|
I remember the original one, it was pretty cool.
I take a look at this today, Thanks!
I did look around but didn't see much, strange I didn't find this one.
If it ain't broke don't fix it
|
|
|
|
|
I like to know what is
refresh token and its usages.
we can get our job done by access token then why should i go for
refresh token ....what would be the benefit.
i saw a example of refresh token which show when we are getting access token then refresh token also passing along with access token. so i was totally confuse and do not understand how and why refresh token.
if possible please discuss the story of refresh token. thanks in advance.
|
|
|
|
|
When a page is requested that requires a token for authentication, that is the first token.
But if the user refreshes the page, then perhaps the first token is now expired or no longer valid, so a new token is issued called a refresh token.
Most likely this is a form, so on Post, validation must be correct first then the token must match to submit the form, or to call the function after token matching.
If your tokens never match, then the form will never get written.
If you keep issuing the same token, then token authentication will become useless and bots will take over the form.
In MVC it's called the AntiForgeryToken and you call it using attributes in the MVC controller.
So on a GET request you issue the token from the controller and it gets written inside the form tags in the view if you place the correct HTML helper in the right spot.
Then the page gets submitted, a POST request and the controller will check the token if you place the right code to check for the token first before or after validation or Model.IsValid.
If it ain't broke don't fix it
|
|
|
|
|
sorry not a good answer. my other points are not considered.
|
|
|
|
|
Interesting, I thought it was a pretty clear description of the process and the reasons for that process.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
The question was confusing, but I thought my reply was OK without being long winded on the subject.
I didn't have time to draw diagrams or write an article on the subject.
Maybe English was not his first language.
That's for backing me up on that.
If it ain't broke don't fix it
|
|
|
|
|
|
Hi,
I am maintaining a new ASP.Net application, which was running fine when I was using database; xxxxx, but another copy of the same Database when I started using: xxxx_20180425 then it started giving me the below error, its a Production application when I took the backup and restore, it started giving me the error as below, I am just confused is it Problem really in the application or just some issues related to new Database permissions for the user. Any help would be greatly helpful.
And can you please help me if I can copy the same roles of user123 permissions on the xxxxx database to xxxx_20180425, so that the user will have the same permissions. Any help would be greatly helpful. Thanks in advance.
Here is the error message:
A potentially dangerous Request.QueryString value was detected from the client (msg="...ema 'dbo'.<br />The EXECUTE pe...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see <a href="http://go.microsoft.com/fwlink/?LinkID=212874">http://go.microsoft.com/fwlink/?LinkID=212874</a>.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (msg="...ema 'dbo'.<br />The EXECUTE pe...").
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
<ol>
<li>Add a "Debug=true" directive at the top of the file that generated the error. Example:</li>
</ol>
H615311168H
or:
2) Add the following section to the configuration file of your application:
<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (msg="...ema 'dbo'.<br />The EXECUTE pe...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +9721353
System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +184
System.Web.HttpRequest.get_QueryString() +55
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +70
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6704
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +245
System.Web.UI.Page.ProcessRequest() +72
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +58
ASP.error_aspx.ProcessRequest(HttpContext context) +37
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
You need to examine the actual data to see whether it is a definite threat or not. It may be just that ASP.NET has seen a set of tokens which suggest something.
|
|
|
|
|
The exception message is quite clear. It is not related to permissions but there was a SQL query that contains potential dangerous (HTML) content.
Unfortunately only a portion of the query string is included with the message:
"...ema 'dbo'.<br />The EXECUTE pe..." But that does not look like a SQL query (besides a query contains such text which seems to be rather unlikely).
I suggest to debug your code to find out which code portion generates the query containing the above string and check that. For me it looks like the wrong string is passed as query (e.g. wrong variable name used or re-using a variable but forgetting to assign the new value).
A hint might be that the string portion seems to be part of an error message like "The EXECUTE permission was denied on the object ..." which is passed as SQL query. If so, fix the code that is using an error message as SQL query string first (e.g. by reporting the error instead) and then try to solve the permission error.
|
|
|
|
|
Jochen Arndt wrote: there was a SQL query that contains potential dangerous (HTML) content
It's not moaning about a SQL query; it's moaning about the request's querystring - the part of the URL after the ? character.
Query string - Wikipedia[^]
It looks like there was an error executing a SQL query, and an HTML representation of that error is being passed to another page in the querystring.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thank you Richard for the clarification. I was too distracted by all that database / permission topics.
But the problem of forwarding the error text should be fixed first (that is: detect the SQL error and throw an error message / show an error page instead of passing text blindly). Then the full message is available and can be used to fix the database error.
|
|
|
|
|
I've seen that before in the past.
Trying to remember what it was.
