Search Results

Search found 70970 results on 2839 pages for 'asp net c session variable'.

Page 37/2839 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • ASP Classic and JavaScript check for session status

    - by StealthRT
    I am in need of some help with trying to figure out how to go about checking the users session and seeing if they are still logged in or not. The problem being is because i have a static page that pretty much loads everything into "tabs" using jquery. So when the user navigates the page, it really never leaves that same page they started out on. Hints my problem in trying to determine if they are still logged in or not when they click on update their information on their profile or whatnot.

    Read the article

  • How do i provide a custom session ID getter/setter in asp.net

    - by Monsters
    I want to pass the sessionID as a json parameter, I can see how to override SessionIDManager and such, but this just covers custom creation/validation of sessionID's as opposed to where it actually gets the sessionID from. There is of course 'cookieless' which puts it in the url, but that doesn't work for me either. So i'd like to override the session handling so I can specify where it should look for the sessionID.

    Read the article

  • Cookiless Session Is it a security

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user. Thanks

    Read the article

  • Implementation review for a MVC.NET app with custom membership

    - by mrjoltcola
    I'd like to hear if anyone sees any problems with how I implemented the security in this Oracle based MVC.NET app, either security issues, concurrency issues or scalability issues. First, I implemented a CustomOracleMembershipProvider to handle the database interface to the membership store. I implemented a custom Principal named User which implements IPrincipal, and it has a hashtable of Roles. I also created a separate class named AuthCache which has a simple cache for User objects. Its purpose is simple to avoid return trips to the database, while decoupling the caching from either the web layer or the data layer. (So I can share the cache between MVC.NET, WCF, etc.) The MVC.NET stock MembershipService uses the CustomOracleMembershipProvider (configured in web.config), and both MembershipService and FormsService share access to the singleton AuthCache. My AccountController.LogOn() method: 1) Validates the user via the MembershipService.Validate() method, also loads the roles into the User.Roles container and then caches the User in AuthCache. 2) Signs the user into the Web context via FormsService.SignIn() which accesses the AuthCache (not the database) to get the User, sets HttpContext.Current.User to the cached User Principal. In global.asax.cs, Application_AuthenticateRequest() is implemented. It decrypts the FormsAuthenticationTicket, accesses the AuthCache by the ticket.Name (Username) and sets the Principal by setting Context.User = user from the AuthCache. So in short, all these classes share the AuthCache, and I have, for thread synchronization, a lock() in the cache store method. No lock in the read method. The custom membership provider doesn't know about the cache, the MembershipService doesn't know about any HttpContext (so could be used outside of a web app), and the FormsService doesn't use any custom methods besides accessing the AuthCache to set the Context.User for the initial login, so it isn't dependent on a specific membership provider. The main thing I see now is that the AuthCache will be sharing a User object if a user logs in from multiple sessions. So I may have to change the key from just UserId to something else (maybe using something in the FormsAuthenticationTicket for the key?).

    Read the article

  • The fastest way to resize images from ASP.NET. And it’s (more) supported-ish.

