14: title="MSDN ASP.NET Docs">documentation on ASP.NET at MSDN</a>. 15: </p> 16: </asp:Content> See the comment in line 6 and when I run the app, I can do a view source on the browser which shows up as: 1: <h2> 2: <!-- This is a comment --> 3: Welcome to ASP.NET! 4: </h2> Using Fiddler shows the page size as: Let’s change the comment style and use server-side commenting technique. 1: <h2> 2: <%-- This is a comment --%> 3: Welcome to ASP.NET! 4: </h2> Upon rendering, the view source looks like: 1: <h2> 2: 3: Welcome to ASP.NET! 4: </h2> Fiddler now shows the page size as: The difference is that client-side comments are ignored by the browser, but they are still sent down the pipe. With server-side comments, the compiler ignores everything inside this block. Visual Studio’s Text Editor toolbar also puts comments as server-side ones. If you want to give it a shot, go to your design page and press Ctrl+K, Ctrl+C on some selected text and you’ll see it commented in the server-side commenting style.

    Read the article

  • Applied Security for Oracle Business Intelligence Podcast

    - by Tim Dexter
    Listen to BI Security Meister, Bryan Wise talk about his recent book Applied Oracle Security and learn about the cutting edge techniques for Oracle Business Intelligence from a leading security expert. http://www.oracle.com/podcasts/author-podcasts.html - Applied Security for Oracle Business Intelligence Well worth the listen and of course the book is available at all discerning bookstores!

    Read the article

  • Globally Handling Request Validation In ASP.NET MVC

    - by imran_ku07
       Introduction:           Cross Site Scripting(XSS) and Cross-Site Request Forgery (CSRF) attacks are one of dangerous attacks on web.  They are among the most famous security issues affecting web applications. OWASP regards XSS is the number one security issue on the Web. Both ASP.NET Web Forms and ASP.NET MVC paid very much attention to make applications build with ASP.NET as secure as possible. So by default they will throw an exception 'A potentially dangerous XXX value was detected from the client', when they see, < followed by an exclamation(like <!) or < followed by the letters a through z(like <s) or & followed by a pound sign(like &#123) as a part of querystring, posted form and cookie collection. This is good for lot of applications. But this is not always the case. Many applications need to allow users to enter html tags, for example applications which uses  Rich Text Editor. You can allow user to enter these tags by just setting validateRequest="false" in your Web.config application configuration file inside <pages> element if you are using Web Form. This will globally disable request validation. But in ASP.NET MVC request handling is different than ASP.NET Web Form. Therefore for disabling request validation globally in ASP.NET MVC you have to put ValidateInputAttribute in your every controller. This become pain full for you if you have hundred of controllers. Therefore in this article i will present a very simple way to handle request validation globally through web.config.   Description:           Before starting how to do this it is worth to see why validateRequest in Page directive and web.config not work in ASP.NET MVC. Actually request handling in ASP.NET Web Form and ASP.NET MVC is different. In Web Form mostly the HttpHandler is the page handler which checks the posted form, query string and cookie collection during the Page ProcessRequest method, while in MVC request validation occur when ActionInvoker calling the action. Just see the stack trace of both framework.   ASP.NET MVC Stack Trace:     System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8723114   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111   System.Web.HttpRequest.get_Form() +129   System.Web.HttpRequestWrapper.get_Form() +11   System.Web.Mvc.ValueProviderDictionary.PopulateDictionary() +145   System.Web.Mvc.ValueProviderDictionary..ctor(ControllerContext controllerContext) +74   System.Web.Mvc.ControllerBase.get_ValueProvider() +31   System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) +53   System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) +109   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +399   System.Web.Mvc.Controller.ExecuteCore() +126   System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +27   ASP.NET Web Form Stack Trace:    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3213202   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108   System.Web.HttpRequest.get_QueryString() +119   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2022776   System.Web.UI.Page.DeterminePostBackMode() +60   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154   System.Web.UI.Page.ProcessRequest() +86                        Since the first responder of request in ASP.NET MVC is the controller action therefore it will check the posted values during calling the action. That's why web.config's requestValidate not work in ASP.NET MVC.            So let's see how to handle this globally in ASP.NET MVC. First of all you need to add an appSettings in web.config. <appSettings>    <add key="validateRequest" value="true"/>  </appSettings>              I am using the same key used in disable request validation in Web Form. Next just create a new ControllerFactory by derving the class from DefaultControllerFactory.     public class MyAppControllerFactory : DefaultControllerFactory    {        protected override IController GetControllerInstance(Type controllerType)        {            var controller = base.GetControllerInstance(controllerType);            string validateRequest=System.Configuration.ConfigurationManager.AppSettings["validateRequest"];            bool b;            if (validateRequest != null && bool.TryParse(validateRequest,out b))                ((ControllerBase)controller).ValidateRequest = bool.Parse(validateRequest);            return controller;        }    }                         Next just register your controller factory in global.asax.        protected void Application_Start()        {            //............................................................................................            ControllerBuilder.Current.SetControllerFactory(new MyAppControllerFactory());        }              This will prevent the above exception to occur in the context of ASP.NET MVC. But if you are using the Default WebFormViewEngine then you need also to set validateRequest="false" in your web.config file inside <pages> element            Now when you run your application you see the effect of validateRequest appsetting. One thing also note that the ValidateInputAttribute placed inside action or controller will always override this setting.    Summary:          Request validation is great security feature in ASP.NET but some times there is a need to disable this entirely. So in this article i just showed you how to disable this globally in ASP.NET MVC. I also explained the difference between request validation in Web Form and ASP.NET MVC. Hopefully you will enjoy this.

