Re: Protecting POST from an action - ASP.NET Discussion Boards

Quake2Player3-Oct-09 9:54

3-Oct-09 9:54

What if I'm just using cookies?

For example:

Action /SomeForm/ (GET)
1. I check if the user has some cookie. If he does,
2. I show the form to him.

Action /SomeForm/ (POST)
1. Should I check if the user has that cookie or not?
2. Process inputs, etc.

Re: Protecting POST from an action

Abhishek Sur3-Oct-09 10:44

Abhishek Sur

3-Oct-09 10:44

No. I dont recommend cookies.. because it is not safe and stored in the client side.
Also anyone can delete cookies at any time.

Use session.. Its a better approach.. No one can tamper data in session Smile | :)

Abhishek Sur
Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->
Microsoft Bing MAP using Javascript
CLR objects in SQL Server 2005
Uncommon C# Keywords/xml>

Re: Protecting POST from an action

Quake2Player3-Oct-09 11:06

Quake2Player

3-Oct-09 11:06

Uhm..

1. Ok lets assume i'm not going to stop using cookies..
Should I check for the cookie in the POST? Yes or no?

2. In asp 3.0 I used to use Sessions, but in ASP.NET (MVC) I don't know how, the usage is similar to cookies? Do you have some link with Session's usage? Also, arent sessions based on cookies though?
(Also, I definetly dont wanna use the filters that come with MVC.. like [Auth] and others)

Re: Protecting POST from an action

Christian Graus3-Oct-09 11:20

Christian Graus

3-Oct-09 11:20

Quake2Player wrote:
Also, arent sessions based on cookies though?

No, they are not. They are stored on the server. The session id MAY be based on cookies, I am not sure, but all a user could do, if that were true, is delete a cookie and abandon their session. A cookie contains data on the client, which means the client can edit it, if they wanted to.

Christian Graus

Driven to the arms of OSX by Vista.

Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.

Re: Protecting POST from an action

Quake2Player3-Oct-09 11:26

Quake2Player

3-Oct-09 11:26

Ok so I'm using sessions now instead of cookies,
Can you answer my question now, which is analogue to the previous question:

Should I check for the session at the beggining of the POST?
Or I dont have to care about someone cloning the form with action=myformpost

Re: Protecting POST from an action

Christian Graus3-Oct-09 11:52

Christian Graus

3-Oct-09 11:52

I am not aware of any way of hijacking a session id. They would need to know what it was first, and I don't see any way to find out what someone else's random session id is. I suspect if someone had a way of doing that, they'd be hitting internet banking sites, and not yours.

Christian Graus

Driven to the arms of OSX by Vista.

Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.

Re: Protecting POST from an action

Abhishek Sur3-Oct-09 12:32

Abhishek Sur

3-Oct-09 12:32

yes you are right chris, one dont have to bother about hacking stuffs. Session id will be generated only for a small amount of time based on timeout value. So its hard to guess... Smile | :)

No one can use it, if the site doesnt allow to manipulate this easily. . Big Grin | :-D

Abhishek Sur
Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->
Microsoft Bing MAP using Javascript
CLR objects in SQL Server 2005
Uncommon C# Keywords/xml>

Re: Protecting POST from an action

Abhishek Sur3-Oct-09 11:59

Abhishek Sur

3-Oct-09 11:59

Of course you have to check the value in session. As Christian suggested, Session is accessible only from the server. Client can only send request and after than server have to do the rest.

When user logs in to the server, the server needs to create a session object and which will remain until session timeout occurs. Until this timespan, if any request from the same client is made, the session id will exist in the server and you can easily check the session value if he is logged in or not like during login :

if(login== success)
 Session["Auth"] = true;

For every request check :

if(Convert.ToBoolean(Session["Auth"]) != true)
{

 Response.Clear()
 Response.Write("Invalid");
 Response.Close();
 return;
}

Means you are removing the response sent to the client.

Quake2Player wrote:
Should I check for the session at the beggining of the POST?

yes . of course .. It should be checked as soon as the control comes to the server. You might use Page_Load or even if the action is posted to the HttpHandler you can do it in its processrequest section.

Hope its clear now.
Smile | :)

Abhishek Sur
Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->
Microsoft Bing MAP using Javascript
CLR objects in SQL Server 2005
Uncommon C# Keywords/xml>

How can i do it?