    - by Bertrand Le Roy
    I’ve shown before how to resize images using GDI, which is fairly common but is explicitly unsupported because we know of very real problems that this can cause. Still, many sites still use that method because those problems are fairly rare, and because most people assume it’s the only way to get the job done. Plus, it works in medium trust. More recently, I’ve shown how you can use WPF APIs to do the same thing and get JPEG thumbnails, only 2.5 times faster than GDI (even now that GDI really ultimately uses WIC to read and write images). The boost in performance is great, but it comes at a cost, that you may or may not care about: it won’t work in medium trust. It’s also just as unsupported as the GDI option. What I want to show today is how to use the Windows Imaging Components from ASP.NET APIs directly, without going through WPF. The approach has the great advantage that it’s been tested and proven to scale very well. The WIC team tells me you should be able to call support and get answers if you hit problems. Caveats exist though. First, this is using interop, so until a signed wrapper sits in the GAC, it will require full trust. Second, the APIs have a very strong smell of native code and are definitely not .NET-friendly. And finally, the most serious problem is that older versions of Windows don’t offer MTA support for image decoding. MTA support is only available on Windows 7, Vista and Windows Server 2008. But on 2003 and XP, you’ll only get STA support. that means that the thread safety that we so badly need for server applications is not guaranteed on those operating systems. To make it work, you’d have to spin specialized threads yourself and manage the lifetime of your objects, which is outside the scope of this article. We’ll assume that we’re fine with al this and that we’re running on 7 or 2008 under full trust. Be warned that the code that follows is not simple or very readable. This is definitely not the easiest way to resize an image in .NET. Wrapping native APIs such as WIC in a managed wrapper is never easy, but fortunately we won’t have to: the WIC team already did it for us and released the results under MS-PL. The InteropServices folder, which contains the wrappers we need, is in the WicCop project but I’ve also included it in the sample that you can download from the link at the end of the article. In order to produce a thumbnail, we first have to obtain a decoding frame object that WIC can use. Like with WPF, that object will contain the command to decode a frame from the source image but won’t do the actual decoding until necessary. Getting the frame is done by reading the image bytes through a special WIC stream that you can obtain from a factory object that we’re going to reuse for lots of other tasks: var photo = File.ReadAllBytes(photoPath); var factory = (IWICComponentFactory)new WICImagingFactory(); var inputStream = factory.CreateStream(); inputStream.InitializeFromMemory(photo, (uint)photo.Length); var decoder = factory.CreateDecoderFromStream( inputStream, null, WICDecodeOptions.WICDecodeMetadataCacheOnLoad); var frame = decoder.GetFrame(0); We can read the dimensions of the frame using the following (somewhat ugly) code: uint width, height; frame.GetSize(out width, out height); This enables us to compute the dimensions of the thumbnail, as I’ve shown in previous articles. We now need to prepare the output stream for the thumbnail. WIC requires a special kind of stream, IStream (not implemented by System.IO.Stream) and doesn’t directlyunderstand .NET streams. It does provide a number of implementations but not exactly what we need here. We need to output to memory because we’ll want to persist the same bytes to the response stream and to a local file for caching. The memory-bound version of IStream requires a fixed-length buffer but we won’t know the length of the buffer before we resize. To solve that problem, I’ve built a derived class from MemoryStream that also implements IStream. The implementation is not very complicated, it just delegates the IStream methods to the base class, but it involves some native pointer manipulation. Once we have a stream, we need to build the encoder for the output format, which could be anything that WIC supports. For web thumbnails, our only reasonable options are PNG and JPEG. I explored PNG because it’s a lossless format, and because WIC does support PNG compression. That compression is not very efficient though and JPEG offers good quality with much smaller file sizes. On the web, it matters. I found the best PNG compression option (adaptive) to give files that are about twice as big as 100%-quality JPEG (an absurd setting), 4.5 times bigger than 95%-quality JPEG and 7 times larger than 85%-quality JPEG, which is more than acceptable quality. As a consequence, we’ll use JPEG. The JPEG encoder can be prepared as follows: var encoder = factory.CreateEncoder( Consts.GUID_ContainerFormatJpeg, null); encoder.Initialize(outputStream, WICBitmapEncoderCacheOption.WICBitmapEncoderNoCache); The next operation is to create the output frame: IWICBitmapFrameEncode outputFrame; var arg = new IPropertyBag2[1]; encoder.CreateNewFrame(out outputFrame, arg); Notice that we are passing in a property bag. This is where we’re going to specify our only parameter for encoding, the JPEG quality setting: var propBag = arg[0]; var propertyBagOption = new PROPBAG2[1]; propertyBagOption[0].pstrName = "ImageQuality"; propBag.Write(1, propertyBagOption, new object[] { 0.85F }); outputFrame.Initialize(propBag); We can then set the resolution for the thumbnail to be 96, something we weren’t able to do with WPF and had to hack around: outputFrame.SetResolution(96, 96); Next, we set the size of the output frame and create a scaler from the input frame and the computed dimensions of the target thumbnail: outputFrame.SetSize(thumbWidth, thumbHeight); var scaler = factory.CreateBitmapScaler(); scaler.Initialize(frame, thumbWidth, thumbHeight, WICBitmapInterpolationMode.WICBitmapInterpolationModeFant); The scaler is using the Fant method, which I think is the best looking one even if it seems a little softer than cubic (zoomed here to better show the defects): Cubic Fant Linear Nearest neighbor We can write the source image to the output frame through the scaler: outputFrame.WriteSource(scaler, new WICRect { X = 0, Y = 0, Width = (int)thumbWidth, Height = (int)thumbHeight }); And finally we commit the pipeline that we built and get the byte array for the thumbnail out of our memory stream: outputFrame.Commit(); encoder.Commit(); var outputArray = outputStream.ToArray(); outputStream.Close(); That byte array can then be sent to the output stream and to the cache file. Once we’ve gone through this exercise, it’s only natural to wonder whether it was worth the trouble. I ran this method, as well as GDI and WPF resizing over thirty twelve megapixel images for JPEG qualities between 70% and 100% and measured the file size and time to resize. Here are the results: Size of resized images   Time to resize thirty 12 megapixel images Not much to see on the size graph: sizes from WPF and WIC are equivalent, which is hardly surprising as WPF calls into WIC. There is just an anomaly for 75% for WPF that I noted in my previous article and that disappears when using WIC directly. But overall, using WPF or WIC over GDI represents a slight win in file size. The time to resize is more interesting. WPF and WIC get similar times although WIC seems to always be a little faster. Not surprising considering WPF is using WIC. The margin of error on this results is probably fairly close to the time difference. As we already knew, the time to resize does not depend on the quality level, only the size does. This means that the only decision you have to make here is size versus visual quality. This third approach to server-side image resizing on ASP.NET seems to converge on the fastest possible one. We have marginally better performance than WPF, but with some additional peace of mind that this approach is sanctioned for server-side usage by the Windows Imaging team. It still doesn’t work in medium trust. That is a problem and shows the way for future server-friendly managed wrappers around WIC. The sample code for this article can be downloaded from: http://weblogs.asp.net/blogs/bleroy/Samples/WicResize.zip The benchmark code can be found here (you’ll need to add your own images to the Images directory and then add those to the project, with content and copy if newer in the properties of the files in the solution explorer): http://weblogs.asp.net/blogs/bleroy/Samples/WicWpfGdiImageResizeBenchmark.zip WIC tools can be downloaded from: http://code.msdn.microsoft.com/wictools To conclude, here are some of the resized thumbnails at 85% fant:

    Read the article

  • How can I debug a session

    - by Organ Grinding Monkey
    I have been asked to work of a very large web application and deploy it. The problem that I'm facing here is that when I deploy the application and more that 1 user logs into the system, the sessions seem to cross over i.e: Person A logs in and works on the site, all good. When person B logs in, person A will then be logged in as person B as well. I have been asked to work of a very large web application and deploy it. The problem that I'm facing here is that when I deploy the application and more that 1 user logs into the system, the sessions seem to cross over i.e: Person A logs in and works on the site, all good. When person B logs in, person A will then be logged in as person B as well. If anyone has experienced this behaviour before and can steer me in the right direction, that would be first prize, Second prize would be to show me how I can debug this situation so that I can find out where the problem is and fix it. Some information about the application. From what I've been told and what I've seen within the app is that it started as a .Net 1.1 application and got upgraded to .Net 2 and that's why the log in system was done the way it is. (The application is huge and now complete and that's why I cant rewrite the whole user authentication process, it will just take to long and I don't know what effect it might have) All the Logged in User information is stored in properties that have been added in the Global.asax.vb file. (could this be the problem?) Any help here would be greatly appreciated

    Read the article

  • MVC 2: Html.TextBoxFor, etc. in VB.NET 2010

    - by Brian
    Hello, I have this sample ASP.NET MVC 2.0 view in C#, bound to a strongly typed model that has a first name, last name, and email: <div> First: <%= Html.TextBoxFor(i => i.FirstName) %> <%= Html.ValidationMessageFor(i => i.FirstName, "*") %> </div> <div> Last: <%= Html.TextBoxFor(i => i.LastName) %> <%= Html.ValidationMessageFor(i => i.LastName, "*")%> </div> <div> Email: <%= Html.TextBoxFor(i => i.Email) %> <%= Html.ValidationMessageFor(i => i.Email, "*")%> </div> I converted it to VB.NET, seeing the appropriate constructs in VB.NET 10, as: <div> First: <%= Html.TextBoxFor(Function(i) i.FirstName) %> <%= Html.ValidationMessageFor(Function(i) i.FirstName, "*") %> </div> <div> Last: <%= Html.TextBoxFor(Function(i) i.LastName)%> <%= Html.ValidationMessageFor(Function(i) i.LastName, "*")%> </div> <div> Email: <%= Html.TextBoxFor(Function(i) i.Email)%> <%= Html.ValidationMessageFor(Function(i) i.Email, "*")%> </div> No luck. Is this right, and if not, what syntax do I need to use? Again, I'm using ASP.NET MVC 2.0, this is a view bound to a strongly typed model... does MVC 2 still not support the new language constructs in .NET 2010? Thanks.