    Read the article

  • Oracle Security Inside Out Newsletter – June Edition

    - by Troy Kitch
    This month’s Information In Depth Newsletter, Security Inside Out Edition is now available. In this edition we look at the Gartner Security and Risk Management Summit 2011, discuss safeguarding data from threats with Oracle Database Vault, and reveal the latest database security webcasts, videos, training, events and more. If you don’t have a subscription to this bi-monthly security information update, you can sign up here at the bottom of the page.

    Read the article

  • Taking the fear out of a Cloud initiative through the use of security tools

    - by user736511
    Typical employees, constituents, and business owners  interact with online services at a level where their knowledge of back-end systems is low, and most of the times, there is no interest in knowing the systems' architecture.  Most application administrators, while partially responsible for these systems' upkeep, have very low interactions with them, at least at an operational, platform level.  Of greatest interest to these groups is the consistent, reliable, and manageable operation of the interfaces with which they communicate.  Introducing the "Cloud" topic in any evolving architecture automatically raises the concerns for data and identity security simply because of the perception that when owning the silicon, enterprises are not able to manage its content.  But is this really true?   In the majority of traditional architectures, data and applications that access it are physically distant from the organization that owns it.  It may reside in a shared data center, or a geographically convenient location that spans large organizations' connectivity capabilities.  In the end, very often, the model of a "traditional" architecture is fairly close to the "new" Cloud architecture.  Most notable difference is that by nature, a Cloud setup uses security as a core function, and not as a necessary add-on. Therefore, following best practices, one can say that data can be safer in the Cloud than in traditional, stove-piped environments where data access is segmented and difficult to audit. The caveat is, of course, what "best practices" consist of, and here is where Oracle's security tools are perfectly suited for the task.  Since Oracle's model is to support very large organizations, it is fundamentally concerned about distributed applications, databases etc and their security, and the related Identity Management Products, or DB Security options reflect that concept.  In the end, consumers of applications and their data are to be served more safely in a controlled Cloud environment, while realizing the many cost savings associated with it. Having very fast resources to serve them (such as the Exa* platform) makes the concept even more attractive.  Finally, if a Cloud strategy does not seem feasible, consider the pros and cons of a traditional vs. a Cloud architecture.  Using the exact same criteria and business goals/traditions, and with Oracle's technology, you might be hard pressed to justify maintaining the technical status quo on security alone. For additional information please visit Oracle's Cloud Security page at: http://www.oracle.com/us/technologies/cloud/cloud-security-428855.html

