|
Throwing the password backwards and forwards isn't a good idea at the best of times. Try to validate the user id using the password once and then pass the user id around in a cookie. If you must use the password, encrypt it and put that in a cookie too.
Paul
|
|
|
|
|
Thanks, I think I'll try it with two cookies...
Paul Riley wrote:
Throwing the password backwards and forwards isn't a good idea at the best of times.
Yeah, I know but the problem is that I'm calling different methods of a webservice (written by me so I could change that) from different websites - and I wanted to make sure that the user has the rights to call the specific method from within the webservice (because he could easily invoke the webservice without using my webclient, I think). Therefore the webservice needs user information passed (in a soapheader) with every call.
But maybe this approach is flawed in itself? But how can I secure a webservice from unauthorized access?
Cheers
and thanks
Martin
"Situation normal - all fu***d up"
Illuminatus!
|
|
|
|
|
Hmmm... I see your point. Maybe you need to have a method in your webservice that authenticates a user/pw combo (storing details in private properties) and not allow a program or web site call any other methods until they've authenticated?
Alternatively, you might be able to use web.config authorisation but possibly not if your site is hosted.
Or I believe WebServices have been designed to allow you to sell access to the service. I don't know too much about that though. If you look into it, you might be able to use that.
Just a few ideas... if you find the answer, can you let me know? I might need this soon myself.
Paul
|
|
|
|
|
Paul Riley wrote:
Hmmm... I see your point. Maybe you need to have a method in your webservice that authenticates a user/pw combo (storing details in private properties) and not allow a program or web site call any other methods until they've authenticated?
That was my first thought. But the problem with this approach is: I need to create the webservice from my web application everytime a new page loads. So I would need to know the password and username at least at this point which is the same problem. If I could share the instance of the webservice across my whole web app (but AFAIK that isn't possible) I could even save the fact that the user has been authorised in the Session object of the webservice.
Paul Riley wrote:
Alternatively, you might be able to use web.config authorisation but possibly not if your site is hosted.
This wouldn't be an issue. I create the application just for fun and don't think I'll host it anywhere else than on my machine...
Paul Riley wrote:
Or I believe WebServices have been designed to allow you to sell access to the service. I don't know too much about that though. If you look into it, you might be able to use that.
I sure will - but I won't dig deeper until next week, for tomorrow is my last "Vordiplomsprüfung" and after that - well you can figure.
My second thougt was just to let the application authorize itself with the webservice(with fixed "user"name and password) but that seems a little bit awkward. Well I'll wait and see...
Thank you very much for your answers
Martin
"Situation normal - all fu***d up"
Illuminatus!
|
|
|
|
|
If I create a permant cookie by calling
RedirectFromLoginPage("",true),
After sometime,I specify "false".
Then the users who have accessed to my website before I disable the permant cookie can still access to my web without user/pass checked?
I set up autoentication timeout=30minutes,but after that period of time,when user focus on the page again,they will be surprised that they are directed to login.aspx.
So could it be possilbe to display something that the users are timed out?
Thanks.
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
Hi!
zhoujun wrote:
Then the users who have accessed to my website before I disable the permant cookie can still access to my web without user/pass checked?
Yes I think that this is true you have to sign them out first or maybe specify a different user name in you second call to RedirectFromLoginPage(..)
zhoujun wrote:
So could it be possilbe to display something that the users are timed out?
Yeah I would be interested in this one too...
Cheers
Martin
"Situation normal - all fu***d up"
Illuminatus!
|
|
|
|
|
Thanks again,Martin.
or maybe specify a different user name in you second call to RedirectFromLoginPage(..)
How to do that?Could you say more?
Thanks.
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
zhoujun wrote:
How to do that?Could you say more?
My thought was, that maybe when u specify a different username string (can be build from the original one, a suffix should be sufficient) in your second call to FormsAuthentication.RedirectFromLoginPage this new cooki will be used for authentication, but I don't know if it would work. The best and cleanest way is maybe to first call FormsAuthentication.SignOut() to remove the persistent cookie and then log the user back in with your non-persistent cookie.
Cheers
Martin
"Situation normal - all fu***d up"
Illuminatus!
|
|
|
|
|
zhoujun wrote:
I set up autoentication timeout=30minutes,but after that period of time,when user focus on the page again,they will be surprised that they are directed to login.aspx.
So could it be possilbe to display something that the users are timed out?
I think maybe I found out (hope it works). You can do the following on your login page:
FormsIdentity ident = Context.User.Identity as FormsIdentity;
if(ident.Ticket!=null)
if(ident.Ticket.Expired){
}
Cheers
HTH
Martin
"Situation normal - all fu***d up"
Illuminatus!
|
|
|
|
|
Is it possible to use .NET on a Linux server with (of course) Linux OS?
