Skip to main content

Home/ Agency Oasis Developers/ Group items tagged net

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
mgraber

ASP.NET QuickStart Tutorials - 0 views

quickstarts.asp.net/...default.aspx

asp.net forms

shared by mgraber on 30 Aug 10 - Cached
  • Securing Non-ASP.NET Files
  • ASP.NET handles requests for file extensions that are normally associated with ASP.NET, while IIS handles requests for all other file extensions. By default this means common file extensions such as .aspx and .asmx are processed by ASP.NET. This processing includes authentication and authorization to ASP.NET files. Sometimes though, a developer wants non-ASP.NET resources to be processed by ASP.NET. One reason for processing non-ASP.NET files through ASP.NET is to allow ASP.NET authentication and authorization to control access to these types of files. The combination of IIS6 on Windows Server 2003 and ASP.NET 2.0 provides the most flexibility for running the ASP.NET pipeline as part of processing a request for a non-ASP.NET resource. IIS6 includes support that allows ASP.NET 2.0 to perform authentication and authorization steps, and to then hand off the remainder of the processing of a non-ASP.NET resource back to IIS6. For example, it is possible to authenticate access to an ASP page using ASP.NET forms authentication, authorize access with ASP.NET's Url authorization and still allow the ASP ISAPI extension (asp.dll) to execute the ASP page. This support is possible because IIS6 introduced a new server support function for ISAPI extensions: HSE_REQ_EXEC_URL. Assume that a directory structure contains a mix of both ASP and ASP.NET files. The ASP.NET pages are used to log a user in with forms authentication, while the ASP pages represent the rest of the application. Using the IIS6 MMC, right-click on directory and create an application (this is the same step that is necessary when setting up a standard ASP.NET application). After an application has been created, click on the Configuration button that is located on the Directory property page. This will cause the Application Configuration dialog to be displayed. New to IIS6 is a feature called wildcard application mapping. The bottom of the Application Configuration dialog allows you to configure this feature. First determine the path for the ASP.NET ISAPI extension that processes ASP.NET files such as .aspx files. You can find this path by looking at the extensions that are listed in the Application Extensions list shown in the top half of the Application Configuration dialog. Click on the row in the list that maps the .aspx extension, and select the Edit button. In the dialog that pops up, highlight the text in the Executable textbox and copy it to the clipboard. Then cancel out of the dialog. Next, click the Insert button that is in the bottom half of the Application Configuration dialog. A dialog box titled Add/Edit Application Extension Mapping will be displayed. In the Executable text box, enter the path to the ASP.NET ISAPI extension that you copied to the clipboard earlier. The end result should look something like the screenshot below.
  • Click OK to close out all of the dialogs. Now whenever a request is made for any file, the request will first be processed by ASP.NET. If the web.config for your ASP.NET application has enabled forms authentication, an unauthenticated request for a .asp file will first trigger a redirect to the login page configured for forms authentication. After a user has successfully logged in, they will be redirected back to the original .asp page. When the now-authenticated user requests the .asp page, ASP.NET will first run through the FormsAuthenticationModule to verify that the forms authentication cookie exists and is still valid. If this check passes, ASP.NET will hand processing of the .asp page back to IIS6, at which point IIS6 will pass the request on to the ISAPI extension that normally process .asp pages. In this case the extension is asp.dll and the ASP page will then run to completion. The reason ASP.NET will pass the request back to IIS6 is that non-ASP.NET resources will fall through the list of configured <httpHandlers> to the following entry: <add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler" validate="True" /> The DefaultHttpHandler is responsible for handing requests back to IIS6 for further processing.
  • mgraber on 30 Aug 10
     
    "Securing Non-ASP.NET Files"
mgraber

Programming - SDN5 - 0 views

sdn5.sitecore.net/...Programming.aspx

sitecore

shared by mgraber on 10 Jun 09 - Cached
  • 3.1.  Programming Practices Data Structuring can influence the performance. If the logic for home page news articles is to present the latest three, the logic of looking for articles structured as /year/month/day/article is faster than sorting a large number of articles stored directly under /news.
  • 3.3.  Convert Underperforming XSL Renderings to .NET Certain operations can be completed much more efficiently in .NET than in XSL. Use Sitecore’s browser-based debugger to identify poorly performing code for migration to pure .NET. Invoking XSL may be more expensive in .NET than executing native .NET code.  If possible, certain XSL renderings, especially those which consume a great deal of resources or can only be cached under limited conditions should be converted to .NET method renderings, sublayouts or web controls.  Expensive XSL code can be converted to .NET extension controls and functions.
mgraber

Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - OWASP - 0 views

www.owasp.org/..._(CSRF)_Prevention_Cheat_Sheet

security cross-site scripting

shared by mgraber on 02 Nov 11 - No Cached
  • mgraber on 02 Nov 11
     
    "Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "
Mark Ursino

OAuth.net - 0 views

code.google.com/oauth-dot-net

c# .net authentication

shared by Mark Ursino on 17 Feb 10 - Cached
  • Mark Ursino on 17 Feb 10
     
    OAuth.net is a .net library which provides full OAuth consumer and provider support. The library facilitates secure API authentication in a simple and standard method for desktop and web applications.
mgraber