    Read the article

  • Spring Security Configuration Leads to Perpetual Authentication Request

    - by Sammy
    Hello, I have configured my web application with the following config file: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" /> <!-- Filter chain; this is referred to from the web.xml file. Each filter is defined and configured as a bean later on. --> <!-- Note: anonumousProcessingFilter removed. --> <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/**" filters="securityContextPersistenceFilter, basicAuthenticationFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </security:filter-chain-map> </bean> <!-- This filter is responsible for session management, or rather the lack thereof. --> <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> <property name="securityContextRepository"> <bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"> <property name="allowSessionCreation" value="false" /> </bean> </property> </bean> <!-- Basic authentication filter. --> <bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> </bean> <!-- Basic authentication entry point. --> <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> <property name="realmName" value="Ayudo Web Service" /> </bean> <!-- An anonymous authentication filter, which is chained after the normal authentication mechanisms and automatically adds an AnonymousAuthenticationToken to the SecurityContextHolder if there is no existing Authentication held there. --> <!-- <bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousProcessingFilter"> <property name="key" value="ayudo" /> <property name="userAttribute" value="anonymousUser, ROLE_ANONYMOUS" /> </bean> --> <!-- Authentication manager that chains our main authentication provider and anonymous authentication provider. --> <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider" /> <ref local="inMemoryAuthenticationProvider" /> <!-- <ref local="anonymousAuthenticationProvider" /> --> </list> </property> </bean> <!-- Main authentication provider; in this case, memory implementation. --> <bean id="inMemoryAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="propertiesUserDetails" /> </bean> <security:user-service id="propertiesUserDetails" properties="classpath:operators.properties" /> <!-- Main authentication provider. --> <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService" /> </bean> <!-- An anonymous authentication provider which is chained into the ProviderManager so that AnonymousAuthenticationTokens are accepted. --> <!-- <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider"> <property name="key" value="ayudo" /> </bean> --> <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref="dataSource" /> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> <property name="accessDeniedHandler"> <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" /> </property> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="securityMetadataSource"> <security:filter-security-metadata-source use-expressions="true"> <security:intercept-url pattern="/*.html" access="permitAll" /> <security:intercept-url pattern="/version" access="permitAll" /> <security:intercept-url pattern="/users/activate" access="permitAll" /> <security:intercept-url pattern="/**" access="isAuthenticated()" /> </security:filter-security-metadata-source> </property> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> </bean> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.web.access.expression.WebExpressionVoter" /> </list> </property> </bean> As soon as I run my application on tomcat, I get a request for username/password basic authentication dialog. Even when I try to access: localhost:8080/myapp/version, which is explicitly set to permitAll, I get the authentication request dialog. Help! Thank, Sammy

