|
|
Thank you very much for your response.
|
|
|
|
|
Hello,
I am trying to attach a signature with the proxy and trying to do some operation like below:
wse.RequestSoapContext.Security.Tokens.Add (new X509SecurityToken(cert));
X509SecurityToken crtTkn = new X509SecurityToken(cert);
http://www.eggheadcafe.com/articles/20021231.asp
I am not able to see a "RequestSoapContext" under my proxy of webservice...? Could some one please suggest. What I might be missing. I have installed WSE 2.0
Regards,
Pavas
|
|
|
|
|
Hi
Can somebody please help me out. I created a Site that works but the code is directed to an Access Database.
I swopped to SQL Server 2005 and need to alter my code to connect and Select the Username and Password from
SQL Server 2005.
What changes do i need to make?
See Code Below please.
Imports System.Collections.Generic
Partial Class MasterPage
Inherits System.Web.UI.MasterPage
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
dlgLogin.Focus()
'Sets connectionstring and checks if user is logged in...................................
DBFunctions.setConnectionString(AccessDataSource1.ConnectionString)
If Not IsPostBack Then
'Page counter code...................................................................
If Application("PageCounter") Is Nothing Then
Application("PageCounter") = 1
Else
Application("PageCounter") += 1
End If
lblCounter.Text = Application("PageCounter")
'Connection........................................................................
If Not Session("Email") Is Nothing Then
LoggedIn()
Else
lblName.Visible = False
End If
End If
End Sub
Public Sub LoggedIn()
lblName.Visible = True
linkEdit.Enabled = True
lbtnLogout.Enabled = True
linkEdit.Visible = True
lbtnLogout.Visible = True
'Rater check for Username...............................................................
Try
Dim checkList As List(Of List(Of String)) = DBFunctions.queryRows("SELECT Username FROM Rater WHERE Email = '" + Session("Email") + "'")
lblName.Text = "Hello, " + checkList(0)(0)
lblName.ForeColor = Drawing.Color.DarkGreen
Catch ex As Exception
End Try
'Company check for Company Name................................................................
Try
Dim checkList2 As List(Of List(Of String)) = DBFunctions.queryRows("SELECT Name FROM Company WHERE Email = '" + Session("Email") + "'")
lblName.Text = "Hello, " + checkList2(0)(0)
lblName.ForeColor = Drawing.Color.Black
Catch ex As Exception
End Try
dlgLogin.Visible = False
linkRater.Visible = False
linkComp.Visible = False
linkPassword.Visible = False
End Sub
'boolean, returns true if login successful, false if not
Private Function authenticate(ByVal uname As String, ByVal password As String) As Boolean
'Rater check for email and password................................................................................
Try
Dim checkList As List(Of List(Of String)) = DBFunctions.queryRows("SELECT COUNT(Email) FROM Rater WHERE Email = '" + uname + "' and Password = '" + password + "'")
If checkList(0)(0) = "1" Then
Return True
End If
Catch ex As Exception
End Try
'Company check for email and password.............................................................................
Try
Dim checkList2 As List(Of List(Of String)) = DBFunctions.queryRows("SELECT COUNT(Email) FROM Company WHERE Email = '" + uname + "' and Password = '" + password + "'")
If checkList2(0)(0) = "1" Then
Return True
End If
Catch ex As Exception
End Try
Return False
End Function
Protected Sub dlgLogin_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles dlgLogin.Authenticate
e.Authenticated = authenticate(dlgLogin.UserName, dlgLogin.Password)
End Sub
Protected Sub lbtnLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lbtnLogout.Click
dlgLogin.LoginButtonText = "Log In"
lblName.Visible = False
lbtnLogout.Enabled = False
lblName.Text = "Hello, "
Session.Clear()
Session.Abandon()
Session.RemoveAll()
dlgLogin.Enabled = True
Response.Redirect("Default.aspx")
End Sub
Protected Sub dlgLogin_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles dlgLogin.LoggedIn
Session("Email") = dlgLogin.UserName
LoggedIn()
End Sub
'For setting Label from other forms
Public Property Header() As String
Get
Return lblName.Text
End Get
Set(ByVal value As String)
lblName.Text = value
End Set
End Property
Protected Sub linkEdit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles linkEdit.Click
If lblName.ForeColor = Drawing.Color.Black Then
Response.Redirect("CompanyRegister.aspx")
Else
Response.Redirect("RaterRegister.aspx")
End If
End Sub
End Class
|
|
|
|
|
Looks like you've encapsulated your database logic well enough that you should only need to update your queryRows method and your setConnectionString method. There isn't any difference in your code that you've posted. Lookup SqlConnection and SqlCommand for a good start on how to rewrite your methods.
Etienne wrote: DBFunctions.queryRows("SELECT COUNT(Email) FROM Company WHERE Email = '" + uname + "' and Password = '" + password + "'")
As an aside, this is really bad practice for any application regardless of wither it's Access or SQL Server.