Fujiwara Gili3-Oct-09 5:18

Fujiwara Gili

3-Oct-09 5:18

Design Page Error T____T~!! Frown | :(

[URL=http://www.bcoms.net][IMG]http://www.bcoms.net/upload/images/bcoms2009103215149.JPG[/IMG][/URL]

fujiwara

Re: How can i do it?

Abhishek Sur3-Oct-09 6:22

Abhishek Sur

3-Oct-09 6:22

Does your mobile:form actually renders a form tag in the client end. If so then dont bother about the Designer as it will not parse the html properly if form element is not present.

Check during runtime if it is working fine or not. Smile | :)

Abhishek Sur
Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->
Microsoft Bing MAP using Javascript
CLR objects in SQL Server 2005
Uncommon C# Keywords/xml>

Re: How can i do it?

Fujiwara Gili6-Oct-09 0:43

Fujiwara Gili

6-Oct-09 0:43

thank for your kindness. i can run Page on IE and Emuator but it's not show on Design Page T_____T~!!

fujiwara

Ajax UpdatePanel Not Responding

helloshivshankar3-Oct-09 4:01

helloshivshankar

3-Oct-09 4:01

Hi All,
I am working on a AJAX Enabled asp.net web application. Which was previously developed in VS 2005.
Now this application is converted into VS 2008 with Framework 3.5

Now the problem occurs is that,
Some pages in application working fine with update panels. And some are not working properly.
Those pages are not working with update panel, also don't get the CSS files as Stylesheets.

The AsyncPostBack Trigger Not Fired, with Update Panel's UpdateMode = "Conditional" and RenderMode="Inline". But PostBack Trigger works.

In Web.Config file-
<xhtmlConformance mode="Transitional" />

Any help will be appriciated.
Thanks.

Print page on client side contained in a folder by asp.net

11Developer3-Oct-09 2:34

11Developer

3-Oct-09 2:34

Hello,

I need to print html pages contained inside a folder on server, when user clicks on a button in .aspx page all the pages contained in that folder gets printed on client side.

thanks

Re: Print page on client side contained in a folder by asp.net

mr_muskurahat3-Oct-09 2:39

mr_muskurahat

3-Oct-09 2:39

i think you need to use some DHTML for this... window.open and print for this purpose...

Http://www.gen-sys.com
Government Dyal Singh College Lahore.

Re: Print page on client side contained in a folder by asp.net

11Developer3-Oct-09 2:46

11Developer

3-Oct-09 2:46

window.open works for only printing that page on which client is....
i want to print those pages which are contained in some folder.

Re: Print page on client side contained in a folder by asp.net

sashidhar3-Oct-09 2:58

sashidhar

3-Oct-09 2:58

Have You tried this
http://www.dotnetcurry.com/ShowArticle.aspx?ID=92&AspxAutoDetectCookieSupport=1[^]

MyFirstArticlePublished: MenuControlSelectedItem
Why Do Some People Forget To Mark as Answer .If It Helps.

Re: Print page on client side contained in a folder by asp.net

Christian Graus3-Oct-09 11:00

Christian Graus

3-Oct-09 11:00

There's no way to print anything on the client side without rendering it on the client side. How could you think there might be a way ?

Christian Graus

Driven to the arms of OSX by Vista.

Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.

sending email from local host

kuduva3-Oct-09 2:34

kuduva

3-Oct-09 2:34

hi to all pls help me

i used this code to send a mail from webpage i didn't used any web server
i just run the program in my localhost this script not working it show sending mail failed any one can you pls explain this

my ultimate aim is to send a feedback form to my mail id

using System;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Net.Mail;

public partial class _Default : System.Web.UI.Page 
{
    #region  "Send email"
    protected void btnSendmail_Click(object sender, EventArgs e)
    {
        // System.Web.Mail.SmtpMail.SmtpServer is obsolete in 2.0
        // System.Net.Mail.SmtpClient is the alternate class for this in 2.0
        SmtpClient smtpClient = new SmtpClient();
        MailMessage message = new MailMessage();

        try
        {
            MailAddress fromAddress = new MailAddress(txtEmail.Text, txtName.Text);