    Read the article

  • asp.net external form loading into jquery dialog submit button issue

    - by Mark
    I am loading an external file 'contact_us.aspx' into a jquery dialog box. the external page contains a form. When the submit button is pressed it closes the dialog box and changes the page to contact_us.aspx. is my code correct or is there a different way of doing this. see my code below, thanks. This JS is in y masterpage: <script type="text/javascript"> $(document).ready(function() { var dialogOpts = { modal: true, bgiframe: true, autoOpen: false, height: 500, width: 500, open: function(type, data) { $(this).parent().appendTo(jQuery("form:first")); } } $("#genericContact").dialog(dialogOpts); //end dialog $('a.conactGeneric').click( function() { $("#genericContact").load("contact_us.aspx", [], function() { $("#genericContact").dialog("open"); } ); return false; } ); }); </script> The external file 'contact_us.aspx' which is loaded into the dialog box, when the link is clicked. <asp:Panel ID="pnlEnquiry" runat="server" DefaultButton="btn_Contact"> <asp:Label ID="lblError" CssClass="error" runat="server" Visible="false" Text=""></asp:Label> <div class="contact_element"> <label for="txtName">Your Name <span>*</span></label> <asp:TextBox CssClass="contact_field" ID="txtName" runat="server"></asp:TextBox> <asp:RequiredFieldValidator CssClass="contact_error" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="valContact" ID="RequiredFieldValidator1" runat="server" ErrorMessage="Enter your name"></asp:RequiredFieldValidator> </div> <div class="contact_element"> <label for="txtName">Phone Number</label> <asp:TextBox CssClass="contact_field" ID="txtTel" runat="server"></asp:TextBox> <asp:RequiredFieldValidator CssClass="contact_error" ControlToValidate="txtTel" Display="Dynamic" ValidationGroup="valContact" ID="RequiredFieldValidator2" runat="server" ErrorMessage="Enter your phone number"></asp:RequiredFieldValidator> </div> <div class="contact_element"> <label for="txtEmail">Your Email <span>*</span></label> <asp:TextBox CssClass="contact_field" ID="txtEmail" runat="server"></asp:TextBox> <asp:RequiredFieldValidator CssClass="contact_error" ControlToValidate="txtEmail" Display="Dynamic" ValidationGroup="valContact" ID="RequiredFieldValidator3" runat="server" ErrorMessage="Enter your email address"></asp:RequiredFieldValidator> </div> <div class="contact_element"> <label for="txtQuestion">Question <span>*</span></label> <asp:TextBox TextMode="MultiLine" CssClass="contact_question" ID="txtQuestion" runat="server"></asp:TextBox> <asp:RequiredFieldValidator CssClass="contact_error" ControlToValidate="txtQuestion" Display="Dynamic" ValidationGroup="valContact" ID="RequiredFieldValidator4" runat="server" ErrorMessage="Enter your question"></asp:RequiredFieldValidator> </div> <div class="contact_chkbox"> <asp:CheckBox ID="chkNews" runat="server" Checked="true" Text="Receive our monthly newsletter" EnableTheming="false" /> </div> <span class="mandatory">* Required Field</span> <asp:LinkButton ID="btn_Contact" ToolTip="Submit" CssClass="submit_btn" ValidationGroup="valContact" runat="server" OnClick="SignUp" ></asp:LinkButton> <asp:RegularExpressionValidator CssClass="contact_error" ID="RegularExpressionValidator1" runat="server" ValidationExpression=".*@.{2,}\..{2,}" Display="Dynamic" ValidationGroup="valContact" ControlToValidate="txtEmail" ErrorMessage="Invalid email format."></asp:RegularExpressionValidator> <asp:ValidationSummary ID="ValidationSummary1" ValidationGroup="valContact" ShowMessageBox=true ShowSummary=false runat="server" /> </asp:Panel> <asp:Panel ID="pnlThanks" runat="server" Visible="false"> <h1>Thank you!</h1> </asp:Panel> code behind file: protected void SignUp(object sender, EventArgs e) { SmtpMail.SmtpServer = "localhost"; MailMessage myMail = new MailMessage(); //String myToEmail = MyDB.getScalar("select setting_value from [Website.Settings]"); ; //myMail.To = myToEmail; myMail.To = "[email protected]"; myMail.From = "[email protected]"; //myMail.Bcc = "[email protected]"; myMail.Subject = "Enquiry from the Naturetrek Site"; StringBuilder myContent = new StringBuilder(); myContent.Append("Name : " + txtName.Text + "\r\n"); myContent.Append("Email: " + txtEmail.Text + "\r\n"); myContent.Append("Telephone: " + txtTel.Text + "\r\n"); myContent.Append("\r\nTheir Question: \r\n" + txtQuestion.Text + "\r\n"); if (chkNews.Checked != true) { myContent.Append("Subscribed to newsletter: No"); } else { myContent.Append("Subscribed to newsletter: Yes"); } myContent.Append("\r\n"); myMail.Body = myContent.ToString(); SmtpMail.Send(myMail); pnlEnquiry.Visible = false; pnlThanks.Visible = true; }

    Read the article

  • JavaScript keeps returning ambigious error (in ASP.NET MVC 2.0)

    - by Erx_VB.NExT.Coder
    this is my function (with other lines ive tried/abandoned)... function DoClicked(eNumber) { //obj.style = 'bgcolor: maroon'; var eid = 'cat' + eNumber; //$get(obj).style.backgroundColor = 'maroon'; //var nObj = $get(obj); var nObj = document.getElementById(eid) //alert(nObj.getAttribute("style")); nObj.style.backgroundColor = 'Maroon'; alert(nObj.style.backgroundColor); //nObj.setAttribute("style", "backgroundcolor: Maroon"); }; This error keeps getting returned even after the last line in the function runs: Microsoft JScript runtime error: Sys.ArgumentUndefinedException: Value cannot be undefined. Parameter name: method this function is called with an "OnSuccess" set in my Ajax.ActionLink call (ASP.NET MVC)... anyone any ideas on this? i have these referenced... even when i remove the 'debug' versions for normal versions, i still get an error but the error just has much less information and says 'b' is undefined (probably a ms js library internal variable)... <script src="../../Scripts/MicrosoftAjax.debug.js" type="text/javascript"></script> <script src="../../Scripts/MicrosoftMvcValidation.debug.js" type="text/javascript"></script> <script src="../../Scripts/MicrosoftMvcAjax.debug.js" type="text/javascript"></script> <script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script> also, this is how i am calling the actionlink method: Ajax.ActionLink(item.CategoryName, "SubCategoryList", "Home", New With {.CategoryID = item.CategoryID}, New AjaxOptions With {.UpdateTargetId = "SubCat", .HttpMethod = "Post", .OnSuccess = "DoClicked(" & item.CategoryID.ToString & ")"}, New With {.id = "cat" & item.CategoryID.ToString})

    Read the article

  • ASP.NET MVC: Html.Actionlink() generates empty link.

