hi. I searched in the Internet but I didn't take my answer. for example I understood mvc is very good for UnitTesting and webforms has server controls that result in faster building and lower control on webpage and so on. But finally I don't know which of them is better for me and I didn't take a functional answer. Now I have some questions about webforms and MVC:

1- WHY MVC WAS CREATED?

1- does MVC has IntelliSense or not? must we download plugins for solve the lack of server controls in MVC?

2- whichone is better in Security?(thats important for me!)

3- I'm familier with webforms. can I learn mvc?

4- whichone is better in the customer aspects(like website loading speed,security,...)?

5- whichone is better for designing ungovernmental websites(like personal websites) ?

ThankYou very much.

Just looking for confirmation on an interesting behavior of using the complementary methods contained in System.Web.Security:

SetAuthCookie() and SignOut() methods

One sets a cookie, the other removes/deletes it.

The interesting thing about these methods appears to be that checking the property User.Identity.IsAuthenticated won't change at anytime during the server processing of the current request. So a mandatory redirect response is necessary in order to process a new request in the proper context of the users "new" logged in status.

Hi folks, i would like to execute a batch file on the server from a web page that is simply

Process svcProcess = System.Diagnostics.Process.Start(@"C:\ScheduledTasks\StartSVC.bat");

with the batch file containing just the line:

net stop "TermService" /yes

i.e. stops the Terminal services.

I already can execute the batch file and start any program i like - i.e. i see it in the process list but the 'net stop' line is ignored.

I understand it will not interact with the desktop but it would be handy to be able to turn this service on/off...

Hi Guys,

Any idea or helpful links and tutorials for implementing user management with roles using external database like Sql Server.

Thanks in advance..

While testing the SqlMerbershipprovider on the remote server I found out that everything is working fine. I can register, login and so on. When I connect from my local computer to the remote server using ASP.NET Web Site Administration Tool, I can see the remote server, interact with it, create new users and everything is fine as well. However I can not see or manipulate the members that registered on the site using the internet, and vice versa. So, members registered by me using ASP.NET Web Site Administration Tool on the local computer can not login on the site using the internet. Another weird thing is that when I check the remote database, all users are there, remote and local registered as well. Does anybody have a clue of what is going on here? Thanks  

I inherited a project that gives users the above error while trying to change their password. I stepped through and found the trouble spot, but the problem is, the values generated seem right so I don't why the error is occurring. Thanks in advance to anyone who can look at the following code and help me find out how to fix it. Let me know if more information is needed.

void EmailUser(User user)
{
    user.ChangePasswordID = Guid.NewGuid();
    user.Save();
    MailMessage email = new MailMessage();
    //problem line below
    email.From = new MailAddress(Settings.LostPasswordEmailFrom);
    email.To.Add(new MailAddress(uxEmail.Text));
    email.Subject = Settings.LostPasswordSubject;
    email.Body = EmailTemplateService.HtmlMessageBody(EmailTemplates.MembershipPasswordRecovery, new { Body = Settings.LostPasswordText, BeginRequired = "", EndRequired = "", UserName = user.Name, GUID = user.ChangePasswordID.ToString() });
	email.IsBodyHtml = true;
	SmtpClient client = new SmtpClient();
	client.Send(email);

	uxSuccessPH.Visible = true;
	uxQuestionPanel.Visible = false;
	uxUserInfoPanel.Visible = false;
	uxUserNameLabelSuccess.Text = uxEmail.Text;
}

/// <summary>
/// The address that the lost password email will be sent from
/// </summary>
public static string LostPasswordEmailFrom
{
	get
	{
		if (String.IsNullOrEmpty(SiteSettings.GetSettingKeyValuePair()["Media352_MembershipProvider_lostPasswordEmailFrom"]))
			return Globals.Settings.FromEmail;
		return SiteSettings.GetSettingKeyValuePair()["Media352_MembershipProvider_lostPasswordEmailFrom"];
	}
}

Hi,

Im not sure if this is possible. 

Im creating an application where the user table is stored outside the database, therefore i wont need to use the built-in asp.net user tables.  However i would still like to use all the features the asp.net membership security provides i.e. restrict users from certain pages using the web.config

I would like to authenticate the user manually and set roles to that user temporarily only for that session.  Is this possible?

Hello, I recently discovered that you can create your own custom login system while still using FormsAuthentication. Does anyone know a good tutorial for making one?

