Skip to main content

Home/ Agency Oasis Developers/ Group items tagged pages

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
mgraber

ASP.NET View State Overview - 0 views

msdn.microsoft.com/...bb386448.aspx

cross-site scripting

shared by mgraber on 15 Nov 11 - No Cached
  • mgraber on 15 Nov 11
     
    "Encrypting View State Although MAC encoding helps prevent tampering with view state data, it does not prevent users from viewing the data. You can prevent people from viewing this data in two ways: by transmitting the page over SSL, and by encrypting the view state data. Requiring the page to be sent over SSL can help prevent data-packet sniffing and unauthorized data access by people who are not the intended recipients of the page. However, the user who requested the page can still view the view state data because SSL decrypts the page to display it in the browser. This is fine if you are not concerned about authorized users having access to view state data. However, in some cases, controls might use view state to store information that no users should have access to. For example, the page might contain a data-bound control that stores item identifiers (data keys) in view state. If those identifiers contain sensitive data, such as customer IDs, you should encrypt the view state data in addition to or instead of sending the page over SSL. To encrypt the data, set the page's ViewStateEncryptionMode property to true. If you store information in view state, you can use regular read and write techniques; the page handles all encryption and decryption for you. Encrypting view state data can affect the performance of your application. Therefore, do not use encryption unless you need it. Control State Encryption Controls that use control state can require that view state be encrypted by calling the RegisterRequiresViewStateEncryption method. If any control in the page requires that view state be encrypted, all view state in the page will be encrypted. Per-user View State Encoding If a Web site authenticates users, you can set the ViewStateUserKey property in the Page_Init event handler to associate the page's view state with a specific user. This helps prevent one-click attacks, in which a malicious user creates a valid, pre-filled Web page with view state from a pre
mgraber

ASP.NET QuickStart Tutorials - 0 views

quickstarts.asp.net/...default.aspx

asp.net forms

shared by mgraber on 30 Aug 10 - Cached
  • Securing Non-ASP.NET Files
  • ASP.NET handles requests for file extensions that are normally associated with ASP.NET, while IIS handles requests for all other file extensions. By default this means common file extensions such as .aspx and .asmx are processed by ASP.NET. This processing includes authentication and authorization to ASP.NET files. Sometimes though, a developer wants non-ASP.NET resources to be processed by ASP.NET. One reason for processing non-ASP.NET files through ASP.NET is to allow ASP.NET authentication and authorization to control access to these types of files. The combination of IIS6 on Windows Server 2003 and ASP.NET 2.0 provides the most flexibility for running the ASP.NET pipeline as part of processing a request for a non-ASP.NET resource. IIS6 includes support that allows ASP.NET 2.0 to perform authentication and authorization steps, and to then hand off the remainder of the processing of a non-ASP.NET resource back to IIS6. For example, it is possible to authenticate access to an ASP page using ASP.NET forms authentication, authorize access with ASP.NET's Url authorization and still allow the ASP ISAPI extension (asp.dll) to execute the ASP page. This support is possible because IIS6 introduced a new server support function for ISAPI extensions: HSE_REQ_EXEC_URL. Assume that a directory structure contains a mix of both ASP and ASP.NET files. The ASP.NET pages are used to log a user in with forms authentication, while the ASP pages represent the rest of the application. Using the IIS6 MMC, right-click on directory and create an application (this is the same step that is necessary when setting up a standard ASP.NET application). After an application has been created, click on the Configuration button that is located on the Directory property page. This will cause the Application Configuration dialog to be displayed. New to IIS6 is a feature called wildcard application mapping. The bottom of the Application Configuration dialog allows you to configure this feature. First determine the path for the ASP.NET ISAPI extension that processes ASP.NET files such as .aspx files. You can find this path by looking at the extensions that are listed in the Application Extensions list shown in the top half of the Application Configuration dialog. Click on the row in the list that maps the .aspx extension, and select the Edit button. In the dialog that pops up, highlight the text in the Executable textbox and copy it to the clipboard. Then cancel out of the dialog. Next, click the Insert button that is in the bottom half of the Application Configuration dialog. A dialog box titled Add/Edit Application Extension Mapping will be displayed. In the Executable text box, enter the path to the ASP.NET ISAPI extension that you copied to the clipboard earlier. The end result should look something like the screenshot below.
  • Click OK to close out all of the dialogs. Now whenever a request is made for any file, the request will first be processed by ASP.NET. If the web.config for your ASP.NET application has enabled forms authentication, an unauthenticated request for a .asp file will first trigger a redirect to the login page configured for forms authentication. After a user has successfully logged in, they will be redirected back to the original .asp page. When the now-authenticated user requests the .asp page, ASP.NET will first run through the FormsAuthenticationModule to verify that the forms authentication cookie exists and is still valid. If this check passes, ASP.NET will hand processing of the .asp page back to IIS6, at which point IIS6 will pass the request on to the ISAPI extension that normally process .asp pages. In this case the extension is asp.dll and the ASP page will then run to completion. The reason ASP.NET will pass the request back to IIS6 is that non-ASP.NET resources will fall through the list of configured <httpHandlers> to the following entry: <add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler" validate="True" /> The DefaultHttpHandler is responsible for handing requests back to IIS6 for further processing.
  • mgraber on 30 Aug 10
     