James Jardine : Developer Notes - 0 views

www.jardinesoftware.net/...admin

security cross-site scripting

shared by mgraber on 02 Nov 11 - No Cached
  • mgraber on 02 Nov 11
     
    "Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."
mgraber

Microsoft Asp.net version 3.5 : Security vulnerabilities - 0 views

www.cvedetails.com/...Microsoft-Asp.net-3.5.html

cross-site scripting

shared by mgraber on 15 Nov 11 - No Cached
  • mgraber on 15 Nov 11
     
    "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter"
Mark Ursino

ELMAH (Error Logging Modules and Handlers) - 0 views

code.google.com/elmah

error logging asp .net c#

shared by Mark Ursino on 17 Feb 10 - Cached
  • Mark Ursino on 17 Feb 10
     
    ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment.
Mark Ursino

GMap.NET - 1 views

gmapdotnet.codeplex.com

maps google geocoding asp .net

shared by Mark Ursino on 30 Mar 10 - Cached
  • Mark Ursino on 30 Mar 10
     
    GMap.NET is a simple server control to allow easy implementation of google maps into any C# or VB.NET project without the use of any code and includes seamless integration with a .Kml file.
Mark Ursino

GMap.NET - Great Maps for Windows Forms & Presentation - 0 views

greatmaps.codeplex.com/Wikipage

maps google geocoding asp .net

shared by Mark Ursino on 30 Mar 10 - Cached
  • Mark Ursino on 30 Mar 10
     
    GMap.NET is a powerful, Free, cross platform, open source .NET control. Enable use routing, geocoding and maps from Google, Yahoo!, Bing, OpenStreetMap, ArcGIS, Pergo, SigPac in Windows Forms & Presentation, supports caching and runs on windows mobile!
Mark Ursino

Custom ASP.NET NUnit Test Runner - 0 views

www.codeflood.net/testrunner

sitecore unittest nunit testing

shared by Mark Ursino on 23 Sep 11 - No Cached
  • Mark Ursino on 23 Sep 11
     
    The custom ASP.NET NUnit test runner is a simple utility to allow running your NUnit tests inside your ASP.NET application. This is used to allow testing inside an HttpContext without the hassles and pitfalls of trying to fake the context for a test. I use this test runner on my Sitecore projects to allow unit testing inside the Sitecore application.
Douglas Couto

Bipin Joshi.net | .Net & Coding - 0 views

www.dotnetbips.com/...68-428b-939b-9e42a2feeec3.aspx

html 5 asp.net input types

shared by Douglas Couto on 19 Nov 11 - No Cached
  • Douglas Couto on 19 Nov 11
     
    "Using HTML5 input types in ASP.NET Web Forms"
Douglas Couto

[How Do I:] Use the ASP.NET AJAX History Control?: The Official Microsoft ASP.NET Site - 0 views

www.asp.net/...he-aspnet-ajax-history-control

shared by Douglas Couto on 18 Jun 10 - Cached
  • Douglas Couto on 18 Jun 10
     
    "[How Do I:] Use the ASP.NET AJAX History Control?"
mgraber

ASP.NET forms authentication - auto login with a test account while debugging? - Stack ... - 0 views

stackoverflow.com/...a-test-account-while-debugging

asp.net forms login

shared by mgraber on 14 Sep 10 - No Cached
  • mgraber on 14 Sep 10
     
    "ASP.NET forms authentication - auto login with a test account while debugging"
Mark Ursino

NuPack - 0 views

nupack.codeplex.com

asp .net

shared by Mark Ursino on 12 Oct 10 - No Cached
  • Mark Ursino on 12 Oct 10
     
    NuPack is a free, open source developer focused package management system for the .NET platform intent on simplifying the process of incorporating third party libraries into a .NET application during development.
Mark Ursino

Composite C1 - the open source .NET 4 CMS - 0 views

www.composite.net/C1.aspx

cms .net opensource

shared by Mark Ursino on 30 Nov 10 - No Cached
  • Mark Ursino on 30 Nov 10
     
    Composite C1 is a free open source web content management system based on Microsoft .NET technology. C1 is aimed at communicators who need to easily manage content on corporate websites while maintaining a consistent visual identity. C1 comes fully featured, it's straightforward to use, easy to extend, and integrates with other systems beautifully.
Mark Ursino

BlogEngine.NET - 0 views

www.dotnetblogengine.net

.net blog free framework

shared by Mark Ursino on 23 Feb 09 - Cached
  • Mark Ursino on 23 Feb 09
     
    An open source ASP.NET 2.0 powered blogging engine
Mike Tomasulo

The ASP Column: Using SOAP Extensions in ASP.NET - 0 views

msdn.microsoft.com/...cc164007.aspx

asp.net .net aspnet c# tutorial programming service web XML

shared by Mike Tomasulo on 19 Jan 11 - Cached
  • Mike Tomasulo on 19 Jan 11
     
    How to log XML from SOAP messages in (non-WCF) ASP.NET
1 - 20 of 540 Next › Last »
Showing 20 items per page