But based your stack trace, HTML was detected here
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +9721353
I think it's your HTML or web form with a simple typo in it
like a select element option on the form
Coincidence perhaps, but not database related, in front of the database
I forgot to mention that you may have some bad data in your database that looks like HTML
A potentially dangerous Request.Form value was detected… | MikeSchinkel.com
If it ain't broke don't fix it
modified 24-May-18 15:52pm.
|
|
|
|
|
I found it, its kind of weird problem the Developer put into, she used the Database name as well in most of the SPs for example, for a select statement on a table she used select col1, col2..... from Database.schema.Table1, when we are using another database name for the restore, it wasn't able to execute and giving us a strange freaky and goofy error. Anyways thanks for all your suggestions my friends.
That's why I believe Developers aren't at all the smart people - Lol.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
I'm stuggling to understand attr routing on index page.
I use this in the home controller to fix https://website.com but it crashes on https://website.com/home/index
I'm scratching my head on this
[AdminCheck]
[HttpGet]
[Route("~/")]
[Route("")]
I can add another one [Route("Index")] and it seems to fix it but I think it's just a bandaid in which something else will pop up
If it ain't broke don't fix it
|
|
|
|
|
|
This is my route config.
It's better now, but I'm befuddled as to why I had to add the extra 2 when it worked for years.
I did upgrade my MVC to 5.2.3, but stopped there due to issues with X.PagedList.Boostrap4
I thought I knew what I was doing but it fell apart on me when I went attr routing.
This is the website
https://jkirkerx.com
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapMvcAttributeRoutes();
Route ajaxRoute = new Route("{controller}/{action}", new MvcRouteHandler());
routes.Add("Ajax", ajaxRoute);
Route errorRoute = new Route("{controller}/{action}/{error}", new MvcRouteHandler());
routes.Add("Error", errorRoute);
Route diagUserNameRoute = new Route("{controller}/{userName}/{action}", new MvcRouteHandler());
routes.Add("Diagnostics", diagUserNameRoute);
Route setupUserNameRoute = new Route("{controller}/{userName}/{action}", new MvcRouteHandler());
routes.Add("Setup", setupUserNameRoute);
Route adminUserNameRoute = new Route("{controller}/{userName}/{action}", new MvcRouteHandler());
routes.Add("Admin", adminUserNameRoute);
Route portfolioRoute = new Route("{controller}/{action}", new MvcRouteHandler());
routes.Add("Portfolio", portfolioRoute);
Route reviewRequestRoute = new Route("{controller}/{sT}", new MvcRouteHandler());
routes.Add("ReviewRequest", reviewRequestRoute);
Route reviewRoute = new Route("{controller}/{action}", new MvcRouteHandler());
routes.Add("Reviews", reviewRoute);
Route homeRoute = new Route("{controller}/{action}", new MvcRouteHandler())
{
Defaults = new RouteValueDictionary(new { controller = "Home", action = "Index", id = UrlParameter.Optional })
};
routes.Add("Default", homeRoute);
}
}
If it ain't broke don't fix it
modified 22-May-18 19:36pm.
|
|
|
|
|
I'm creating a new project in ASP.NET Core WebApi.
My Api will validate users against an external system (not a public system).
I want to use OAuth2 where the mobile client obtains an access token for using the api.
Need help to find good tutorials or libraries.
modified 17-May-18 5:45am.
|
|
|
|
|
Kraftw3rk wrote: Need help to find good tutorials or libraries. www.google.com[^].
|
|
|
|
|
|
if i mention cache location at client side so when another client from different pc visit my same cache page then what will happen? i guess if i maintain cache at client side then for next visitor again db trip will occur and cache the data and store at client side......am i right?
i guess client side caching will not give much benefit....am i right?
please tell me the story of client side caching using asp.net mvc output cache directive.
|
|
|
|
|
|
The location of where the cache is stored is determined by Location property of the OutputCacheAttribute . For instance you can set Location=OutputCacheLocation.Client so it will keep the cache on the client browser.
The documentation of the OutputCacheLocation enumeration type contains the possible values:
- Any
- Client
- Downstream
- Server
- None
- ServerAndClient
Mou_kol wrote: i guess client side caching will not give much benefit....am i right?
Of course, Output caching provides you with a very easy method of dramatically improving the performance of your ASP.NET MVC applications.
Instead of giving you quick answer, I would recommend you to start reading this article: Improving Performance with Output Caching (C#) | Microsoft Docs[^]
I would also suggest you to do a quick search at google about "ASP.NET MVC client side caching" to get more information.
|
|
|
|
|
create a Gridview and retrive data in Gridview without using objectdatasource and shorting those data in asc or dsc and serching data with the help of dropdownlist and text box
|
|
|
|
|
#1 - There doesn't seem to be a question here.
#2 - This sounds like a homework assignment, no one is going to do your work
#3 - Tell / show us what you have done and the community will be glad to help out.
Dave
|
|
|
|