The strangest thing is happening and I can't track down the source of the issue. I have a form where users can edit their profile. On the form there is a password field. Here is the code:
<asp:TextBox ID="txtPassword" TextMode="Password" runat="server" size="30">
In the SQL database I store the password as a binary, so the UPDATE statement looks as follows:
UPDATE Account SET Password=CONVERT(BINARY,'" & Replace(txtPassword.Text, "'", "''") & "') WHERE AccountID=15
When I retrieve the data, the SQL code looks like this:
SELECT CONVERT(VARCHAR,Password) FROM Account WHERE AccountID=15
Finally, when I pass the password to the text field, the code looks like:
I have used this code hundreds of times without any issues, however, for some reason the password in the form is being converted to the password plus a bunch of question marks to fill the remaining space. My password field is size 30, so if your password is "ketchup" then this gets placed in the password field:
I looked at the value in the database and there is nothing padded on the end of the value. It seems that something really weird is happening on this line:
I am at a loss and am sure I am just overlooking something very simple. I even looked at another site of mine where I have this same pattern and everything looks identical...no clue where I am going wrong.
Converting a 30 byte binary value to characters will have the result you see. However, you do realise that any schoolboy hacker could get all your passwords with ease. This is absolutely not the way to store passwords, you should use a proper salted hash algorithm.
Solution to what? You cannot convert a variable length character string to a fixed length binary field and expect to be able to convert it back to its original string. And, as I already mentioned, this is not the way to manage passwords, your system is wide open to hacking. See Secure Password Authentication Explained Simply[^] for how to do it properly.
Has anyone figured out a way to assign a session ID manually
I have a cart program, in which the cart items are stored by session ID. I send them a email saying you still have items pending for checkout, they click the link with the session id and there cart loads.
At the moment, I'm picking up the new session id and changing the old session id. But if they do it twice, the link stops working.
I was thinking maybe I can force the old session ID if they use a different computer.
I have a new program that eliminated this problem, I just need to support the old program for at least 6 more months.
I ended up writing this which works on all my devices and multiple browsers that have never been to the website.
But 1 strange things occurs ...
It works on all my devices, Win10 using Firefox, Edge, Chrome and my iphone 6S+ using Google Inbox and Safari, Firefox
But it doesn't work downstairs on the other internal subnet where the complaints come from.
Seems every time I fix a bug or mistake, improve something, the changes never reflect downstairs and I get yelled at.
I don't know if this is some evil spirit or something, but I do need to figure this out soon.
Any ideas welcomed, even an exorcist.
//Use the old Session ID, Destroy the Cookie and redirect them
m_Context.Response.Cookies.Add(New HttpCookie("ASP.NET_SessionId", ""))
Dim manager = New SessionIDManager()
Dim addCookie As Boolean = False
manager.SaveSessionID(HttpContext.Current, m_sessionID_OLD, False, addCookie)
Dim currentUrl As String = m_Context.Request.Url.GetLeftPart(UriPartial.Path)
I am new to ASP.NET. I would like to know how to create a page with a side bar, which is tree like. There are two tables with a one to many relation. So I get all records from table A that matches the Id of table B. I want to display this list in the side bar. Also, use the Create New page in the body content. Is this possible in ASP.NET? Please help.
From my site user can login and manage it's document. I need to create user wise FTP account where user can login in FTP . From that FTP credential user can download and upload file. Admin of this site access that document . Admin can download all users files.
For that i need help.
1) Create FTP user on server where site is publish from c# code.
2) Create User wise folder with user wise permission.
3) Other user can not see other user folder. Admin have all user wise folder rights.
first of all thank you very much sir for your response.
sir i want to design a web page where from anyone can ask any question of any subject for eg maths.
suppose someone want to ask about solution for (a+b)2 [a plus b whole square] then how he/she can type 2 as superscript, and other symbols like integration, differentiation etc.
You cannot type those symbols on a standard keyboard, without using multiple keystrokes, which are difficult to remember. You should use the standard operator symbols as defined in most modern programming languages, e.g. 7.2.1 Operator precedence and associativity (C#)[^]. For subscript and superscript on web pages see HTML sub tag[^].