Breaking News

Editors Picks

Wednesday, April 3, 2013

Securing and encrypt View State and Cookies values

Securing View State
If your ASP.NET Web applications use view state:
§  Ensure the integrity of view state (to ensure it is not altered in any way while in transit) by setting the enableViewStateMac to true as shown below. This causes ASP.NET to generate a Message Authentication Code (MAC) on the page’s view state when the page is posted back from the client.
§  <% @ Page enableViewStateMac=true >
§  Configure the validation attribute on the <machineKey> element in Machine.config, to specify the type of encryption to use for data validation. Consider the following:
o    Secure Hash Algorithm 1 (SHA1) produces a larger hash size than Message Digest 5 (MD5) so it is considered more secure. However, view state protected with SHA1 or MD5 can be decoded in transit or on the client side and can potentially be viewed in plain text.
o    Use 3 Data Encryption Standard (3DES) to detect changes in the view state and to also encrypt it while in transit. When in this state, even if view state is decoded, it cannot be viewed in plain text.

<trace enabled="false"/>
<machineKey  validation="3DES"/>
Securing Cookies
Cookies that contain authentication or authorization data or other sensitive data should be secured in transit by using SSL. For Forms authentication, the FormsAuthentication.Encrypt method can be used to encrypt the authentication ticket, passed between client and server in a cookie.

<trace enabled="false"/>
<machineKey  validation="3DES"/>
Read more ...
Posted by at No comments :
Labels: , ,

Page has one or more controls that do not correspond with

Page has one or more <asp: Content> controls that do not correspond with
<asp: Content placeholder> controls in the Master Page RSS

Introduction:
Just now when i was created my master page it gives me this error. The page has one or more asp content that do not correspond with asp content place holder. What is wrong with my master page? Here is my code of master page
This error in the design view:
The page has one or more <asp: Content> controls that do not correspond with <asp: ContentPlaceHolder> controls in the Master Page.
Designer generated error in VS when we were viewing the login page in designer mode. The error was:
The page has one or more <asp: Content> controls that do not correspond with <asp: ContentPlaceHolder> controls in the Master Page.
I had a hunch that this might be the root cause of my nonfunctional login page. Now I was 100% sure that the contentplaceholderID in this login page was the same as defined in the Master Page. In order to find other reasons for this error, I did a Google search for this error message and fortunately reached link:

Solution:
It would appear that your page has <asp: content> tags which do not correspond to <asp: ContentPlaceHolder> controls in your Master Page.
For this type of solution, master pages never support comments in the format <! --    -->
This could be causing your error
Or
I changed from <title/> to <title><title/> and it also did the trick.
to fix this issue simply set <title></title> instead of <title /> in your master page.
Read more ...
Posted by at No comments :
Labels: ,

“The Controls collection cannot be modified because the control contains code blocks”

Introduction
Here I will explain how to solve the problem “The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).” when running web application using asp.net. 
Description
I created one web application and added some of script files in header section of page like this
<head id="head2" runat="server">
<title>Light Page</title>
<link href="sunilstyle.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<%= ResolveUrl("~/js/grid.js") %>"></script>
</head>

After add script file to header section i tried to run the application during that time I got error like “The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).

Server Error in 'ASP.Net' Application.

The Controls collection cannot be modified because the control contains code blocks (i.e. <% ... %>).
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.


To solve this problem we have different methods
First Method
Remove JavaScript from the header section of page and add it to body of the page and run your application it will work for you.
Second Method
Replace the code block with <%# instead of <%=
<head id="head2" runat="server">
<title>Lightbox Page</title>
<link href="sunilstyle.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<%# ResolveUrl("~/js/grid.js") %>"></script>
</head>

After replace code block with <%# instead of <%= add following code in page load

protected void Page_Load(object sender, EventArgs e)
{
Page.Header.DataBind();    
}

After add code run your application it will work for you

Read more ...
Posted by at No comments :
Labels: , ,

How to fix "Validation(): Element 'xxxx' is not supported

How to fix "Validation(): Element 'xxxx' is not supported" Visual Studio 2010
Introduction:
Since about a month ago,I started to get validation warnings at design time on asp.net server controls (any control actually) within the html design view for VS 2010,intellisense on all controls would not work at all,the messages look like this:

Validation(): Element 'Label' is not supported.
Validation(): Element 'GridView' is not supported
....etc

The compilation done successfully but the warnings still exist and intellisense is not working at the source tab

I tried to reset the settings of VS 2010 ,disabled all extensions and few other ideas but none of them solved the issue,I got stuck.

I did a search over the internet about this issue and found the Solution

Solution

Splendid,that article is a life savior,the idea is to remove the folder "ReflectedSchemas" from paths:
Remember also the "VisualStudio" part of the path will be different depending on the version installed.

Win XP : C:\Documents and Settings\{username}\Application Data\Microsoft\VisualStudio\9.0\ReflectedSchemas

Win 7: C:\Users\{username}\AppData\Roaming \Microsoft\VisualStudio\9.0\ReflectedSchemas


 
Note: make sure that "Show hidden files, folders, and drives" is selected from Folder Options ,also don't forget to close VS before deleting the folder.

This solution should work for VS2010 and VS2008,at VS2008 you have to delete ReflectedSchemas from folder 9.0 not 10.0.
Read more ...
Posted by at No comments :
Labels: ,

How to create a new session in ASP.NET programmatically

How to create a new session in ASP.NET programmatically

If you want to create a new session (open a new window in a new session), without disturbing/loosing the other one, you will have to use the SessionIDManager.
Here is a short example (this will only work with <sessionState cookieless=”true” /> in the web.config):


protected void Page_Load(object sender, EventArgs e)
{
            if (!IsPostBack)
            {
                string ss1 = Session.SessionID;
                Session.Abandon();              
               Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
            }
           
}
This code example clears the session state from the server and sets the session state cookie to null. The null value effectively clears the cookie from the browser.

When a user does not log off from the application and the session state time-out occurs, the application may still use the same session state cookie if the browser is not closed. This behavior causes the user to be directed to the logon page and the session state cookie of the user to be presented. To guarantee that a new session ID is used when you open the logon page (login.aspx), send a null cookie back to the client. To do this, add a cookie to the response collection. Then, send the response collection back to the client. The easiest way to send a null cookie is by using the Response.Redirect method. Because the cookies collection always has a value for the ASP.NET_SessionId, you cannot just test if this cookie exists because you will create a Response.Redirect loop. You can set a query string on the redirect to the logon page.

Or, as illustrated in the following code example, you can use a different cookie to tell if you are already redirected to the logon page. To help enhance security and to make sure that no one tries to open the logon page by using a second cookie together with the ASP.NET cookie, the following code example uses the FormsAuthentication class to encrypt and decrypt the cookie data.
Read more ...
Posted by at No comments :
Labels: ,
Subscribe to: Posts ( Atom )

Contact Us

Name

Email *

Message *