I am new to ASP, and have jumped right in and started a new MVC 4 project.
I am using the standard template and am trying to edit the login page. The problem I am trying to solve is this:
If you open Fiddler and login you can see the user name and password in plain text. What I would like to do would be to use a C# function I have created in a helpers file BEFORE the post is submitted, for example on a button click event, is this possible?
If so can someone point me in the direction of a tutorial/ example please as this has baffled me for a few days now!
Thanks again for your help
Don't reinvent the wheel. Use https instead so that data does not travel as plain text.
You can't run a C# function before the postback, how would you accomplish that? C# code runs server-side, but you post the form from the client-side. You can't apply a C# method on something you haven't shown it yet.
You have basically two options:
1.) use javascript to somehow alter the data before sending it to the server
2.) use SSL to protect the channel
The problem with the first option is, that ANYONE who sees the form can see your javascript code as well. In other words, no matter how strong protection you come up with, the attacker sees the algorithm, so he can decode the data very easily... Probably the most reliable option is the second one - SSL. It isn't 100%, but at least it's much harder to penetrate...
If you want to encrypt the data before the form is submitted you can only rely on client side code - javascript. This is in no way the optimal solution, as already pointed out by others, you should use https.
Related
The link below explains exactly what I am trying to do, and I have used it as a guide for my implementation so far. I have two columns filled with panels that can be moved around or collapsed. In the end, I want to save the state information about each panel on drop(as soon as the user changes it) so that when each individual user leaves or logs off, everything is where they left it upon return. I am using jquery, and c#.net for my back-end, which from what I understand makes it very difficult to incorporate PHP. I am wondering if anyone knows how I can accomplish what is demonstrated in the link, but using a method that does not include PHP?
http://webdeveloperplus.com/jquery/saving-state-for-collapsible-drag-drop-panels/
Thanks in advance
You seem a bit lost (nothing wrong about it), but since you're using C#, you should find a way in C# to access your database. PHP is just a server-side language you could use, but it means installing PHP on your server... and I don't think this is what you want/need.
I'm pretty sure, there are very nice tutorials on the web on how you can interact with your current DB (what are you using? MySQL?)
Basic tutorial for SQL with C# https://www.youtube.com/watch?v=1EpYqtSlOr8
As the title of the topic may suggest, I have a PHP script setup on my server that, when called upon, is spitting data back to the user by echoing it back onto the page. I am then using HttpWebRequest to read the data that was put onto the page by the PHP script. While this data is encrypted, I would like for it to not appear on the page at all. I figured there must be a better way to go about doing this.
If I have been unclear thus far regarding my intentions, I am looking for some way to return data from a PHP page, so that I can retrieve it using HTTPWebResponse. Perhaps, for example, I could POST the data? I'm quite new to PHP so I figured I'd ask the experts here.
Thank you for any help,
Evan
I think the best safe way is use RSA Encrypt in .NET. You can read and download project at here
You can't post the data to the application, unless the application was a webserver. There's not really much other way to do it than the way you are doing it already.
Well, Since you're using http, it's logical to echo the data in the request stream within your php script. This way the other side (your .NET code can pick it up). If this is a problem for you, there are a few workarounds.
a: call your PHP script from .NET with a callback url refering back to your .NET application. Now the PHP script can actually post data back to the callback url. This however requires your .NET app to host a webservice.
b: you can put certain data in your php script without actually putting it in the request body by making it a mime header field like:
header('X-MyProject-Name: ' .$name);
header('X-MyProject-Age: ' .$age);
header('X-MyProject-Address: ' base64_encode(json_encode($complexAddressObject)));
Hope this helps
my scenario is this; the user selects the list of reports they wish to print, once they select and click on the a button, i open up another page with the selected reports ready for printing. I am using a session variable to pass reports from one page to another.
first time you try it, it works fine, second time you try it, it opens the report window with the previous selected reports. I have to refresh the page to make sure it loads the latest selections.
is there a way to get the latest value from the session every time you use it? or is there a better way to solve this problem. open for suggestions...
Thanks
C# Asp.net, IE&7 /IE 8
After doing some more checking maybe if you check out COMET it might help.
The idea is that you can have code in your second page which will keep checking the server for updated values every few seconds and if it finds updated values it will refresh itself.
There are 2 very good links explaining the imlementation.
Scalable COMET Combined with ASP.NET
Scalable COMET Combined with ASP.NET - Part 2
The first link explains what COMET is and how it ties in with ASP.NET, the second link has an example using a chat room. However, I'm sure the code querying for updates will be pretty generic and can be applied to your scenario.
I have never implemented COMET yet so I'm not sure how complex it is or if it is easy to implement into your solution.
Maybe someone developing the SO application is able to resolve this issue for you. SO uses some real-time feature for the notifications on a page, i.e: You are in the middle of writing an answer and a message pops up in your client letting you know someone else has added an answer and to click "here" to refresh.
The proper fix is to set the caching directives on the HTTP response correctly, so that the cached response is not reused without validation from the server.
When you fail to specify the cache lifetime, the client has to "guess" how long the response is good for, and the browser's guess probably isn't what you want. See http://blogs.msdn.com/b/ie/archive/2010/07/14/caching-improvements-in-internet-explorer-9.aspx
It's better to use URL paramaters. So you have a view of value of the paramaters.
I'd like to add some kind of simple URL resolution and formatting to my C# and jQuery-based ASP.NET web application. I currently allow users to add simple text-based descriptions to items and leave simple comments ('simple' as in I only allow plain text).
What I need to support is the ability for a user to enter something like:
Check out this cool link: http://www.really-cool-site.com
...and have the URL above properly resolved as a link and automagically turned into a clickable link...kinda like the way the editor in StackOverflow works. Except that we don't want to support BBCode or any of its variants. The user experience would actually be more like the way Facebook resolves user-generated URL's.
What are some jQuery + C# solutions I should consider?
There's another question with a solution that might help you. It uses a regex in pure JS.
Personally though, I would do it server-side when the user submits it. That way, you only need to do it once, rather than every time you display that text. You could use a similar regex in C#.
I ended up using server-side C# code to do the linkification. I use an AJAX-jQuery wrapper to call into a PageMethod that does the work.
The PageMethod both linkifies and sanitizes the user-supplied string, then returns the result.
I use the Microsoft Anti-Cross Site Scripting Library (AntiXSS) to sanitize:
http://www.microsoft.com/download/en/details.aspx?id=5242
And I use C# code I found here and there to resolve and shorten links using good olde string parsing and regular expressions.
My method is not as cool as the way FaceBook does it in real time, but at least now my users can add links to their descriptions and comments.
Anybody has any idea on crawling websites that have dynamic pages/queries? I mean if I click a certain link, it has different values every I try to reload it in a web browser. Now my webcrawler could not download the contents of these pages. Please advise.
it would be the same way even it is dynamic or not. actually a crawler is only a mater of 3 things
The url
The data it sent to server if it is a POST Method then
The cookie if authentication is required
that's all,
the common problem when doing crawler:
Miss-guess of default page [index.html, index.php, default.aspx etc].. actually it will work without it for all method [POST/GET]
One of each field name is not written exactly
ASP.Net form viewstate id field (i forgot the name) but i can be achieve easily
Dynamic page generated by javascript. this one is the hardest part and the most cases even google still have problem about this.
hope that help.
You might want to look at this question which details how to write a crawler or look at the source code for http://searcharoo.net/ which contains a good crawler (see here).