Hey there..
I don't know why my app doesn't validade the username/password when it's
published...
The code is working because in IDE it validates...
any hint??? below is the validate function and web.config authorization
part.
Admin is a folder inside the root. (\inetpub\wwwro ot\site\admin)
Tks a lot,
Christiano
Protected Sub Login_Authentic ate(ByVal sender As Object, ByVal e As
System.Web.UI.W ebControls.Auth enticateEventAr gs) Handles Login.Authentic ate
If Page.IsValid Then
Dim cn As New
SqlConnection(C onfigurationMan ager.Connection Strings("ConnSt ring").Connecti onString)
Dim cm As New SqlCommand("SEL ECT UsuaCodi FROM Usuarios WHERE
UsuaLogi='" & Login.UserName. ToUpper & "' AND UsuaSenh='" &
Login.Password. ToUpper & "' AND UsuaAdmi=1", cn)
Dim iID As Integer
cn.Open()
iID = cm.ExecuteScala r
cn.Close()
System.Diagnost ics.Trace.Write (iID, "ID")
If iID 0 Then
Session("id") = iID
FormsAuthentica tion.RedirectFr omLoginPage(Log in.UserName,
False)
Else
If CInt(ViewState( "tentativas ")) 1 Then
Dim tries As New HttpCookie("tri es",
Now.ToShortTime String)
tries.Expires = DateTime.Now.Ad dMinutes(20)
Response.Cookie s.Add(tries)
Response.Redire ct("#")
Else
ViewState("tent ativas") =
System.Convert. ToInt32(ViewSta te("tentativas" )) + 1
End If
End If
End If
End Sub
<!-------------------!>
<system.web>
<authenticati on mode="Forms">
<forms name="Sinoreg_L ogin" loginUrl="~/Admin/Login.aspx" timeout="20"
/>
</authentication>
<identity impersonate="tr ue" />
</system.web>
<location path="Admin">
<system.web>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</location> 4 2254
if you are using a trusted connection to sqlserver the iis anonymous account
for your site, must be a account with access to the sqlserver. the ide always
runs as the developers account (with a primary security token).
also you site is open to sql injecttion (tsk, tsk).
-- bruce (sqlwork.com)
"Christiano Donke" wrote:
Hey there..
I don't know why my app doesn't validade the username/password when it's
published...
The code is working because in IDE it validates...
any hint??? below is the validate function and web.config authorization
part.
Admin is a folder inside the root. (\inetpub\wwwro ot\site\admin)
Tks a lot,
Christiano
Protected Sub Login_Authentic ate(ByVal sender As Object, ByVal e As
System.Web.UI.W ebControls.Auth enticateEventAr gs) Handles Login.Authentic ate
If Page.IsValid Then
Dim cn As New
SqlConnection(C onfigurationMan ager.Connection Strings("ConnSt ring").Connecti onString)
Dim cm As New SqlCommand("SEL ECT UsuaCodi FROM Usuarios WHERE
UsuaLogi='" & Login.UserName. ToUpper & "' AND UsuaSenh='" &
Login.Password. ToUpper & "' AND UsuaAdmi=1", cn)
Dim iID As Integer
cn.Open()
iID = cm.ExecuteScala r
cn.Close()
System.Diagnost ics.Trace.Write (iID, "ID")
If iID 0 Then
Session("id") = iID
FormsAuthentica tion.RedirectFr omLoginPage(Log in.UserName,
False)
Else
If CInt(ViewState( "tentativas ")) 1 Then
Dim tries As New HttpCookie("tri es",
Now.ToShortTime String)
tries.Expires = DateTime.Now.Ad dMinutes(20)
Response.Cookie s.Add(tries)
Response.Redire ct("#")
Else
ViewState("tent ativas") =
System.Convert. ToInt32(ViewSta te("tentativas" )) + 1
End If
End If
End If
End Sub
<!-------------------!>
<system.web>
<authenticati on mode="Forms">
<forms name="Sinoreg_L ogin" loginUrl="~/Admin/Login.aspx" timeout="20"
/>
</authentication>
<identity impersonate="tr ue" />
</system.web>
<location path="Admin">
<system.web>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</location>
"Christiano Donke" <cd****@digiexp ress.com.brwrot e in message
news:ef******** ******@TK2MSFTN GP02.phx.gbl...
Dim cm As New SqlCommand("SEL ECT UsuaCodi FROM Usuarios WHERE UsuaLogi='"
& Login.UserName. ToUpper & "' AND UsuaSenh='" & Login.Password. ToUpper &
"' AND UsuaAdmi=1", cn)
Following on from Bruce's reply, what would happen if someone entered the
text below in the UserName TextBox...?
';DELETE FROM Usuarios;-- http://www.google.co.uk/search?sourc...L+Injection%22
--
Mark Rae
ASP.NET MVP http://www.markrae.net
hey there...
i'm not using a trusted connection... i'm connection with sql server mixed
authentication.
