|
I am trying to call a web service function within my own ASP.net (code behind) using AJAX on the page.
Once i push the button to execute the JS/AJAX/codebehind - I got an error.
[b]POST [url]http://************/admin/Admin.aspx/getDBInformation[/url] 500 (Internal Server Error)[/b]
This is my code below that I am currently using:
[code]
<webmethod> _
Public Shared Function getDBInformation() As String
loadDBData()
Return JsonConvert.SerializeObject(dbInfo, System.Xml.Formatting.Indented)
End Function
End Class
[/code]
The code behind looks like this:
[code]
Imports System.DirectoryServices
Imports System.Security.Principal
Imports System.Net
Imports System.Drawing
Imports System.IO
Imports System.Data.SqlClient
Imports System.Web.Services
Imports Newtonsoft.Json
Partial Class _Default
Inherits System.Web.UI.Page
Dim dbStoredData As dbData
Shared dbInfo As New List(Of dbData)
Dim sqlQ As SqlCommand = Nothing
Dim conn As SqlConnection = Nothing
Dim reader As SqlDataReader = Nothing
Dim strconnstring As String = ""
Shared theQuery As String = "Server=*******,1433;Database=**********;User Id=*******;Password=*********;"
Private Class dbData
Public veID As String = ""
Public veDate As String = ""
Public lastUpdated As String = ""
Public updatedBy As String = ""
End Class
[SOME MORE CODE BETWEEN HERE THAT WAS LEFT OUT]
Public Sub loadDBData()
conn = New System.Data.SqlClient.SqlConnection(strconnstring)
conn.Open()
theQuery = _
"SELECT * " & _
"FROM downTable " & _
"ORDER BY veID DESC"
sqlQ = New SqlCommand(theQuery, conn)
reader = sqlQ.ExecuteReader
dbInfo.Clear()
While reader.Read()
dbStoredData = New dbData()
dbStoredData.veID = EscapeLikeValue(reader("veID").ToString())
dbStoredData.veDate = EscapeLikeValue(reader("veDate").ToString())
dbStoredData.lastUpdated = EscapeLikeValue(reader("lastUpdated").ToString())
dbStoredData.updatedBy = EscapeLikeValue(reader("updatedBy").ToString())
dbInfo.Add(dbStoredData)
End While
sqlQ = Nothing
conn.Close()
conn = Nothing
End Sub
<webmethod> _
Public Shared Function getDBInformation() As String
loadDBData()
Return JsonConvert.SerializeObject(dbInfo, System.Xml.Formatting.Indented)
End Function
End Class
[/code]
How can I correct this issue so that I am able to cal
|
|
|
|
|
I'm not quite understanding what your trying to achieve here.
So you click on a button, and run a client script using jquery or javascript ajax request to your web service?
And the web service completely bombs resulting in a server error 500?
|
|
|
|
|
Where's your JavaScript code?
Also, put a breakpoint in your C# webmethod and see if it is even hitting the C# code.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I'm getting "System.OutOfMemoryException in mscorlib.dll" exception in a View when using DisplayTemplate. I've simplified my code to this:
@model IEnumerable<T>
@{
Layout = null;
}
@{int i = 0;}
@foreach (var item in Model)
{
i += 1;
@Html.DisplayFor(modelItem => item.dsk_distancia, "distancia");
@Html.DisplayFor(modelItem => item.dsk_eurom2,"entero");
}
Where the DisplayTemplates "distancia" and "entero" goes as follows.
distancia.cshtml
@model double?
@Model.Value.ToString("F0") m.
entero.cshtml
@model double?
@Model.Value.ToString("F0")
The problem happens when the number of items increases. It works fine when the IEnumerable has less items but stops working with i>600 items or so.