    Read the article

  • ASP.NET Membership with two providers cant use GetAllUsers method

    - by Bayonian
    Hi, I'm using two membership providers. When I declared a following statement Dim allUsers As MembershipUserCollection = Membership.Providers("CustomSqlRoleManager").GetAllUsers Then, it gave me this error message. Argument not specified for paramenter 'totalRecords' of 'Public MustOverride Function GetAllUsers(pageIndex as Integer, pageSize as Integer, ByRef totalRecords as Integer) As System.Web.Security.MembershipUserCollection' Then, I added what it asked for like this : Dim allUsers As MembershipUserCollection = Membership.Providers("CustomSqlRoleManager").GetAllUsers(1, 50, 100) I don't get anything in return. I debugged it and allUsers = Nothing. What's wrong the declaration above? Do I really have to provider the paramenters when calling Membership.Providers("CustomSqlRoleManager").GetAllUsers? Update 1 If, I used the statement below: Dim allUsers As MembershipUserCollection = Membership.Providers("MembershipRoleManager").GetAllUsers(0, 0, totalUser) I got this error message: The pageSize must be greater than zero. Parameter name: pageSize. [ArgumentException: The pageSize must be greater than zero. Parameter name: pageSize] System.Web.Security.SqlMembershipProvider.GetAllUsers(Int32 pageIndex, Int32 pageSize, Int32& totalRecords) +1848357 But it works if I provied the pageSize param: Dim pageSize As Integer = GetTotalNumberOfUser() Dim allUsers As MembershipUserCollection = Membership.Providers("MembershipRoleManager").GetAllUsers(0, pageSize, totalUser) This statment Dim pageSize As Integer = GetTotalNumberOfUser() returns the total counted record, it's already round trip to database, just to get the total number of users, because I need to provide the pageSize param value.

    Read the article

  • Asp.Net MVC - Rob Conery's LazyList - Count() or Count

    - by Adam
    I'm trying to create an html table for order logs for customers. A customer is defined as (I've left out a lot of stuff): public class Customer { public LazyList<Order> Orders { get; set; } } The LazyList is set when fetching a Customer: public Customer GetCustomer(int custID) { Customer c = ... c.Orders = new LazyList<Order>(_repository.GetOrders().ByOrderID(custID)); return c; } The order log model: public class OrderLogTableModel { public OrderLogTableModel(LazyList<Order> orders) { Orders = orders; Page = 0; PageSize = 25; } public LazyList<Order> Orders { get; set; } public int Page { get; set; } public int PageSize { get; set; } } and I pass in the customer.Orders after loading a customer. Now the log i'm trying to make, looks something like: <table> <tbody> <% int rowCount = ViewData.Model.Orders.Count(); int innerRows = rowCount - (ViewData.Model.Page * ViewData.Model.PageSize); foreach (Order order in ViewData.Model.Orders.OrderByDescending(x => x.StartDateTime) .Take(innerRows).OrderBy(x => x.StartDateTime) .Take(ViewData.Model.PageSize)) { %> <tr> <td> <%= order.ID %> </td> </tr> <% } %> </tbody> </table> Which works fine. But the problem is evaluating ViewData.Model.Orders.Count() literally takes about 10 minutes. I've tried with the ViewData.Model.Orders.Count property instead, and the results are the same - takes forever. I've also tried calling _repository.GetOrders().ByCustomerID(custID).Count() directly from the view and that executes perfectly within a few ms. Can anybody see any reason why using the LazyList to get a simple count would take so long? It seems like its trying to iterate through the list when getting a simple count.

    Read the article

  • ASP C# Web Developer default login, getting user ID session value

    - by m3n
    I've used the built-in wizard in Visual Web Developer 2008 to create a simple login system. I'd like to get hold of the logged in user's ID, but I'm not sure how. Peeking in the ASPNETDB.MDF in the table aspnet_Users, the column appears to be called "UserId". I gave it a go: Response.Write("ID: " + Session["UserId"]); but it's coming up blank. How do I do this? (This is not for a live project, no need to point out the sillyness in using the wizard.) Thanks

    Read the article

  • Bind ISet in ASP.NET MVC2

    - by Dmitriy Nagirnyak
    Hi, I am trying to find out what would be the best bind first element of ISet (Iesi.Collection) as a first element. So basically I only have to use some kind of collection that has an indexer (and ISet doesn't) then I can write code like this (which works perfectly well): <%: Html.EditorFor(x => x.Company.PrimaryUsers[0].Email) %> But as the ISet has no indexer I cannot use it. So how can I then bind the first element of ISet in MVC2? Thanks, Dmitriy.

