It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Is it possible to read cross domain cookie in C#? if possible how can i read the cookie,
the cookie set in one domain like "dev-001" and get a cookie in another domain "localhost"
i used
Request.Cookies["userInfo"].Values
it shows a null value.
Is there any possibilities.because it's our requirement. all the information are available in cookie. but I can't read it
No, that's not possible. Cookies cannot be shared cross domain. That would be a huge security flaw.
However you can allow all subdomains to have access if you set the domain to ".your_domain.com".
A weird solution would be to redirect your user to one of the domain to get the cookie content, as bit like a webservice kind of thing but I wouldn't recommend that at all!
If you really need to store data about your user across multiple platforms, why not storing in a database?
Reading cookies from another domain in not possible. While there would be serious security implications if you could, the pragmatic reason is that the browser never sends cookies from other domains when it makes a request. So the information isn't available.
From your brief description, you need to find a better way of performing the task at hand. Cookies cannot be shared across domain.
However, a third party can be introduced into the mix which allows sharing of data (albeit through a much more elaborate mechanism) though it is possible to disable third party cookies.
Cross-domain user tracking without 3rd party cookies?
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
Some public wireless networks redirect you to a login page before giving you access to the internet. I want to test not only if the system has internet connection but also if it is unlimited, i.e. there is no redirect to such a login page.
I already checked the properties of HttpWebResponse to find something that could indicate this but found nothing.
How can I know that I'm not being redirected to a provider's login page?
This is intercepted by a proxy. You'll have no idea how "nice" it is, don't expect anything like a 302. So test it by visiting a known-good URL first, one whose response you can rely on. Not Google, something you maintain. If you don't get the expected response then you know that you've been redirected.
Another version of you can't do this:
You can test if you have access to whatever site you're testing as a reference. That doesn't prove you have unrestricted access, though. You might be behind a firewall that blocks out large swaths of the internet (for example, a corporate firewall blocking a bunch of places employees like to waste time but which have no job-related purpose.)
You might be behind the Great Firewall of China that will reset your connection if it doesn't like the domain you're accessing or if it sees words it doesn't like.
You might even be working through an evil ISP that replaces ads with it's own ads.
You cannot do this. As a trivial example, my service provider does not alter my connection or require any special login procedure, but if I use more than my allocated amount I will be charged for it.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I want to make one application in C# or VB.net which allow users(Clients) to fill there daily reports using there user account and allow admin (Server) to manage theme (i.e. Add, View, Edit Reports).
I want to make that kind of application.
Vague questions get vague answers. A very basic (and slightly tongue-in-cheek) strategy:
Create a web-page for presenting an interface where the users can enter or upload their reports (maybe have a look at Asp.Net MVC?)
Create a simple back-end system (maybe a service of some kind, using for instance WCF?) to accept and store incoming reports, and retrieve and return existing reports. This should include a database of some kind for storing the reports.
Connect your web-page to the back-end system, and use the former as an interface to the latter.
Create one or several AD groups to provide authentication throughout these systems and grant users the appropriate levels of access.
Once you have got started on this and have tried something, you can ask more precise questions here, to which it will be easier to give more constructive answers.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I would like to create a secure container for each of my authenticated users in order to enforce the security( isolation, a user can't see anything outside its container), speed ( the size of its own database is smaller ). These containers will store all the user documents, profile, themes , ....
Does anyone know how to achieve this with asp.net mvc?
Thx
Since you are storing documents, I'm guessing your "container" is a means to securely store user-specific data permanently on disk on the server. For this task, you main choices are likely to be:
the server's file system (doesn't scale too well tho)
a relational database (such as MySQL, SQL Server or Oracle)
a non-relational database, such as RavenDB or MongoDB
You application will need to provide the means to separate user's data from other users. By using ASP.NET Forms Authentication, and HTTPS, you have a reasonably secure solution - eg. each user's data can be keyed by their username, which is as secure as any web based app with username+password authentication. I.e. to see another user's data you'd have to be able to login as that user or hijack their session, which is difficult with HTTPS.
I don't believe that separating data into silos necessarily is a good way improve performance. Do you actually have a performance problem? Premature optimization is generally a misplaced effort. Organize your data in a way that makes most sense to your application's requirements. Databases can scale up to Terabytes data, and many thousands of concurrent users. There are many techniques to improve performance for large databases, but wait until you actually have a performance problem before diving into that.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have create a web site and I need to read data which is created by rfid reader.
this device has some dll which can be use in windows application.
I want to know that is there any way to use those dll in my site in order that I read data from RFID reader? if not is there any way to use that device in web site?
Reading dll's on a clients machine is seen as big security risk and there is not really allowed. It is possible to use ActiveX controls (basically dll's compiled into cab files) which the user can then enable and download, this then will allow you to talk to the ActiveX control which talks to the dll's, which talks to the RFID.
I would rather suggest you use something like Silverlight with out of browser mode, which you can run on the client machine with elevated privilages, then you can talk to com object.
A much better way to go.
ASP.NET application is Server side application with specific security restrictions applied.
So basically, as the question is very generic so my answer too: you can do it, it's enough to be sure that your architecture fits yuor ASP.NET security/permission requirements.
Cause I immagine DLL is kind of COM component where you push signals and read alphanumeric characters specifying your RFID (passive or active) identifier.
Regards.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
This'll be my second time doing a CMS and Inventory Management app for my client. This particular client wants it all to be online. Instead of a desktop app, like I did with my previous client. Which is fine I guess, however I'm a little concerned about the security stuff... What if it gets hacked? He basically wants to be able to manage, view, create new and edit existing orders via his website from an "Admin" type interface after he logs in as an Admin, so obviously I'm going to need Roles.
But is this common or normal practice? The website isn't an intranet, or hosted locally, it's remotely hosted.
Yes, its very normal all of my websites have admin interfaces that allow access to just about everything with the proper credentials.
A word of caution however: If you are not sure what you are doing, I'd be very careful about accepting/storing credit cards or other sensitive information(SSN's medical data etc) . Its easy to screw up, and if that stuff get hacked, you may have some serious legal problems to deal with. Consider hiring someone with the right experience to help with security.
Everything you listed is normal to a Web application, whether it's hosted locally or on an intranet, or hosted remotely.
What you need is probably already implemented in other online CMSs (see Orchard CMS), but if you want to roll your own CMS, it's very easy to use ASP.NET MVC; it also has easy integration with Forms Authentication for ASP.NET.