Instead you should do the following:
<br />
"SELECT COUNT(Email) FROM Company WHERE Email = @email and Password = @password"<br />
If you are using SQL Server pass this to the SqlCommand object. If you're using Access use OleDbCommand. Then regardless of the command object set the value of @email and @password using Parameters collection of the command object you create. You open yourself up to SQL Injection attacks otherwise.
Also, when you're updating data you're open to cross-site scripting attacks (XSS) unless you sanitize the data you get from the user using either Server.UrlEncode or Server.HtmlEncode. like this:
<br />
Dim email As String = Server.HtmlEncode(Request.Form("email"))<br />
<br />
' now you can pass your variable "email" to your SQL command<br />
<br />
<br />
I didn't see any examples of how you're updating data in your code above, but seeing your queries makes me think you aren't sanitizing your inputs either.
Sorry if the code samples don't compile, I haven't used VB in at least 6 years and I've never really used VB.NET.
|
|
|
|
|
Hi, I kind figure out the problem why the FormsAuthentication cookie can't be set, because just after the authentication it brings me back to the same page with the message that my session has been expired.
Lets see my webconfig.
<system.web>
<authentication mode="Forms">
<forms path="BackOffice" loginurl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
The state=Timeout is caught to show an alert saying that the session has been timed out
The code that i use just after a successful authentication:
'FormsAuthentication.SetAuthCookie(tbxEmail.Text.Trim, False)
FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True)
Response.Redirect("Home.aspx")
After a successfull authentication I don't get directed to the Home.aspx page.
When i set the following in the webconfig:
<forms path="BackOffice" loginUrl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1" cookieless="UseUri">
but than my string changes to something like:
http://localhost:4190/TEST/(F(DkeaiAh5OWpUmiVajjisadVvodQMLp1lpg4yu8pQK_PlxqApl5udnh7iAx1Yi8KhNbLIx6pQkytYVuhnwCj7GmfkbmpD-2IxXSxyilQM5HDrQ9-byppwLdbd_uBxEeSNdo5UNcPd9nxQxW0ZU3o3Sw2))/BackOffice/Home.aspx
What I am doing wrong? How i can use normal cookies zo i don't need to have the UseUri flag?
Thanks
|
|
|
|
|
ESTAN wrote: FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True)
Response.Redirect("Home.aspx")
Your call to Response.Redirect doesn't get called because you're calling RedirectFromLoginPage before it. Do something like this:
<br />
<forms .... other attributes .... defaultUrl="~/BackOffice/Home.aspx" cookieless="UseCookies" /><br />
And your code can just be:
<br />
FormsAuthentication.RedirectFromLoginPage(....)<br />
You don't need to do anything special to use cookies. Calling RedirectFromLoginPage will set the user's cookie and the FormsAuthentication module will take care of managing the session ticket in the cookie.
And if you're session is still timing out, set your timeout to something more than 1 minute. 30 minutes is the default. 1 minute will never work in a real application, it would only be valid for testing what happens when the session times out. Here's the documentation for the <forms> element: http://msdn2.microsoft.com/en-us/library/1d3t3c61.aspx[^]
|
|
|
|
|
Well i tried it, I've set the timeout to 55 minutes, added the defaultUrl and the cookieless attribute.
I changed all my code to that single line FormsAuthentication.RedirectFromLoginPage(email, false)
Well i can't seem to get it work, it calls immediately the login page again.
http://localhost:4190/TEST/BackOffice/Default.aspx?state=Timeout&ReturnUrl=%2fTEST%2fBackOffice%2fHome.aspx
I don't get it. Any idea why this is happening?
|
|
|
|
|
Have you checked FormsAuthentication.CookiesSupported to verify if the client supports cookies?
If that doesn't help, post your code and config file again to show us what it looks like now with your changes.
|
|
|
|
|
Sorry, i was a bit out.
I did a check on FormsAuthentication.CookiesSupported and it says true (i logged it to a file)
So i am a bit clueless here why this is happening.
webconfig:
<br />
<system.web><br />
<sessionState timeout="60"/><br />
</system.web><br />
<br />
<system.web><br />
<authentication mode="Forms"><br />
<forms path="BackOffice" loginUrl="BackOffice/Default.aspx?state=Timeout" defaultUrl="BackOffice/Home.aspx" timeout="55" cookieless="UseCookies"><br />
</forms><br />
</authentication><br />
<authorization><br />
<!--<allow users="*"/>--><br />
<deny users="?"/><br />
</authorization><br />
</system.web><br />
The validation code:
Protected Sub btnValidate_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnValidate.Click<br />
Dim dt As DataTable = db.GetData("SELECT Active FROM tblUsers WHERE Email = '" & tbxEmail.Text.Trim & "' and Password = '" & Replace(tbxPassword.Text, "'", "''") & "'")<br />
<br />
If (dt.Rows.Count = 0) Then<br />
' This means that the combination of the email address and the password could not be found in the database<br />
lblLoginMessage.Text = CType(ViewState("vsAlerts"), Hashtable)("Alert1").ToString<br />
Else<br />
If (CType(dt.Rows(0)(0), Int32) = 0) Then<br />
' This means that the user is not allowed to log in, the Active bit is set to 0<br />
lblLoginMessage.Text = CType(ViewState("vsAlerts"), Hashtable)("Alert2").ToString<br />
Else<br />
Session.Add("User", tbxEmail.Text.Trim)<br />
Session.Add("Date", DateTime.Now.ToString)<br />
Session.Add("Active", 1)<br />
<br />
Common.LogInfo("FormsAuthentication.CookiesSupported: " & FormsAuthentication.CookiesSupported(), 3, Parameters.LOG_FILE, "clssDbAccess.SetData")<br />
<br />
FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, False)<br />
End If<br />
End If<br />
End Sub
|
|
|
|
|
can anyone please give me an idea how to insert new records from a gridview control by using a button having text ADD in the header
sudha
|
|
|
|
|
sudhadotnet wrote: can anyone please give me an idea how to
Ever heard of MSDN?[^]
led mike
|
|
|
|
|
Hi, Sorry if this is asked already,
I am doing...