Rickard Andersson@Suza Computing
C# and C++ programmer from SWEDEN!
UIN: 50302279
E-Mail: nikado@pc.nu
Speciality: I love C#, ASP.NET and C++!
|
|
|
|
|
|
Nice!
But it's not final... what I could read in the FAQ it wasn't...
But it will be!
Thank you!
Rickard Andersson@Suza Computing
C# and C++ programmer from SWEDEN!
UIN: 50302279
E-Mail: nikado@pc.nu
Speciality: I love C#, ASP.NET and C++!
|
|
|
|
|
well, Asp.Net web application runs only on IIS web server. I think if u can install IIS on linux server n successfully configure it then web application must run.
|
|
|
|
|
Ages ago I got an email about testing a beta version of a package by Halcyonsoft[^], I think they were calling it iNET -- effectively converts .NET code to Java I think. Anyway, it could be worth a visit.
--
Paul
"I need the secure packaging of Jockeys. My boys need a house!"
- Kramer, in "The Chinese Woman" episode of Seinfeld
MS Messenger: paul@oobaloo.co.uk
Sonork: 100.22446
|
|
|
|
|
It sounds cool!
I will try it.. but... WTF.. is the beta an evalution version??
Rickard Andersson@Suza Computing
C# and C++ programmer from SWEDEN!
UIN: 50302279
E-Mail: nikado@pc.nu
Speciality: I love C#, ASP.NET and C++!
|
|
|
|
|
You'll probably find its unsupported to some extent. If you actively use it and report problems with the software then you'll be given support, but since its not complete you can't expect it to work flawlessly.
As for evaluation, check in any terms and conditions before you download. You may find that you can only use it until a certain date (by which point a final edition may be available).
--
Paul
"I need the secure packaging of Jockeys. My boys need a house!"
- Kramer, in "The Chinese Woman" episode of Seinfeld
MS Messenger: paul@oobaloo.co.uk
Sonork: 100.22446
|
|
|
|
|
One question:
What download am I suppose to take?
The bundled or unbundled?
If the Linux OS don't have the JDK or something, should I take the bundled then?
Rickard Andersson@Suza Computing
C# and C++ programmer from SWEDEN!
UIN: 50302279
E-Mail: nikado@pc.nu
Speciality: I love C#, ASP.NET and C++!
|
|
|
|
|
Hi Pals
This might be a simple one for most of you!
I am trying to send an email using CDO NTS, with the following code
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.To = "myname@yahoo.com"
objMail.Body = "Test Email"
objMail.From = "myname@yahoo.com"
objMail.Subject="Test Email"
objMail.BodyFormat=0
objMail.Send
Set objMail = nothing
the mail is not sent when i ran the above code, i checked for SMTP services on my machine, which is a WIN 2K server in my office network, they are running too.
what might be the problem?
I ran the same code from my home machine which is again win2k server and it worked perfectly...
any suggestions as why its not working???
Thanks for your help in advance
Jon.
|
|
|
|
|
How do you have relaying configured?
|
|
|
|
|
I am not sure what exactly relaying means?
didnt do any configuration from my end, thought everything was set default, and we can use it straight forward.
ALl i did was checked in the Services for SMTP, and it is running, is there something i am missing here!!
Thanks
|
|
|
|
|
Relaying is the action of transmitting a mail via SMTP services. Most SMTP services recommend that you turn it off or authenticate using one way or another. It all ties back to an individual being able to use your server to "relay" their spam...
Is there anyone else using this SMTP server? I have a few questions reqarding the configuration...
|
|
|
|
|
Here's an article that might help...
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/moc04_57.htm
|
|
|
|
|
I started ASP.NET last night, and I put an ASP:Label in my page, and some normal text. The text is rendered so that it's written over the label. How do I mix asp controls and html so that each lines up with the other, or can't I ?
Christian
Hey, at least Logo had, at it's inception, a mechanical turtle. VB has always lacked even that... - Shog9 04-09-2002
During last 10 years, with invention of VB and similar programming environments, every ill-educated moron became able to develop software. - Alex E. - 12-Sept-2002
|
|
|
|
|
First question: Do you have it configured for Grid or Flow layout?
My first assumption is that the label control could be using placement coordinates whereas your normal text is not, therefore allowing for "overlapping".
|
|
|
|
|
I thought of that this morning - it's grid I believe ( the default ). Will changing it fix my problem ?
It's also all in a server run form if that makes any difference.
Christian
Hey, at least Logo had, at it's inception, a mechanical turtle. VB has always lacked even that... - Shog9 04-09-2002
During last 10 years, with invention of VB and similar programming environments, every ill-educated moron became able to develop software. - Alex E. - 12-Sept-2002
|
|
|
|