I have a URL something like below. The URL gets generated each time, basically links are ephemeral. I want to mark this link as obsolete/invalid once it has been accessed in a browser. The second time when we access this URL, it should say invalid link. URL format is having an auth token. How can we do this in C#?
http://example.com/ui/landing?authToken=wwlC7bjUugIT5lo8uuX8d2wQhS__k6l80fSwPKzFuJWwDANgGVQtNT6C3q1lGcNk1p_ApBdurzPTayOzaGb6YibAdTKfzBdhKCcTNZwO54mg1KU_lPD6Zmg
Link must be marked as invalid once used.
I don't think this can be done just by code.
I think a workaround would be to store the links on your server (database, file or watever). When someone uses the link you can check on that db if the link has been used and mark it as "used" if not.
Something like:
id
Link (string)
Used (boolean)
1
https://stack...
1
2
https://stack...
1
3
https://stack...
0
Related
This is the example project I am working with.
Specifically the PresignedUrlSample class.
[http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html#sig-v4-examples-using-sdk-dotnet][1]
The problem is this works when passing in an object key that represents a file in my bucket but does not work when passing in:
"/?prefix=PREFIX&max-keys=50"
The error is, "The request signature we calculated does not match the signature you provided."
There is documentation that states this should be possible all over the place but I can not find one example on the entire internet showing how to actually create a pre-signed URL to list a bucket's contents using the ?prefix= parameter syntax.
Interesting enough if I just pass in a forward slash for the key I can list the entire bucket but obviously that is not a solution at all. The prefix parameter is what makes this viable but also causes a problem in the Amazon Signature 4 C# example project.
This is the documentation I found which explicitly states you can create pre-signed URLs to list a bucket in whole or in part. So the question is why does it not calculate a proper signature?
GET /?prefix=photos&max-keys=50&marker=puppy HTTP/1.1
User-Agent: Mozilla/5.0
Host: johnsmith.s3.amazonaws.com
Date: Tue, 27 Mar 2007 19:42:41 +0000
Authorization: AWS AKIAIOSFODNN7EXAMPLE:
htDYFYduRNen8P9ZfE/s9SuKy0U=
Please note that I had to modify the example because the developers hardcoded the url to use a "?" for the first "amz-" parameter but because ?prefix= already uses a question mark to parameterize the URL I had to change the Amazon query authentication parameters to all use ampersands.
Thanks to anyone who wants to dig into this stump the professor issue!
UPDATE: Here is my solution.
//This is from the example project PresignedUrlSample.cs class
First add 2 new parameters to the Run() static method in the class above. One will be the prefix value and the other will be max-keys value.
queryParams.AppendFormat("{0}={1}", AWS4SignerBase.X_Amz_Expires, HttpHelpers.UrlEncode(period.ToString()));
//Below this line add the following 2 lines of code.
// I added these two lines of code to the example project linked to at the top of this post. Just pass the MyPrefix and MaxKeys value and you are good to go
queryParams.AppendFormat("{0}={1}", "&prefix", MyPrefix);
queryParams.AppendFormat("{0}={1}", "&max-keys", MaxKeys);
I hope this helps someone as it drove me nuts for a full day and the solution is really quite simple once I understood the problem by debugging their code. It is not even necessary to read the dense Amazon Signature 4 documentation unless that's your bag. :D
I'm implementing a web page, doing the homepage, I have a button that the user uses in order to recover his password (due to forgetting it). Then my program sends him a link to his e-mail after verifying it in the database. This link let's the user reset his password.
I want to add a date to the link, so that if when the user gets redirected to the reset pass page, it's date is verified and if it is higher than 1 hour it tells the user he needs to re-do the process.
Do I use,
DateTime saveNow = DateTime.Now;?
Sorry for the bad English, thank you
You can use DateTime.Now.Ticks. This gives you an integer that can easily be posted in an url and then be converted to a DateTime again.
Ok, this doesn't quite answer your question, however there is a better way of handling password reset timeouts. If you are using the following code in your action:
WebSecurity.GeneratePasswordResetToken(emailAddress);
You can also pass in a second parameter which specifies how long the password token is valid for in minutes otherwise the default time out is 24 hours.
From there you can validate the token is valid in a bool type action by using something similar to the below:
var repository = repository.GetByPasswordResetToken(resetToken);
isValid = membership != null && repository.PasswordVerificationTokenExpirationDate > DateTime.Now;
This is based on the assumption you are utilising WebMatrix within your server side logic.
I'm working with ABBYY cloud OCR, when my popruse is to scan 3 specific places in each document that I'm scanning. These 3 places will always be the same so I want to use the ProcessFields function do it and having some problems with it.
When I want to scan only one specific place I used this :
string url1 = String.Format("http://cloud.ocrsdk.com/processFields?region=0,0,200,200&language=english");
When trying to scan 2 places I've tried this :
string url1 = String.Format("http://cloud.ocrsdk.com/processFields?region=0,0,200,200 region 100,100,100,100&language=english");
it gave me an error.
