Posted by Ramani Sandeep on August 5, 2010
By default, the application is prevented from processing unencoded HTML content submitted to the server (it means page validaterequest=true & it help us to prevent script attacks ).
This request validation feature can be disabled when the application has been designed to safely process HTML data. When ever you work with DotNetNuke this feature is disabled by default.
Now question comes in mind that in such cases how to “Preventing Script Attacks”.
One solution can “stop submitting input that contains such scripts or we can say html tags”.
so that we can prevent script attack.
Here is one solution using RegularExpressionValidator.
Suppose we are having textbox that takes some input text from the user & we do not want them to type any html tags than here is the code for that :
<asp:TextBox runat="server" ID="txtName"></asp:TextBox>
<asp:RegularExpressionValidator runat="server" ID="regName" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="Employeevalgrp" ValidationExpression="^[^<>]+$" ErrorMessage="Html tags are not allowed."/>
<asp:Button runat="server" ID="btnSaveEmployeeInfo" ValidationGroup="Employeevalgrp"
CausesValidation="true" OnClick="btnSaveEmployeeInfo_Click" />
Here when user press button, validator will validate the input text & submit the text only if it passes thru the validation test.
Here I must say that we are not validating request, we are just validating input that is going to be submitted to the server.
Hope this will help !!!
Posted in ASP.NET 3.5 | Tagged: DotNetNuke Request Validation, Request Validation, Request Validation - Preventing Script Attacks, validaterequest | Leave a Comment »
Posted by Ramani Sandeep on June 10, 2010
In this article we show how Forms Authentication can be used to secure ASP.Net Web Services, using the built-in ASP.Net Membership Provider classes which utilize SQL Server to store usernames and passwords.
Adding a Web Service, (also called an Application Programming Interface, or API for short) to an existing web site or desktop application (of the client-server variety) is a great way to enable additional and innovative uses of the data it holds, and also extend its reach to different development platforms such as native Apple and Linux applications , or to native mobile device applications such as those on Apple’s iPhone.
Hope this will helps !!!
Posted in ASP.NET, ASP.NET 3.5, ASP.NET 4.0, Web Services | Tagged: Form Authentication, Securing ASP.Net Web Services, Securing ASP.Net Web Services with Forms Authentication, Web Service, Web Service With Form Authentication | Leave a Comment »
Posted by Ramani Sandeep on April 28, 2010
DNJ is Open Source framework to make use of jQuery in an ASP.NET application easier.
This article is a quick guide to some features of the DNJ framework. DNJ is an Open Source framework that helps using jQuery with ASP.NET applications. It provide helper functions, an AJAX extender, a transparent RPC, and an implementation of the jQuery UI components as ASP.NET web controls.
View full Article : http://www.codeproject.com/KB/aspnet/dotnetjquery.aspx
Read more : http://dnj.eurekaa.org/
Posted in ASP.NET 3.5, JQuery | Tagged: DNJ - Dot Net jQuery | 2 Comments »