how to make sure user would not able to browse directly to that page in the URL
how to make sure user would not able to access the aspx page directly by manually entering the url but only through the application.I tried useing url.referrer but as I am using server.transfer it...
View ArticleHow to authenticate user by using active directory group(s)?
I have a C# ASP.NET 4.0 web site and would like to limit access to the web site to users in one or more active directory groups. I have been able to configure my web.config so that only users with a...
View ArticleASP .NET MVC C# recommended code solution fix for a Web Inspect HP Fortify...
I have been trying to find a code repair for a Web Inspect HP Fortify report class II finding. I have a case where the IA error, Information disclosure vulnerability has been caused by poor error...
View ArticleDangerous code detected on production server only with htmleditor extender.
I'm a bit baffled. I've got all prerequisites configured and working correctly with my htmleditorextender meaning.1) Sanitization providers correctly installed, referenced with dlls ext.2) latest...
View Articlecan google webmaster tools find malware in pages that are password protected?
I use membership security for my website (yes, I know it is outdated, but I had too much trouble updating it), which means that various folders in the site have a web.config file in them, that...
View ArticleUsing AntiXSS on store and read from db redundant?
Is there any point to pass information read frm a db through AntiXSS filters if the only way they could be saved to the db in the first place was going through an AntiXSS filter? I have dynamic pages...
View Articleaccessing a webservice both from asp.net and from a program
I have a webservice on my website. I also have a stand alone program that people can download from my website, to interact with the webservice. The webservice writes to a database, and my website...
View ArticleA strange website bug
I have an asp.net website, which I work on from home. One day, I worked on it with a library computer, (the library was 40 miles from my home) and several pages crashed. But they crashed with server...
View ArticleRegarding encryption and decryption of query string
A simple question I have.<br> Does encryption of a query string using a constant key always produces same encrypted value of a constant text. If yes how can I avoid this.also server.transfer...
View ArticleJavaScript error on all for my working ASP.net programs in Visual Studio
I keep getting a JavaScript error on all for my working ASP.net programs in Visual Studio.I think I caught a virus.Here is my error code:JavaScript critical error at line 1, column 1 in...
View ArticleScreen scrapping with AutoLogin
Hi,I wanted to do AutoLogin and Screen scrapping the page. I was able to login by extending WebClient. I'm using Asp.Net 4.5 without MVC. The problem I have is, inside this page have a flash...
View ArticleWhy IIS denied all asp.net requests?
I have a website, which is intended for logon windows user only, so I set IIS anonymous access = false, windows authenication = true.and assign all users to a group that have access to the wwwroot...
View ArticleImproper Neutralization of special elements used in an sql command
This is very similar to a previous post but with different code. I have to eliminate a SQL injection error from within a method. Now, with only minor modifications this error must be eliminated. Here...
View ArticleSQL Injection error.
I have to eliminate a SQL injection error from within a method. What the code is doing is passing in a SQL querystring as the command to a DbCommand object, see the code below. Now, with only minor...
View ArticleUnable to stop SQL injection errors.
I finally get it. It's not just the code I use to execute the ExecuteScalar method but it is mainly the code up stream that is executing the class. It is everything calling your code. That said, can...
View ArticleExecuteNonQuery SQL injection error from concatanating C# client values into...
I posted a message in the SQL forum but I think it was the wrong place. This is my problem. When I do an ExecuteNonQuery statement string from a c# client I am adding C# variables to the hard coded...
View ArticleAllowing the attacker to access unathorized records finding.
I have a scan finding and hope someone can provide any ideas as to best ways to resolve the issue. First I will show the scan Finding then my code and finally what the scanner's recommended solution...
View ArticleSite being crawled
So I have a small asp site I built for a customer. Since it was a really low budget, I just have some minor error logging on it. I wasn't too concerned because there are really like 3 or 4 custom pages...
View ArticleSQL query built using input coming from an untrusted source
I have used parameters to prevent SQL injection; however, my scan is complaining about the passed in query string coming from an untrusted source. This is confusing me because everything appears to be...
View ArticleUnchecked returned value causing unexpected states and conditions.
I have been searching the internet for over an hour and can only find client side discussions the my latest scan finding. What I am receiving is method that uses the Read() method and because the...
View Article