Anyone has any advise how to do it?
I also tried defieng 3 Uri's but as the upload is done only once - how can I reach the 2 other Uri's without scanning it again?
thanks a lot!
According to documentation of processField method, you can't pass field parameters in URI, you should form an XML and submit it using POST method instead of GET. There is also a sample XML file on that page.
Simple method with URI works only for one field and processTextField method.
Okay my problem is there are two websites with two different servers. What I'm trying to do is write some of the buttons for website 1, but on a page on my server (website 2).
So to do this the approach is
User clicks on button from website 1.
User is redirected to website 2.
I need to know what page they came from so I know what product they are looking at. Which will be done by getting the referrer URL.
I then need to parse the URL's productID's number.
example URL: website1.com/ProductDetails/?referrerPage=1&productID=#######&tab=Tile
I know that I need to use this piece of code to store the referrer URL in a string:
myReferrer = Request.UrlReferrer.ToString();
I don't really know where to place it tho. I'm guessing in my .cs file where my button is?
protected void btnEstimate_Click(object sender, EventArgs e)
{
connection strings
{
does stuff
{
does stuff
}
So my question is how do I get the referring URL, and then parse out the item ID?
Thanks for the help in advance. If anything is unclear please ask... this is my first time asking a question so I may be unclear. Thanks!
This should give you what you want:
Making Sense of ASP.NET Paths
Note that a fully qualified URL including querystring and extra path is a Uri instance rather than string. You can use the UriBuilder.Query Property to extract the query string parameter(s):
You need to parse the URI in the Page_Load method of the receiving site's page.
UriBuilder.Query Property
There's a server variable called HTTP_REFERER. You can access it with Request.ServerVariables("HTTP_REFERER")
It's misspelled, I know, but that's how you really need to call the server variable.
Your referrer server variable is only going to be populated if the user clicks on a link. AFAIK if you redirect, that variable is going to be empty.
Wikipedia Referer Article
On this site if you do too many clicks or post comments too fast or something like that you get redirected to the "are you a human" screen. Does anybody know how to do something similar?
It's almost certainly a heuristic that tries to "guess" that a user is some form of automated process, rather than a person, for example:
More than "x" requests to do the same thing in a row
More than "x" actions in a "y" period of time
Ordinarily the "x" and "y" values would be formulated to be ones that it would be unlikely for a "real person" to do, like:
Editing the same answer 5 times in a row
Downvoting 10 questions within 1 minute
Once you've got your set of rules, you can then implement some code that checks them at the start of each request, be it in a method that's called in Page_Load, something in your masterpage, something in the asp.net pipeline, that's the easy bit! ;)
Here is a very nice Captcha Control for asp.net that first of all you need
http://www.codeproject.com/KB/custom-controls/CaptchaControl.aspx
Then you can use it together with this idea that try to find the dos attacks
http://weblogs.asp.net/omarzabir/archive/2007/10/16/prevent-denial-of-service-dos-attacks-in-your-web-application.aspx
be ware of a bug in this code in line if( context.Request.Browser.Crawler ) return false;, its must return true, or totally remove it for sure.
and make it your compination for the clicks, or submits.
If a user make too many clicks on a period of time, or many submits, then you simple open the capthaControl, and if the clicks are by far too many, then triger the dos attact. This way you have 2 solution in one, Dos attact prevent, with captcha at the same time.
I have made somthing similar my self, but I have change the source code of both, a lot to feet my needs.
One more interesting link for a different code for the dos attack.
http://madskristensen.net/post/Block-DoS-attacks-easily-in-ASPNET.aspx
Hope this help you.
At a guess...
Write a HTTP handler that records requests and store them in session.
When a new request comes in, check to see how many requests are stored (and expire old ones).
If the amount of requests in the past few minutes exceeds a given threshold, redirect the user.
If you're doing this in ASP.NET webforms, you could do this check on the site master page, ( or write a IHttpHandler).
If you're using an MVC framework, you could write a base controller that does this check for every action.
With rails, you could write a before_request filter.
With asp.net MVC, you could write a [ActionFilterAttribute] attribute
You should have a session to track the user activity.
In session you can have counter for commenting and posting like:
(pseudo code instead of C#, sorry :)
if (post_event) {
posts_during_1_minute_interval++;
if (time_now-reference_time > 1_minute) {
reference_time = time_now;
posts_during_1_minute_interval=0;
}
}
...
if (posts_during_1_minute_interval > 10) redirect("/are-you-human.htm");
where on are-you-human.htm page you can have recaptcha, as they have here on StcakOverflow.com
see also:https://blog.stackoverflow.com/2009/07/are-you-a-human-being/
just check how many hit / minutes you get from a specific ip or session or whatever and decide what are your preferred threshold and your good to go
I'd also check the user agent header of the request - if it doesn't look like a popular browser (or is empty) then throw the "are you a human?" page.