button_Click(...)<br />
{<br />
literal1.Text="<iframe src="../Forms/NEW_Forms/MyForm.aspx" width="100%" height="100%"></iframe>";<br />
}
This works fine on my local machine wen I run is from VS
I cannot get the page when I put this on a local server, Should I change the URL in any way?
I tried using
literal1.Text="<iframe src="~/Forms/NEW_Forms/MyForm.aspx" width="100%" height="100%</iframe">";</iframe>
But no result,
This one is real easy for you guys, Please help.
_____________________________________________________
Yea! I could be wrong...
|
|
|
|
|
check that the path for the folder is exactly the same as above, also try specifiying the full path and see if that works
|
|
|
|
|
Hi,
try the below code, hey but i m not sure its working..but let see
button_Click(...)
{
literal1.Text="<iframe src="./Forms/NEW_Forms/MyForm.aspx" width="100%" height="100%"></iframe>";
}
If above code is not working then try using Server.MapPath("MyForm.aspx")
I hope it will help u..
Regards,
Rana Krishnraj
|
|
|
|
|
hi all,
i am developing a content management system in asp.net with C#. i have a master page named "Master1.master" with 5 content place holders-"cphHeader, cphLeft,cphCenter,cphright,cphbottom". i have another default.aspx page which is inherited from the "Master1.master". it takes as input,the following fields from the user :
1. text to be displayed.(Textbox)
2. Content holder where the text will be displayed (dropdown having names of all the 5 content holders mentioned above.).
these things entered by the user are stored in the database. The text entered by the user should be displayed in the content holder mentioned above.
How do i do it?? is there any facility which helps us access the content place holders on the default.aspx.cs page.
thanks in advance.please reply as soon as possible.
|
|
|
|
|
You can add it to the CPH Control's collection:
ContentPlaceHolder cph = (ContentPlaceHolder)Master.FindControl("PrimaryContent");<br />
if (cph != null)<br />
cph.Controls.Add(new LiteralControl("The text string"));
|
|
|
|
|
Im not too sure on this but would you be able to put the content holders in a global or common methods page, this way you can acces them from any page.
|
|
|
|
|
Hi guys,
Please forgive me, if it is a question frequent asked.
As you know, when we tried to submit a asp.net page with characters something like '<test>' filled in, and we would get an error as the subject.
How can the exception "A potentially dangerous Request.Form value was detected from the client" be handled without setting the validateRequest to false in the page directive or in the web.config file? because I just want to void this ASP.NET feature for only a single textbox, Any suggestions?
Thanks, Ming.
modified on Wednesday, April 2, 2008 10:28 AM
|
|
|
|
|
Set ValidateRequest=false on the page.
|
|
|
|
|
Hi N a v a n e e t h,
Thanks for your solution, but I think you don't understand what I am asking, you are alright, that is my fault, I didn't hightlight the key words.
The key word is without setting the validateRequest to false in the page directive or in the web.config file?
Cheers,
Ming
|
|
|
|
|
Bluebamboo wrote: The key word is without setting the validateRequest to false in the page directive or in the web.config file?
Ahh, I didn't noticed that . I don't think there is other way to do this. BTW, what is the problem for turning it off in page level or web.config ?
|
|
|
|
|
because the basic requirement is that I provide a online html editor (implemented by using textbox) which allows user types in html markup , and submit to database.
and also I have other textboxes on the same page which do need the asp.net pagevalidate feature,
is any solution? any suggestion would be appricated!
Cheers,
Ming
|
|
|
|
|
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["mysession"].ToString() != null)
{
Label1.Text = "Welcome " ;
}
else
{
Response.Redirect("Login.aspx");
}
}
}
I have the above code in one aspx page. Before logging in if someone opens this page, it should open Login page. But instead of showing theLogin page, it shows Server Error. Any one have an idea.
|
|
|
|
|
What error are you getting in the page ?
Could you clarify that
Thanks and Regards
Sandeep
If If you look at what you do not have in life, you don't have anything,
If you look at what you have in life, you have everything... "
|
|
|
|