    "Securing Non-ASP.NET Files"
mgraber

Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - OWASP - 0 views

www.owasp.org/..._(CSRF)_Prevention_Cheat_Sheet

security cross-site scripting

shared by mgraber on 02 Nov 11 - No Cached
  • mgraber on 02 Nov 11
     
    "Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "
Mark Ursino

Page Speed Home - 0 views

code.google.com/page-speed

performance firefox firebug tools

shared by Mark Ursino on 10 Jun 09 - Cached
  • Mark Ursino on 19 Aug 09
     
    Page Speed is an open-source Firefox/Firebug Add-on. Webmasters and web developers can use Page Speed to evaluate the performance of their web pages and to get suggestions on how to improve them.
Mark Ursino

Backstretch: a simple jQuery plugin that allows you to add a dynamically-resized backgr... - 0 views

srobbin.com/...backstretch

jquery background plugin

shared by Mark Ursino on 09 Mar 12 - No Cached
  • Mark Ursino on 09 Mar 12
     
    Backstretch is a simple jQuery plugin that allows you to add a dynamically-resized background image to any page. It will stretch any image to fit the page, and will automatically resize as the window size changes.
Jagmohan Rathore

Custom 404 page ignored by IIS 7 - 1 views

briancaos.wordpress.com/...stom-404-page-ignored-by-iis-7

404 page

shared by Jagmohan Rathore on 01 Feb 13 - No Cached
  • Jagmohan Rathore on 01 Feb 13
     
    Custom 404 page ignored by IIS 7 - TrySkipIisCustomErrors
Mark Ursino

AnythingSlider - 0 views

css-tricks.com/...AnythingSlider

jquery slider plugin

shared by Mark Ursino on 12 Oct 10 - Cached
  • Mark Ursino on 12 Oct 10
     
    - Panels are HTML Content (can be anything). - Multiple AnythingSliders allowable per-page. - Infinite/Continuous sliding (always slides in the direction you are going, even at "last" slide). - Optionally resize each panel (specified per panel in css). - Optional Next / Previous Panel Arrows. - Use keyboard navigation or tabs that are built and added dynamically (any number of panels). - Link to specific slides or go forward or back one slide from static text links - go to Slide 4 (Quote #2) in second example. - Each panel has a hashtag (can link directly to specific panels). - Optional custom function for formatting navigation text. - Auto-playing slideshow (optional feature, can start playing or stopped) - Pauses playing YouTube videos when not in view and resumes them when in view (only in non-IE browsers & if files are hosted on the web). - Pauses slideshow on hover (optional). - Optionally play the slideshow once through, stopping on the last page.
Mark Ursino