 The schema is as it describes, simple. The only thing is... I kind of have one underlying problem with the schema. The UserProfile & Membership table both share the same primary key. I see a greater benefit in doing this:

UserProfileTable: UserProfileID, UserID, Email

Membership Table: MembershipID, UserID, etc...

Notice how each of the tables have their own unique primary key and they share a unique index UserID in this case. Wouldn't this be the better way to go about it? It just seems more flexible and better practice.

I have been wary of using NuGet packages since it seems like just another thing I have to worry about in reguards to security holes and updates.  This was a large issue with Ruby on Rails gems and I'm trying not to repeat this mistake.

However, there seem to be cases where there is no choice but to go the NuGet route and one of these cases is Mvc4Features.  The big item in this package is serialization, but there are several other interesting features.

My major questions is how much should I trust this package?  Since it is a bunch of features that didn't make it into .NET 4 core, do I need to worry about creating a security risk in my application?

Hi,

I've recently upgraded my web application from ASP .NET MVC 3 to ASP .NET 4.5.  I see that ASP.NET 4.5 now includes the AntiXSS library, and it can be included by modifying the encoderType attribute of the httpRuntime element. 

If I turn this on, what happes to request validation (http://msdn.microsoft.com/en-us/library/hh882339.aspx)?  Do the two libraries co-exist?

Thank you,

Notre

 Im trying to get password and trying some ways but I dont know too much  about this

string member = Membership.GetUserNameByEmail(txtmail.Text);
string pas = Membership.Provider.GetPassword(member, "1");

How I can see users password from code behind ?
 
Thanks for help.. 

i've recently hosted my first website on a windows shared server. all of my stored procedures seem to work and the data seems to be ok except...the membership stuff. i can't seem to create new users, login with the test account i created, etc...

from googling, i found that these problems seem to point to the web.config file and the connection strings.

here are my connection strings:

<add name="connStr" connectionString="Server=[serverip]; Database=db; User Id=user; Password=pass; Initial Catalog=db" providerName="System.Data.SqlClient"/><add name="ASPNETDBConnectionString" connectionString="Server=[serverip]; Database=db; User Id=user; Password=pass; Initial Catalog=db" providerName="System.Data.SqlClient"/><add name="ConnectionString" connectionString="Server=[serverip]; Database=db; User Id=user; Password=pass; Initial Catalog=db" providerName="System.Data.SqlClient"/><remove name="LocalSqlServer"/><add name="LocalSqlServer" connectionString="connStr" providerName="System.Data.SqlClient" />

thnk you for any help

here's the error and stacktrace:

Format of the initialization string does not conform to specification starting at index 0.

Stack Trace:

[ArgumentException: Format of the initialization string does not conform to specification starting at index 0.]
   System.Data.Common.DbConnectionOptions.GetKeyValuePair(String connectionString, Int32 currentPosition, StringBuilder buffer, Boolean useOdbcRules, String& keyname, String& keyvalue) +5314705
   System.Data.Common.DbConnectionOptions.ParseInternal(Hashtable parsetable, String connectionString, Boolean buildChain, Hashtable synonyms, Boolean firstKey) +124
   System.Data.Common.DbConnectionOptions..ctor(String connectionString, Hashtable synonyms, Boolean useOdbcRules) +95
   System.Data.SqlClient.SqlConnectionString..ctor(String connectionString) +59
   System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String connectionString, DbConnectionOptions previous) +24
   System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(DbConnectionPoolKey key, DbConnectionPoolGroupOptions poolOptions, DbConnectionOptions& userConnectionOptions) +167
   System.Data.SqlClient.SqlConnection.ConnectionString_Set(DbConnectionPoolKey key) +61
   System.Data.SqlClient.SqlConnection.set_ConnectionString(String value) +66
   System.Data.SqlClient.SqlConnection..ctor(String connectionString, SqlCredential credential) +26
   System.Data.SqlClient.SqlConnection..ctor(String connectionString) +6
   System.Web.DataAccess.SqlConnectionHolder..ctor(String connectionString) +49

[ArgumentException: An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax.
Parameter name: connectionString]
   System.Web.DataAccess.SqlConnectionHolder..ctor(String connectionString) +131
   System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +149
   System.Web.Security.SqlMembershipProvider.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) +2494
   System.Web.UI.WebControls.CreateUserWizard.AttemptCreateUser() +304
   System.Web.UI.WebControls.CreateUserWizard.OnNextButtonClick(WizardNavigationEventArgs e) +110
   System.Web.UI.WebControls.Wizard.OnBubbleEvent(Object source, EventArgs e) +401
   System.Web.UI.WebControls.CreateUserWizard.OnBubbleEvent(Object source, EventArgs e) +119
   System.Web.UI.WebControls.WizardChildTable.OnBubbleEvent(Object source, EventArgs args) +16
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +114
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +159
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724

I am completely lost on what I need to do to create a secure login.  Can someone give me a step by step for what I'm trying to do?