I've detected that the problem is in the DisplayTemplate, because if I just use
@Html.DisplayFor(modelItem => item.dsk_distancia);
@Html.DisplayFor(modelItem => item.dsk_eurom2);
or
@item.dsk_distancia;
@item.dsk_eurom2;
then the exception is not thrown
|
|
|
|
|
I'm not extremely familiar with MVC, as I just started using it regularly a few months ago. However, I imagine this occurs because it's loading the display template into memory for each and every item. Have you tried passing a collection of dsk_distancia and dsk_eurom2 into your display templates, and looping the collection of "double?" objects in the templates, instead of looping in the view?
djj55: Nice but may have a permission problem
Pete O'Hanlon: He has my permission to run it.
|
|
|
|
|
I have a javascript that calculates mileage between two locations.
Once calculation is done, From location, To location and total mileage are displayed.
This works fine.
The issue that I am having is that I can't seem to get these values to display on another multiview control.
Here are relevant code:
//Javascript. This is what display the From, To, locations and total mileage
function initialize() {
geocoder = new GClientGeocoder();
gDir = new GDirections();
GEvent.addListener(gDir, "load", function() {
var drivingDistanceMiles = gDir.getDistance().meters / 1609.344;
var drivingDistanceKilometers = gDir.getDistance().meters / 1000;
document.getElementById('results').innerHTML = 'From: ' + location1.address + '<br />To: ' + location2.address + '<br />Driving Distance: ' + drivingDistanceMiles.toFixed(2) + ' miles ';
});
}
body id="top" onload="initialize()" class="page page-id-298 page-template-default stretched open_sans open_sans ">
<form id="form1" onsubmit="showLocation(); return false;" runat="server" class="ajax_form">
<asp:MultiView ID="myMultiView" ActiveViewIndex="0" runat="server">
<asp:View ID="vwPersonalData" runat="server">
...
...
</asp:View>
<asp:View ID="vwPreview" ActiveViewIndex="0" runat="server">
..
..
</asp:View>
</asp:MultiView>
<p id="results" runat="server" style="display:none"></p>
<asp:Button ID="btnBack" runat="server" Text="< Back " OnClick="btnBack_Click" />
<asp:Button ID="btnNext" runat="server" Text="Next >" OnClick="btnNext_Click" />
<asp:Button ID="btnSend" runat="server" Text="Send request" OnClick="btnSend_Click" />
</form>
All I am trying to do is make the values of results control ID not visible, but make it visible in the vwPreview control ID so I can grab the values in codebehind.
How do I do this?
Thanks a lot in advance
|
|
|
|
|
In MultiView, one 1 view renders at a time. So, controls of other view will not be available via client side.
As a workaround, you can use a hidden variable to store value and set it at server side to the corresponding control.
Life is a computer program and everyone is the programmer of his own life.
|
|
|
|
|
Anurag, thank you very much for your response.
Can you please give me an example of how you can use hidden variable in this instance?
|
|
|
|
|
can anyoen tell me when i use file upload in asp.net.how to rename file with id..its very urgent..plz
|
|
|
|
|
|
Simple - just use the ID to construct the file name you pass to the SaveAs method[^].
The FileUpload control does not automatically save a file to the server after the user selects the file to upload.
...
The code that you write to save the specified file should call the SaveAs method, which saves the contents of a file to a specified path on the server.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
if (FileUpload1.HasFile)
{
string s = hidVal.Value.ToString();
string link = hidsymp.Value.ToString();
lblimg_error.Text = "";
string filename = Path.GetFileName(FileUpload1.PostedFile.FileName);
string imagepath = ConfigurationManager.AppSettings["ImagePath"].ToString();
var logoimage = Path.Combine(imagepath, filename);
string extension = Path.GetExtension(filename).ToLower();
System.Drawing.Image img = System.Drawing.Image.FromStream(FileUpload1.PostedFile.InputStream);
int height = img.Height;
int width = img.Width;
FileUpload1.SaveAs(logoimage);
}
so upload file in folder
if you want to rename file when upload then store file name in one string and change string value and save changable string name
|
|
|
|
|
Why have you replied to me instead of the person asking the question?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Can we access a scanner(which is at client environment) from the client browser using ASP.Net?