jQuery topLink Plugin - 0 views

davidwalsh.name/jquery-top-link

jquery javascript

shared by Mark Ursino on 07 Mar 09 - Cached
  • Mark Ursino on 07 Mar 09
     
    Automatic "Top of Page" link added to page
Douglas Couto

Publishing a Brightcove player on an HTTPS page | Brightcove Support - 0 views

support.brightcove.com/...g-brightcove-player-https-page

brightcove https javascript

shared by Douglas Couto on 30 Mar 10 - No Cached
  • Douglas Couto on 30 Mar 10
     
    "Publishing a Brightcove player on an HTTPS page"
Mark Ursino

http is deprecated. - 0 views

no-http.org

http

shared by Mark Ursino on 29 Jan 11 - Cached
  • Mark Ursino on 29 Jan 11
     
    By default, all popular Web browsers assume the HTTP protocol. In doing so, the software prepends the 'http://' onto the requested URL and automatically connect to the HTTP server on port 80. Why then do many pages explictly set http on all hypertext links? Surely it is easier to type "domain.com" than "http://domain.com". HTTP is also deprecated due to the ever-evolving web: The HyperText Transfer Protocol is no longer used to transfer hypertext. It is increasingly becoming used a means to transfer any content over port 80. Thus the definition "http" no longer means anything in the context of a URL since you are unlikely to be requesting hypertext. As the web evolves, next generation protocols will begin to replace http. By explicitly using "http://domain.com" in your links you are forcing your viewers of the future into using an obsolete protocol. By using "//domain.com" you will guarantee the protocol of tomorrow will work with your pages of today. Succinctly, use of the http protocol is redundant and time consuming to communicate. The internet, media, and society are all better off without it.
Mark Ursino

Telligent: Reset all pages to their default values - 0 views

telligent.com/...s-to-their-default-values.aspx

telligent communityserver config

shared by Mark Ursino on 02 Dec 09 - Cached
  • Mark Ursino on 02 Dec 09
     
    Reset pages that have a contextual configuration back to their default config
Mark Ursino

bgStretcher jQuery Plugin Allows to Add Background Image to Page and Proportionally Res... - 0 views

www.ajaxblender.com/background-plugin-updated.html

jquery background plugin

shared by Mark Ursino on 09 Feb 12 - No Cached
  • Mark Ursino on 09 Feb 12
     
    bgStretcher jQuery Plugin Allows to Add Background Image to Page and Proportionally Resize it to Fill Entire Window Area
mgraber

Controlling access to scripts in a host web page - 0 views

kb2.adobe.com/...tn_16494.html

flash

shared by mgraber on 25 May 10 - Cached
  • mgraber on 25 May 10
     
    "Controlling access to scripts in a host web page"
Douglas Couto

jQuery plugin: Tablesorter 2.0 - 1 views

tablesorter.com/index.html

jquery table sorting paging

shared by Douglas Couto on 08 Jul 11 - Cached
  • Douglas Couto on 08 Jul 11
     
    "tablesorter is a jQuery plugin for turning a standard HTML table with THEAD and TBODY tags into a sortable table without page refreshes. tablesorter can successfully parse and sort many types of data including linked data in a cell."
mgraber

CSS3 Specificity - 1 views

css-specificity.webapp-prototypes.appspot.com

css

shared by mgraber on 23 Jan 13 - No Cached
  • mgraber on 23 Jan 13
     
    This page was created to calculate the CSS specificity of a stylesheet (not including the inline or style rules; the "a" part of the equation). Before this little project, I didn't have a clear understanding of the specificity rules. Now, after creating this page, I don't think I'll need this application.
Douglas Couto

Fix YouTube iFrame Overlay and Z-Index Issues « Resources, Guides and Informa... - 0 views

maxmorgandesign.com/ame_overlay_and_z_index_issues

fix youtube iframe ie9

shared by Douglas Couto on 11 Apr 12 - No Cached
  • Douglas Couto on 11 Apr 12
     
    "To fix this, we simply add a small snippet to the end of the URL to let the page know that we want it to add these paramaters. Add "?wmode=opaque" to the end of the URL."
Mark Ursino

jQuery plugin for Avgrund concept popin - 0 views

labs.voronianski.com/jquery.avgrund.js

jquery modal ui

shared by Mark Ursino on 09 Sep 12 - No Cached
  • Mark Ursino on 09 Sep 12
     
    Avgrund is a jQuery plugin for modal boxes and popups. It uses interesting concept showing depth between popup and page.
1 - 20 of 108 Next › Last »
Showing 20 items per page