            // You can specify the host name or ipaddress of your server
            // Default in IIS will be localhost 
            smtpClient.Host = "localhost";

            //Default port will be 25
            smtpClient.Port = 25;

            //From address will be given as a MailAddress Object
            message.From = fromAddress;

            // To address collection of MailAddress
            message.To.Add("kn.nageshwaran@gmail.com");
            message.Subject = "Feedback";

            // CC and BCC optional
            // MailAddressCollection class is used to send the email to various users
            // You can specify Address as new MailAddress("admin1@yoursite.com")
            message.CC.Add("admin1@yoursite.com");
            message.CC.Add("admin2@yoursite.com");

            // You can specify Address directly as string
            message.Bcc.Add(new MailAddress("admin3@yoursite.com"));
            message.Bcc.Add(new MailAddress("admin4@yoursite.com"));

            //Body can be Html or text format
            //Specify true if it  is html message
            message.IsBodyHtml = false;

            // Message body content
            message.Body = txtMessage.Text;
         
            // Send SMTP mail
            smtpClient.Send(message);

            lblStatus.Text = "Email successfully sent.";
        }
        catch (Exception ex)
        {
            lblStatus.Text = "Send Email Failed.<br>" + ex.Message;
        }
    }
    #endregion

    #region "Reset"
    protected void btnReset_Click(object sender, EventArgs e)
    {
        txtName.Text = "";
        txtMessage.Text = "";
        txtEmail.Text = "";
    }
    #endregion
}

Re: sending email from local host

sashidhar3-Oct-09 2:40

sashidhar

3-Oct-09 2:40

kn.nageshwaran wrote:
smtpClient.Host = "localhost";

It Should Be Your host name
Try this link
[^]
First Get Your Host Name

MyFirstArticlePublished: MenuControlSelectedItem
Why Do Some People Forget To Mark as Answer .If It Helps.

Re: sending email from local host

Manas Bhardwaj3-Oct-09 2:41

Manas Bhardwaj

3-Oct-09 2:41

kn.nageshwaran wrote:
i just run the program in my localhost this script

Did you configure SMTP server on the local machine(localhost)? D'Oh! | :doh:

Manas Bhardwaj
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.

Replication

Learner5203-Oct-09 0:25

Learner520

3-Oct-09 0:25

Hi everybody,

I have developed a page in asp.net (using vb) which is accessible over internet (public domain .com) working fine. This page facilitate end users to save, retrieve, and update existing information, and all information is saved over server database. Now my boss wants to access these information on Intranet (local site) but there is a "FIRE WALL" between Intranet and Internet. In the beginning I assumed that I could solve this issue through replication but later I have been told due to "FIRE WALL" I can't replicate data from Internet to Intranet.

MY question is how can I save and retrieve data in local and global database at the same time. Or replication is possible in this situation if it is possible, Or there are any other ways like serialization etc.. Please could you tell me how I can solve this issue, any link or any suggestion would be much appreciated.

I'm really sorry if this is not the right forum to ask this question.

regards

learner

How i can solve this sub menu enable false ?

Rahad Rahman3-Oct-09 0:19

Rahad Rahman

3-Oct-09 0:19

i want that, when i am clicking any link then some menu items will be Enable False. How it Possible ?

Re: How i can solve this sub menu enable false ?

sashidhar3-Oct-09 1:20

sashidhar

3-Oct-09 1:20

Rahad Rahman wrote:
i want that

Which One?
If You Want To Use Menu Control DisableMenu

http://forums.asp.net/p/1051380/1487722.aspx[^]

MyFirstArticlePublished: MenuControlSelectedItem
Why Do Some People Forget To Mark as Answer .If It Helps.

add scrolbar and horizantalbar bar to repeater control

paya1pa3-Oct-09 0:08

paya1pa

3-Oct-09 0:08

hi expert

i want add scrollbar and horizantalbar to repeater control just like a listbox.And fixed header.

thanks

Re: add scrolbar and horizantalbar bar to repeater control

CoderOnline3-Oct-09 1:57

CoderOnline

3-Oct-09 1:57

try this

myRepeater.Attributes["Style"] = "OVERFLOW-Y:auto;HEIGHT:200px;";

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.