I see some articles that we can do it using ActiveX.
Can some have any example.
|
|
|
|
|
I don't believe JavaScript can do it. I know my credit union's app for scanning checks uses Java so that may be the other route you need to go. JavaScript can't access local system resources so you need something like ActiveX or Java that can.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hi there! what a pleasure to join up to this forum
I've been working on making a product more secure and I've noticed when sniffing the network I can see passwords being posted via the form on Login.aspx, I would of thought there is a way to hash the password prior to form post, I've done some searching with no luck so far.
Thanks.
|
|
|
|
|
You probably mean encryption - hash is one way...
Anyway there is no use of hashing/encrypting data before post. If hacker has access to the client he can see the data before hash/encryption too!
The reason you can see the plain data is:
1. You run sniffing software (what do you use) on the client or server. That's (hopefully not the way hacker does it)
2. You do not use secure protocols, like HTTPS...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Thanks, I was planning on using a hashing method rather than encryption as encryption could be undone if you knew the algorithm/keys etc, hashing could be matched but not undone, this gets me some where for securing the password without SSL, from the research done today I may just go SSL.
|
|
|
|
|
In most cases there is an advantage to NOT to invent the wheel ...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
The problem is that hashing the password on the client doesn't solve anything, and can actually make your application less secure.
You want to hash the password on the client in case someone can sniff the traffic, so that they won't be able to see the password. But if they can sniff the traffic, they don't need to see the password; they can just submit the password hash instead, since that's what your server is expecting.
Worse, if they managed to get hold of your database of password hashes, they wouldn't need to try to crack them; they could just submit the hashes as if they were plain-text passwords.
SSL is definitely the way to go. Let the infrastructure protect your passwords in-flight, and leave the hashing on the server where it belongs.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
There are javascript based md5 hash routines which you can use on the client and send sever side for storage. If someone sniffs it they still don't know what the password value is. This works because the password entered into the log-in page will be the real password which gets hashed server side for comparison. Of course, you will have to use the same routine server side before comparing the values.
|
|
|
|
|
But now the server isn't expecting the password; it's expecting the password hash.
If someone can sniff the network traffic, they won't be able to see the password, but they'll be able to see the password hash. And that's all they need to see.
An attacker who captures the password hash in-flight can simple submit a request with that hash, and the server will happily authenticate them.
Worse, if the attacker compromises the database and gets hold of your hashed passwords, they can authenticate as any user.
Client-side hashing doesn't make your application more secure. If anything, it makes it less secure.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Clearly a secure connection is what is required but it doesn't matter if the password is passed or the hash value is passed, if someone gains access to the data that you are directly authenticating to then the result is the same regardless, not more or less, just the same. If you are using .Net you can encrypt the values using settings in the config file, that would probably be the best technique.
|
|
|
|
|
Michael_Cox wrote: if someone gains access to the data that you are directly authenticating to then the result is the same regardless
Not quite.
If an attacker is sniffing the network traffic between the client and the server, then there's no hope either way.
However, if the attacker gets hold of a list of username and hashed passwords:
- If you're hashing the password on the server, then the attacker has to guess the password before they can authenticate.
- If you're hashing the password on the client, then the attacker can immediately authenticate as any user.
Your server isn't checking that the user knows the password, only that they know the hash of the password.
If you install an SSL certificate, and ensure that your login pages are only ever served over HTTPS, then you protect the data in-flight. But if you're going to do that, then why would you bother hashing the passwords on the client? Nobody can see the network traffic, so the argument for client-side hashing is gone.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hello
I am trying to follow this tutorial
[^]
with an MS Access database in VB.NET.
In the code example (for Passwordreset.aspx), there is a reference to UserID. Is this the first column in the database, please?
This is what I have in my db:
http://www.bayingwolf.com/tutorial.jpg[^]
Would I just need to add a UserID column in order to follow the tutorial. There is also a reference in the Passwordreset.aspx code to:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
Would I just replace that with my own MS Access source?
Thank you.
|
|
|
|