    - by wh0emPah
    Okay i'm experiencing some problems with the actionlink htmlhelper. I have some complicated routing as follows: routes.MapRoute("Groep_Dashboard_Route", // Route name "{EventName}/{GroupID}/Dashboard", // url with Paramters new {controller = "Group", action="Dashboard"}); routes.MapRoute("Event_Groep_Route", // Route name "{EventName}/{GroupID}/{controller}/{action}/{id}", new {controller = "Home", action = "Index"}); My problem is generating action links that match these patterns. The eventname parameter is really just for having a user friendly link. it doesn't do anything. Now when i'm trying for example to generate a link. that shows the dashboard of a certain groep. Like: mysite.com/testevent/20/Dashboard I'll use the following actionlink: <%: Html.ActionLink("Show dashboard", "Group", "Dashboard", new { EventName_Url = "test", GroepID = item.groepID}, null)%> What my actual result in html gives is: <a href="">Show Dashboard</a> Please bear with me i'm still new at ASP MVC. Could someone tell me what i'm doing wrong? Help would be appreciated!

    Read the article

  • [Asp.Net MVC] Encoding a character

    - by Trimack
    Hi, I am experiencing some weird encoding behaviour in my ASP.NET MVC project. In my Site.Master there is <div class="logo"> <a href="<%=Url.Action("Index", "Win7")%>"><%= Html.Encode("Windows 7 Tutoriál") %></a></div> which translates to the resulting page as <div class="logo"> <a href="/">Windows 7 TutoriA?l</a></div> However, in the Index.aspx there is <h1> Windows 7 Tutoriál</h1> which translates correctly on the same resulting page. I do have <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> as my first line in <head>. Locally, both files are saved in UTF-8 encoding. Any ideas why is this happening and how to fix it? Thanks in advance.

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • asp.net mvc outputting json with backslashes ( escape) despite many attemps to filter

    - by minus4
    i have an asp.net controller that output Json as the results a section of it is here returnString += string.Format(@"{{""filename"":""{0}"",""line"":[", file.Filename); what i get returned is this: "{\"DPI\":\"66.8213457076566\",\"width\":\"563.341067\",\"editable\":\"True\",\"pricecat\":\"6\",\"numpages\":\"2\",\"height\":\"400\",\"page\":[{\"filename\":\"999_9_1.jpg\",\"line\":[]},{\"filename\":\"999_9_2.jpg\",\"line\":[]}]]" i have tried to return with the following methods: return Json(returnString); return Json(returnString.Replace("\\",""); return Json will serialize my string to a jSon string, this i know but it likes to escape for some reason, how can i get rid of it ???? for info this is how i call it with jQuery: $.ajax({ url:"/Products/LoadArtworkToJSon", type:"POST", dataType: "json", async: false, data:{prodid: prodid }, success: function(data){ sessvars.myData = data; measurements = sessvars.myData; $("#loading").remove(); //empty the canvas and create a new one with correct data, always start on page 0; $("#movements").remove(); $("#canvas").append("<div id=\"movements\" style=\"width:" + measurements.width + "px; height:" + Math.round(measurements.height) + "px; display:block; border:1px solid black; background:url(/Content/products/" + measurements.page[0].filename + ") no-repeat;\"></div>"); your help is much appreciated thanks

    Read the article

  • ASP.NET MVC Authorize by Group

    - by Jimmo
    I have what seems like a common issue with SaaS applications, but have not seen this question on here anywhere. I am using ASP.NET MVC with Forms Authentication. I have implemented a custom membership provider to handle logic, but have one issue (perhaps the issue is in my mental picture of the system). As with many SaaS apps, Customers create accounts and use the app in a way that looks like they are the only ones present (they only see their items, users, etc.) In reality, there are generic controllers and views presenting data depending on their account. When calling something like ValidateUser, I have access to their affiliation in the User object - what I don't have is the context of the request to which to compare it. As an example, One company called ABC goes to abc.mysite.com Another company called XYZ goes to xyz.mysite.com When an ABC user calls http://abc.mysite.com/product/edit/12 I have an [Authorize] attribute on the Edit method in the ProductController to make sure he is signed in and has sufficient permission to do so. If that same ABC user tried to access http://xyz.mysite.com/product/edit/12 I would not want to validate him in the context of that call. In the ValidateUser of the MembershipProvider, I have the information about the user, but not about the request. I can tell that the user is from ABC, but I cannot tell that the request is for XYZ at that point in the code. How should I resolve this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >