|
Dotnetkanna wrote: im struggling? im getting the folling error..
You're kidding right? I mean the error message explains exactly what the problem is so why are you asking about namespaces?
led mike
|
|
|
|
|
Hi Gurus,
I'm trying to create a website with scalability in mind but I'm a little stuck with ASP.NET authentication (Forms Authentication) because I simply don't know much about its internals. I wonder how high traffic websites like myspace.com handle authentication. Most pages in my application are public (i.e. accessible to anyone authenticated or not), only a few pages are only available to authenticated users. I'm basically trying to find answers to those questions:
- As far as I understand from the documentation, ASP.NET Forms Authentication authenticates every request, ie. checks for the authentication cookie and if found it extracts the authentication ticket and decrypts it, is my understanding correct? And if so, can't this potentially affect performance esp. the decryption part? Is this needed for renewing the authentication cookies? (as I believe the ticket issuance time is saved inside the ticket so probably the cookie has to be decrypted anyway to get the ticket issuance time from the ticket then compare this to the current time and decide whether the cookie has to be renewed). If this is an absolute necessity (I'm talking about authenticating every request for the sake of cookie renewal), can we use an encryption algorithm with low overhead (in web.config, authentication element), still efficient? which encryption algorithm would you recommend in this case?
- Is there any way I could make ASP.NET only authenticate requests to protected pages (=pages that are only accessible to authenticated users), BTW, in my application I don't use roles I only make those pages accessible to any authenticated user. Actually I read somewhere that I could write the code needed to authenticate the user only in those protected pages but I wonder whether I will have to handle cookie renewal in this case (this is one thing that's automatically handled by ASP.NET forms authentication)
- Any ideas how I can get the last login with a persistent cookie? In my application I want to allow users to use the "remember me" option (which will send a persistent cookie to the user's computer), now the user doesn't log on explicitly anymore, so I can't put my code that saves the last login to the database in the login page hence it's not used by the user anymore, so how can I do this? I'm thinking about one way to do it but I'm a little worried about how this could impact performance, anyway, here's how .. in my application I need some user related data so I could probably get the data from the database whenever a user with a persistent cookie visits the site (probably FormsAuthentication_Authenticate is the most suitable place) and also write the last login to the database then cache the user data in ASP.NET's cache using the user login retrieved from the authentication cookie as the key with a sliding expiration (let's say something like 30 min or make it equal to the authentication session), if the user visits another page within this period (ie. before the data is removed from the cache), I get the data from the cache and all is ok, but if I can't find the data in the cache (ie, returns null) then I update the last login in the database and get the user data again from the database and cache it in ASP.NET's cache. What do you think about this solution? Do you have any better ideas? I know I could use sessions but I read somewhere that if you handle the session_start event the session is created anyway even if you don't have and data in the session which is not really a good idea (this mean that a session object will be created for all site users authenticated or not).
- what about security? Assume my encryption was broken by some hacker, can't the hacker insert a different user login in a ticket and encrypt it with my broken encryption key? In my application I'm using the user email address as the user login, so, probably a hacker can insert a random email address (from an email list for example) in the ticket and try to access the account of that user, if the user happens to have an account on the site, this will work. My question is that, is the cookie encryption the only way for protection? Because I believe it still can be broken no matter how good it is and in this case it can be a disaster as described above. I'm thinking about something to prevent this, I might probably add something like a random code in the users table in my database (let's call it a security code) and include that code along with the user login in the authentication ticket (separate it from the user login by some character like a pipe for example or put it in the userdata section in the authentication ticket) and whenever we get the data of this user from the users table, we check for the security code along with the user login, for example:
select userid, {other fields here} from users where userlogin = {user email retrieved from the authentication ticket} and SecurityCode = {security code retrieved from the authentication ticket}
Do you think this can be reliable?
Beside the questions above, if you have any resources on the internals of ASP.NET forms authentication, I'd be very grateful if you shared them with me. I've been searching the net for a couple of days but all I can find so far is only about how to use ASP.NET forms authentication in your applications e.g. how to configure it in web.config .. etc but nothing about its internals. I also tried to use .NET Reflector (specifically to disassemble FormsAuthenticationModule) and gained some understanding about how it works internally but not enough to figure it all out.
Sorry for my really long post!
Your help is really much appreciated ...
modified on Thursday, May 22, 2008 7:09 PM
|
|
|
|
|
Hi all,
I have a Gridview with with 4 columns....Brand,Category,Item,Stock
The user wants that the for all items belonging to same Brand and category, the Brand and Category needs to be shown only once. For this i wrote the following code but it doesn`t seems to work...
Public Class GridItem
Dim _brand As String
Dim _cat As String
Public Sub GridItem()
'Constructor
_brand = ""
_cat = ""
End Sub
Public Property Brand() As String
Get
Return _brand
End Get
Set(ByVal value As String)
_brand = value
End Set
End Property
Public Property Category() As String
Get
Return _cat
End Get
Set(ByVal value As String)
_cat = value
End Set
End Property
End Class
Sub ItemGrid_RowDataBound(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewRowEventArgs)
If e.Row.RowType = DataControlRowType.DataRow Then
Dim GI As New GridItem
GI.Brand = e.Row.Cells(0).Text
GI.Category = e.Row.Cells(1).Text
If uniquearr.Contains(GI) Then
e.Row.Cells(0).Text = ""
e.Row.Cells(1).Text = ""
Else
uniquearr.Add(GI)
End If
End If
End Sub
uniquearr is declared global.Any help would be appreciated
|
|
|
|
|
I will answer in C#, if you don't understand tell me.
Your problem is the following:
(1) Contains uses Equals.
(2)
GridItem g1 = new GridItem("bla", "bla");
GridItem g2 = new GridItem("bla", "bla");
if (g1.Equals(g2))
Response.Write("equal");
else
Response.Write("not equal");
This returns not equal. Why?
If the GridItem does not implement an Equals function, it will check the equality of the HashCode.
Response.Write(g1.GetHashCode().ToString());
Response.Write(g2.GetHashCode().ToString());
Two different hashcodes.
So how do we solve this?
Add an Equals function to your GridItem:
public override bool Equals(object obj)
{
if (obj == null && this == null)
return true;
else if ( (obj == null && this != null ) || (obj != null && this == null))
return false;
else if (this.Brand == ((GridItem)obj).Brand && this.Category == ((GridItem)obj).Category)
return true;
else
return false;
}
This first checks if the object are null, and then checks if the contents of the objects are the same.
Now the above equation of g1.Equals(g2), will return true.
|
|
|
|
|
I want to show tooltip for textbox control in balloon format.
Is it possible?
I searched on net,but there are examples for windows form.I want it should be on webform.
|
|
|
|
|
|
Thanks for reply..
But i dont want to validate the control.I want simple tooltip for textbox.
|
|
|
|
|
Then why not create a div and put your content in that.
eg:
<div id="MytoolTip" style="visibility:hidden;position:absolute;">
Your tool tip content
</div>
(you may apply a background image or some more css to make it to the shape you want)
now create two functions to show and hode this div
function showToolTip()
{
document.getElementById("MytoolTip).style.visibility = "visible";
document.getElementById("MytoolTip").style.left = event.clientX+"px";
document.getElementById("MytoolTip").style.top = event.clientY+ "px";
}
function hideToolTip()
{
document.getElementById("MytoolTip).style.visibility = "hidden";
}
//Now register this two functions for your text box
<input type="TextBox" onmouseover="showToolTip()" onmouseout="hideToolTip();" />
Hope this helps
Thanks
Laddie
Kindly rate if the answer was helpful
|
|
|
|
|
|
how to create window tray for display alert message for web application .
|
|
|
|
|
If you mean a simple alert use the following javascript:
alert('This is a simple alert');
for example after pressing a button:
<button onclick="javascript:alert('This is shown when I click on the button')">A button</button>
see also: http://www.w3schools.com/JS/js_popup.asp[^]
|
|
|
|
|
Thanks for yr reply,
But i want same as window tray in web application. like in messenger ,if any person will be online that at the end it will display that this person is online.
|
|
|
|
|
|
|
Hi Friends
I want to search the some text in a file and insert some words next line of that searched text,Im using Streamwriter class but its append.How I can do this ?.Do u have any idea
|
|
|
|
|
Please Check your Signature Area, it unnecessary takes to much place
just and information
|
|
|
|
|
Hi
I saw your article..But Im asking about filehandling concept.
Is it possible to insert(Not Append) a text in to file ?
Cheers..!
Vijay s
|
|
|
|
|
The article in the above post is in their signature and therefore nothing to do with an answer to your question
|
|
|
|
|
Hi all,
I have a calendar in my page and below of it is Webgrid. When i click on the calendar, calendar is not fully visible. part of the calendar is hiding by grid.
How to show the calendar fully?
Thanks in advance.
|
|
|
|
|
use table. and put caledar in one row and Grid in another row
<table>
<tr>
<td>
your caledar Control
</td>
<tr>
<tr>
<td>
your grid view
</td>
<tr>
</tr></tr></table>
Best Regards
-----------------
Abhijit Jana
Check Out My Latest Article
Java.NET : Integration of Java and .NET[^]
"Success is Journey it's not a destination"
|
|
|
|
|
Can you send design code..
|
|
|
|
|
Does anyone know why the validator doesnt prevent postback when hitting enter on textbox twice?
I just have this controls in my form:
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="TextBox1"
ErrorMessage="RequiredFieldValidator" SetFocusOnError="True" ></asp:RequiredFieldValidator><br />
<asp:Button ID="Button1" runat="server" Text="Button" />
Ive also tryed putting this inside a panel:
<asp:Panel ID="Panel1" runat="server" DefaultButton="Button1">
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="TextBox1"
ErrorMessage="RequiredFieldValidator" SetFocusOnError="True" ></asp:RequiredFieldValidator><br />
<asp:Button ID="Button1" runat="server" Text="Button" /></asp:Panel>
When i hit enter inside textbox, the validator appears, but if i hit enter again, the page is posted back
Does anyone know why?
Thanks in advance
Alexei Rodriguez
|
|
|
|
|
With me it does work like it should.
A workaround , just to make sure the user passed validation, is to put the following in the button event handler:
if (!Page.IsValid)
return;
|
|
|
|
|
Hi
In windows services, we can program a thread which invokes itself after time to time.
In ASP.net application, how can we implement similar solution? Please advice.
Thanks
Pankaj
|
|
|
|
|
Write a service. ASP.NET can't do that, because of how it works.
Christian Graus
Please read this if you don't understand the answer I've given you
"also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
|
|
|
|