Heres the breakdown....

The standard user needs to login to access either a "request" page or a "history" page.  Additional pages for managers will be "pending" and "approval" pages.

There is a central users database that holds all the username/passwords.  But the database was not designed to have roles for this app so the roles will have to be applied within the project.

I have NO IDEA where to begin, or what all needs to be done to accomplish this.

Any help is appreciated.

Thanks

JS

Hi. I'm remediating security vulnerability in one of our website and I'm going nuts trying to fix a buffer overflow which results in a runtime error.

The vulnerability testing application sends the request below to our login page (using a login control) and it results in a 400 bad request error which then throws a Runtime Error instead of my custom error 500 page.

The request (original url has been modified for privacy):

GET http://08wasp1bc.mydomain.com/CSA/RSF/SelectRSF.aspx?mode=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
Host: 08wasp1bc.inside.ams1907.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding:
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
X-Cenzic-Spider-Send-HeadRequest: true
Referer: https://myurl.mydomain/CSA/ClientSelection.aspx Cookie: ASP.NET_SessionId=k4ztpkzaiudupsygzgrzuj2j; .ASPXAUTH=079C9FB619BA0944B4F9E98BDFC3815D5948F454B2644F85C6041CB64FB011A3B5878DFD411D187DED9514730A58D876B4F81D97BD08968C95393C638A7DFCC0403F44C8096833B631762AC257DCE16FF95D5F1B824D53DBC61A3AE4B347FDE02594367F6422F7ADB0AA1295D6BD582AA3AFD9EC500C8BAD84441A82F4C976786F98E1F054515F98115E9CD482C010EE; .ASPXROLES=7i-NrETqYMRSh1LD_GneMulNNm1egt1DUQ-WolQOFIrXw_82_UEYRG4i-dHQoErMxT1QvnxdWrD_0uQhV-RtAFnsEMNSKWr31IvSEtZDH0uTbFopSVZdfu91gELJFIDVx4Gxund2xyMnX7pHeqbhbyCcdhaWgc_ueW3cm1W8aKQ2DxE-Jfk4LAUQ2ayIXe5VtLRDUxOTdGcg9SuVhTpuOSFkMjKJy0tazBWM8O5ePoBo0KKcoh_4CGTNxhJAFIJloEuM0rXURBs1tdrhqrEg2xHGA32RY6hO-J-z-tTYPymYNnRpGtg0W1jPJFfxCvABIKJkVWWtYQ5hgeNkvuBAeL792qPPuYrAMzh1C8-MNnk2LQT07QGHvwo-9cdU8DEnO_cartOB7SMjnk5PU4JY659cln1uTQJ2KzoVG-H_BhUhr3I5B5NmJEC2OKtQlp99E5Du0pq4h4g2cde6wxxhk9OLx3uySvh5Mjz6vUbrkng_jFYK5QGbZPF1Jz5TNBv26MyXVP9RVocMzGuvQM_RBrn-Ru6YxSeCBt38WK0rJII1
Content-length: 0

I get that answer from the server:

HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-AspNet-Version: 4.0.30319
Date: Thu, 08 Aug 2013 14:20:20 GMT
Content-Length: 3030<html><head><title>Runtime Error</title>

............

Obviously the numerous "A" are the issue. If I look at the event viewer, I get a message saying my URL is longer than the allowed MaxURL variable so I modified the web.config accordingly by adding:

<httpRuntime maxQueryStringLength="9000" enableVersionHeader="false" maxRequestLength="18192" maxUrlLength="16000"/>

and in the web.server section

 <security><requestFiltering><requestLimits maxAllowedContentLength="30000000" maxUrl="1500" maxQueryString="7200"/></requestFiltering></security>

It works fine (shows my custom error 500) on my single servers but not on our corporate web farm.

Even if I put ALL the "maxURL" values are off the chart, it still generates a "URL too long" as if it ignores my settings completly.

Can URLScan be responsable?

Can someone give me a trick to catch ALL long URLs before they trigger an error? In my login page, I validate onLoad:

            if (!string.IsNullOrEmpty(Request.QueryString["returnURL"]))
            {
                if (Request.QueryString["returnURL"].Length >= 1000)
                {
                    throw new ApplicationException("invalid input");
                }
            }

But it looks like the error get thrown before it hit my code.

Those buffer overflows (as reported by the scan tool) are the only vulnerabilities left and I truly am at loss about finding a fix so if anyone can help out that would be a lifesaver.

Thanks a lot.

Hi I new in asp net web Pages programming, i need know as deploy webauthentication with WebSecurityandthe provider is LDAP,can it be done? orshould wedo differently?

thanks in advanced

Juan Pablo

Creating an 'ASP.NET 4.5 Web Forms Application' from within VS2012 gives you a framework which is already able to register/authenticate users.

I only changed the "DefaultConnection" connection string in the web.config to point to my SQL Server.

After I run the website it automagically creates the needed tables and fills the 'Users' and 'Memberships' tables with the User/Password I've entered and I'm also able to login again with these credentials. (I can even use oauth to authenticate using Google/Twitter and so on...)

So far so good (and easy).

Now I want to add some extra information to the user (by using profiles I guess as I did in earlier versions)

I searched and googled for a day. All I can find is MVC examples which  do not work with my project.

Anyone out there who can help me or point me in the right direction?

Thanks!  

I have a 4.5 website, not project, were I'm saving data to the membership profile. I had problems getting to works at the beginning, but once I was able to install Universal Providers via NuGet I got it to work. Kind of.

I can read the profile info from any page codebehind in different ways:

Profile.myProfileValue.ToString();
ProfileCommon PR = HttpContext.Current.Profile as ProfileCommon;
PR.GetProfile(“myUser”).myProfileValue.ToString();
HttpContext.Current.Profile.GetPropertyValue("myProfileValue").ToString();

However, I can’t get any of those methods to work in my namespace inside an .cs in App_Code.

I tried adding

using System.Web.Security;
using System.Web.Profile;

But so far no luck.

Any suggestions?

Thanks,

public void SendHTMLMail()
{
try
{
MailMessage Msg = new MailMessage();
MailAddress fromMail = new MailAddress("kota.rohan@outlook.com");
// Sender e-mail address.
Msg.From = fromMail;
// Recipient e-mail address.
Msg.To.Add(new MailAddress(txtMailTo.Text));
// Subject of e-mail

lblSub.Text = ViewState["Subject"].ToString();
// Msg.Subject = "EVENT Details";
Msg.Subject = lblSub.Text;

MembershipUser currentUser = Membership.GetUser();

string username = currentUser.UserName;
lblusername.Text = username;

Msg.Body += "Hi,<br/> Good day<br/> <br/><br/>";
Msg.Body += GetGridviewData(GridView2);
Msg.Body += GetGridviewData(GridView3);

Msg.Body += lblusername.Text;
Msg.Body += Image1;

// Msg.Body += txtSnaps.Text;
Msg.IsBodyHtml = true;

SmtpClient SmtpServer = new SmtpClient();
//Assign Host
SmtpServer.Host = "smtp.gmail.com";
//Assign Post Number
SmtpServer.Port = 587;
//Setting the credential for authentiicate the sender
SmtpServer.Credentials = new System.Net.NetworkCredential("kota.rohan@outlook.com", "Ram@123");
//Enable teh Secure Soket Layer to Encrypte the connection
SmtpServer.EnableSsl = false;
//Sending the message
SmtpServer.Send(Msg);

lblMailSent.Text = "Mail Sent Sucessfully...";
}

catch (Exception ex)
{
Response.Write(ex.Message);
}
}

plz help its urgent

Hi,

We have a solid infrastructure that basically includes a Web front end communicating with a Remoting setup, the remoting setup is fairly standard however we do have a mechanism in place where we use Forms Authentication and we take that Username and password that is entered and we authenticate it against our Customer table and return a Principal that we use for subsequent calls in that this Principal has to be assigned to the thread before the call can be made and this all works fine.

The issue we have is that if the user is already logged in and for whatever reason they try to log in again the Authentication remoting call fails with a familiar "Due to security restrictions the type XXXX cannot be accessed", the difference with the Authentication call is that it DOES NOT require a principal obviously because at this stage we have not authenticated the user.

I have a work around for this but I would like to know why I am getting that error if they try and log in again, if you need any other information just let me know but that is pretty much it, everything works fine it is just this small niggle and I would like to know why I get this error message

cheers Michael