    Read the article

  • Session Variable Not Being Saved When Using Wizard Control ASP.NET

    - by davemackey
    I have a wizard control. When someone clicks a button within the wizard control I automatically advance to the next step (rather than forcing them to click next). However, this seems to cause the session state variable not to be saved. I've done some research and noticed that Response.Redirect does hard redirects that truncate page execution - and that you can add a false parameter to prevent this...what I'm wondering is if the wizard control is doing the same thing and if so, if I can add a parameter to this as well? Dave.

    Read the article

  • problem with RenderOuterTable property for .net 4.0 controls

    - by Mario
    According to the new 4.0 framework overview, one should be able to add the attrib RenderOuterTable="false" to a control that supports the attribute and see css friendly code be spit out - in other words no html tables. To test this, I threw a login control into a basic fresh webpage with the following code: <asp:Login ID="Login1" runat="server" RenderOuterTable="false"></asp:Login> The result? Crappy html table output, which supposedly doesn't happen with this attrib set to false. Here is the output: &lt;table cellpadding=&quot;0&quot;&gt; <tr> <td align="center" colspan="2">Log In</td> </tr><tr> <td align="right"><label for="MainContent_Login1_UserName">User Name:</label></td><td><input name="ctl00$MainContent$Login1$UserName" type="text" id="MainContent_Login1_UserName" /><span id="MainContent_Login1_UserNameRequired" title="User Name is required." style="visibility:hidden;">*</span></td>... Hopefully you get the point. Anyone know how to stop these controls from outputting tables? This is super annoying.

    Read the article

  • XSS to change ASP.NET session state

    - by Juri Bogdanov
    Hello! I am developing the application that stores current user and user's role to session state (System.Web.SessionState.HttpSessionState Page.Session). if (Session["username"] == null) Session.Add("username", User.Identity.Name); if (Session["isAdministrator"] == null) Session.Add("isAdministrator", User.IsInRole(domain + "\\Domain Admins")); After I check these session states in code behind for granting permissions to some excecution: if ((bool)Session["isAdministrator"] || computer.Administrators.Contains(Session["username"].ToString())) My question is next: how safe that mechanism is? Is it possible to change the session states using some JavaScript for example or some how else? Thanks :)

    Read the article

  • Visual Studio ASP.Net MVC undo set as start page action

    - by kingrichard2005
    I have an web application that I'm working on, it was working fine until my curiosity got the better of me and I right-clicked on a view and chose Set As Start Page option. Now, whenever I run my application it takes me to the Resource Not Found error page. I have the default register route set in my Global config route which was working fine before. I notice that the URL now reads: http://localhost:1234/Views/User/Login.aspx instead of http://localhost:1234/ like it was before. I'm not sure how to undo this action or what was changed, I've looked in my web.config file but I'm not sure what to look for exactly, Help is appreciated.

    Read the article

  • Inline HTML Syntax for Helpers in ASP.NET MVC

    - by kouPhax
    I have a class that extends the HtmlHelper in MVC and allows me to use the builder pattern to construct special output e.g. <%= Html.FieldBuilder<MyModel>(builder => { builder.Field(model => model.PropertyOne); builder.Field(model => model.PropertyTwo); builder.Field(model => model.PropertyThree); }) %> Which outputs some application specific HTML, lets just say, <ul> <li>PropertyOne: 12</li> <li>PropertyTwo: Test</li> <li>PropertyThree: true</li> </ul> What I would like to do, however, is add a new builder methid for defining some inline HTML without having to store is as a string. E.g. I'd like to do this. <% Html.FieldBuilder<MyModel>(builder => { builder.Field(model => model.PropertyOne); builder.Field(model => model.PropertyTwo); builder.ActionField(model => %> Generated: <%=DateTime.Now.ToShortDate()%> (<a href="#">Refresh</a>) <%); }).Render(); %> and generate this <ul> <li>PropertyOne: 12</li> <li>PropertyTwo: Test</li> <li>Generated: 29/12/2008 <a href="#">Refresh</a></li> </ul> Essentially an ActionExpression that accepts a block of HTML. However to do this it seems I need to execute the expression but point the execution of the block to my own StringWriter and I am not sure how to do this. Can anyone advise?

    Read the article

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >