|
|
I know a little about MVC core. VS2015 requires that you load the core packages in order to work with core, at least last time I checked back in Feb 2016. Then you need a core server that can be linux or windows in order to serve a core app and debug it.
Core apps need to be written as core apps, and is different than MVC apps.
I was still new to MVC, on my 3rd app, so I started a core app, but decided to abandon it and stick to MVC 6 for now until I speed up my skill level at it.
Maybe next year I'll give core another shot.
Globalism is Socialism on a planetary scale.
|
|
|
|
|
Tridip Bhattacharjee wrote: 1) i do not know anything about mvc6. so tell me mvc6 means asp.net core ?
ASP.NET MVC6 is the birth of the unified framework (the merge of Web API and MVC Controllers). It was first introduced when ASP.NET 5 was born. Now, ASP.NET 5 was renamed[^] to ASP.NET Core, and the new MVC6 is now called ASP.NET Core MVC.
Check out the following articles:
Introducing ASP.NET Core: The New ASP.NET in Town![^]
ASP.NET Core: Getting Started with ASP.NET MVC Core[^]
Tridip Bhattacharjee wrote: 2) can we start working with MVC 6 with VS2013 ? if possible then tell me how to start mvc6 project with VS2013 ?
You would probably need Visual Studio 2015 to work with that. You could also use the Community edition of VS to test out ASP.NET Core/MVC6.
Tridip Bhattacharjee wrote: 3) if MVC6 does not mean asp.net core then what is the difference between mvc 6 and asp.net core ?
Refer my answer above.
PS: To get more information, I would suggest you to do a quick search at google.
|
|
|
|
|
i read few articles like how to secure web api. they are saying client and server will share some secret key . client will create a has value of secret key and send it to web api always when calling web api action. web api action will create a hash value of secret key and compare that value against client sent has value. if match then client will allow to call web api action.
suppose a attacker can capture the client request and send the same hash data to web api then how could we protect this ?
from some where i found this below trick to protect it. they said
1) requests with different Date header values will have different signatures, thus attacker will not be able to modify the timestamp
we will generate hash based on secret key then how date comes to scene ? this points is not clear to me.
2) we introduce a requirement that no http request can be older than X [eg. 5] minutes - if for any reason the message is delayed for more than that it will have to be resent with a refreshed timestamp.
point two is not clear. what this area try to mean delayed for more than that it will have to be resent with a refreshed timestamp. when client will send first request and then client may send second request after 10/15 minute later.
please help me to understand how to protect web api when using HMAC hasing against Replay attack. anyone can explain it nice like how to protect web api with HMAC hashing thanks
tbhattacharjee
|
|
|
|
|
Tridip Bhattacharjee wrote: 1) requests with different Date header values will have different signatures, thus attacker will not be able to modify the timestamp
we will generate hash based on secret key then how date comes to scene ? this points is not clear to me.
1) Use the current date as a factor in the hash function that generates your MAC. This is used so that the hash can be appropriately re-created using the time stamp on the packet, and rejected if it doesn't match.
Tridip Bhattacharjee wrote: 2) we introduce a requirement that no http request can be older than X [eg. 5] minutes - if for any reason the message is delayed for more than that it will have to be resent with a refreshed timestamp.
point two is not clear. what this area try to mean delayed for more than that it will have to be resent with a refreshed timestamp. when client will send first request and then client may send second request after 10/15 minute later.
2) Not sure how this isn't clear. Honestly, 5 minutes over the wire is pretty forgiving. In your example, the second request will have a new time stamp. We're talking about packets here, not sessions.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
you said : 2) Not sure how this isn't clear. Honestly, 5 minutes over the wire is pretty forgiving. In your example, the second request will have a new time stamp. We're talking about packets here, not sessions.
suppose my first call happen at 9 AM and second call will happen after 10 AM. so gap can be long between two call. so what happen if request come from valid client with huge time gap between two call.
let me know. thanks
tbhattacharjee
|
|
|
|
|
No, not at all what's being talked about here.
A request is sent from a browser to your WebAPI at 0900. If that exact request, with a time stamp of 0900, is received by the server at 0906 or later, it get's rejected. This is to prevent that exact same request from being replayed at a later time, which is exactly what you're trying to defend against.
You send a second request at 1000. Providing that request is received by your server by 1005, everything is fine. It has no relation at all to the previous request, which is part of the definition of a RESTful service (which WebAPI implements).
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
The web service is deployed to IIS (it runs fine when I test which runs a temp iisexpress hosted session via debug menu) and then I try to access the URL for the service and get the following error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Info:
Moduele IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x80070021
Coding error This configuration file section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config file \\?\C:\inetpub\wwwroot\WCFService1\web.config
Requested URL http://localhost:80/WCFService1/
Physical Path C:\inetpub\wwwroot\WCFService1\
Logon Method Not yet determined
Logon User Not yet determined
The web.config file is:
<configuration>
<system.web>
<compilation targetframework="4.0">
<system.servicemodel>
<behaviors>
<servicebehaviors>
<behavior>
<servicemetadata httpgetenabled="true">
<servicedebug includeexceptiondetailinfaults="false">
<servicehostingenvironment multiplesitebindingsenabled="true">
<system.webserver>
<modules runallmanagedmodulesforallrequests="true">
<directorybrowse enabled="true">
I went according to the “publish” wizard from the “build” menu. And I created the profile for deployment and the deployment said success. So I am not sure what I need to do additionally or correct. I also am concerned I do not see any endpoints listed in the web.config file. I plead ignorance since this is WCF and I am not sure what happens behind the scenes.
Thanks in advance,
-Scott Kay
"Matthews... we're getting another one of those strange 'aw blah ess spa nol' sounds from dolphin number three?"
modified 29-Nov-16 14:44pm.
|
|
|
|
|
Successful deployment does not guarantee successful running and performance of the code. It deployed code, which means your application is live. It doesn't run, it means it requires some tweaking.
Of course, this problem means that development machine and hosting machine are entirely (or somewhat) configured differently. So, check the settings in order to run the applicatio. In many cases, you are just hiding a feature from application, or there is a lock that prevents it to perform.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
|
Does anyone know how to create a signature form in asp.net where a person signs in a blank space and then saves the signature and then it sends an email to another person to approve.
|
|
|
|
|
Yes, that is known as a canvas; where you can use mouse to draw over. You can support other input methods and devices too, if preferred. This is a basic HTML API that doesn't require only ASP.NET to work, but can work overall in web.
Canvas tutorial - Web APIs | MDN[^]. This tutorial contains everything you need to learn.
Draw on HTML5 Canvas using a mouse - Stack Overflow[^]
Note: Under any case, that "someone" will know what you are trying to ask for, and they might not sign.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
|
Hy all,
i have:
<asp:Button ID="ButtonCheckIN" runat="server" Text="Edit" CommandArgument='<%# GetBLText(Bind("BL_MODULE").AsEnumerable(), "UN_ML_ID")%>' CommandName="CheckIn" />
When I run it, it throws error saying "'Bind' is not declared. It may be inaccessible due to its protection level". Can you help me?
|
|
|
|
|
Try Eval instead of Bind.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hi, I have DataBind function in my code which binds to ListView. It doesnt work with Eval.
Examples:
works:
<%# Bind("BL_MODULE")%>
doesnt work:
<%# GetBLText(Bind("BL_MODULE").AsEnumerable(), "UN_ML_ID")%>
..and throws error
|
|
|
|
|
Bind is for read and write and eval is for read only. Since this is your button's CommandArgument read only is what you want.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I got it, but if do it using Eval:
<%# GetBLText(Eval("BL_MODULE"), "UN_ML_ID")%>
it throws run time error saying
does not contain a property with the name 'BL_MODULE'
|
|
|
|
|
|
I dont get why should I try FindControl and try to get my button. I dont need to get any buttons. I just need to solve one of the problems. One problem appears if I use Eval, the other- Bind. If I use Eval I get:
does not contain a property with the name 'BL_MODULE'
If I use Bind I get something like "Bind is not declared".
As I see, the offer I get here is to use Eval, so how to make program to think that there is a property. What datatype should I use to make property work. I tried DataTable as I thought that property should work as a column, but didnt work. String names checked. Its fine.
|
|
|
|
|
Member 11031304 wrote: I dont get why should I try FindControl and try to get my button. I dont need to get any buttons Yes, you are trying to set the CommandArgument property of the button in each and every Item in your ListView.
So, do it in C# instead of trying to get the right syntax in aspx. Simple and done.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
The error is pretty clear - whatever you're binding to, it doesn't contain a property or field called BL_MODULE .
Using Bind won't change that. It will simply hide that error behind a different error.
Stick to using Eval , and either fix your property name, or fix your data source so that it contains the expected property.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
How to change property name? Byt the way, I tried to change data source so that it contains expected property. I created DataTable and added column with such name, but the same error exists.
|
|
|
|
|
You either change the string you're passing to Eval so that it matches the name of a property / field on your data source, or you change the data source so that it contains a property with the specified name.
If you're still getting the "property not found" error, then you've done something wrong. Either the property name doesn't match, or you're not binding to what you think you're binding to.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
normally these days many web site provide OAuth to login to their web api but how we can use the same oauth for web api ?
client will send user id and pwd in plain text to web api and web api will send those client credentials to oauth site ?
if user credentials found right then OAuth will send token to web api and web api will send token to client and from the next subsequent call web api will use the same token for each request...........am i right ?
if my thinking is wrong then just briefly tell me how oauth is used with web api and how client send their credentials and how get token etc. thanks
tbhattacharjee
|
|
|
|