IIS user is member of Guest, VS Developer and Debugers groups.
Running XP Pro SP-3, IIS 5.1, SQL Server 2005 Developer Edition
Now... about the injection...
In deed, i hadn't take the needed care about this...
This is the only form in the whole site that is not using parameters...
I've taken the expected providences already... tks..
"bruce barker" <br*********@di scussions.micro soft.comescreve u na mensagem
news:DE******** *************** ***********@mic rosoft.com...
if you are using a trusted connection to sqlserver the iis anonymous
account
for your site, must be a account with access to the sqlserver. the ide
always
runs as the developers account (with a primary security token).
also you site is open to sql injecttion (tsk, tsk).
-- bruce (sqlwork.com)
"Christiano Donke" wrote:
>Hey there..
I don't know why my app doesn't validade the username/password when it's published... The code is working because in IDE it validates...
any hint??? below is the validate function and web.config authorization part.
Admin is a folder inside the root. (\inetpub\wwwro ot\site\admin)
Tks a lot, Christiano Protected Sub Login_Authentic ate(ByVal sender As Object, ByVal e As System.Web.UI. WebControls.Aut henticateEventA rgs) Handles Login.Authenti cate If Page.IsValid Then Dim cn As New SqlConnection( ConfigurationMa nager.Connectio nStrings("ConnS tring").Connect ionString) Dim cm As New SqlCommand("SEL ECT UsuaCodi FROM Usuarios WHERE UsuaLogi='" & Login.UserName. ToUpper & "' AND UsuaSenh='" & Login.Password .ToUpper & "' AND UsuaAdmi=1", cn) Dim iID As Integer
cn.Open() iID = cm.ExecuteScala r cn.Close()
System.Diagnost ics.Trace.Write (iID, "ID")
If iID 0 Then Session("id") = iID FormsAuthentica tion.RedirectFr omLoginPage(Log in.UserName, False) Else If CInt(ViewState( "tentativas ")) 1 Then Dim tries As New HttpCookie("tri es", Now.ToShortTim eString) tries.Expires = DateTime.Now.Ad dMinutes(20) Response.Cookie s.Add(tries) Response.Redire ct("#") Else ViewState("tent ativas") = System.Convert .ToInt32(ViewSt ate("tentativas ")) + 1 End If End If End If End Sub
<!-------------------!>
<system.web> <authenticati on mode="Forms"> <forms name="Sinoreg_L ogin" loginUrl="~/Admin/Login.aspx" timeout="20" /> </authentication> <identity impersonate="tr ue" /> </system.web>
<location path="Admin"> <system.web> <authorizatio n> <deny users="?" /> </authorization> </system.web> </location>
Besides posting here, where you may or may not get the answer you need,
I suggest that you post your debugging questions to the VS debugging newsgroup
on this same server : microsoft.publi c.vsnet.debuggi ng.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========
"Christiano Donke" <cd****@digiexp ress.com.brwrot e in message news:ef******** ******@TK2MSFTN GP02.phx.gbl...
Hey there..
I don't know why my app doesn't validade the username/password when it's published...
The code is working because in IDE it validates...
any hint??? below is the validate function and web.config authorization part.
Admin is a folder inside the root. (\inetpub\wwwro ot\site\admin)
Tks a lot,
Christiano
Protected Sub Login_Authentic ate(ByVal sender As Object, ByVal e As
System.Web.UI.W ebControls.Auth enticateEventAr gs) Handles Login.Authentic ate
If Page.IsValid Then
Dim cn As New SqlConnection(C onfigurationMan ager.Connection Strings("ConnSt ring").Connecti onString)
Dim cm As New SqlCommand("SEL ECT UsuaCodi FROM Usuarios WHERE UsuaLogi='" & Login.UserName. ToUpper & "' AND
UsuaSenh='" & Login.Password. ToUpper & "' AND UsuaAdmi=1", cn)
Dim iID As Integer
cn.Open()
iID = cm.ExecuteScala r
cn.Close()
System.Diagnost ics.Trace.Write (iID, "ID")
If iID 0 Then
Session("id") = iID
FormsAuthentica tion.RedirectFr omLoginPage(Log in.UserName, False)
Else
If CInt(ViewState( "tentativas ")) 1 Then
Dim tries As New HttpCookie("tri es", Now.ToShortTime String)
tries.Expires = DateTime.Now.Ad dMinutes(20)
Response.Cookie s.Add(tries)
Response.Redire ct("#")
Else
ViewState("tent ativas") = System.Convert. ToInt32(ViewSta te("tentativas" )) + 1
End If
End If
End If
End Sub
<!-------------------!>
<system.web>
<authenticati on mode="Forms">
<forms name="Sinoreg_L ogin" loginUrl="~/Admin/Login.aspx" timeout="20" />
</authentication>
<identity impersonate="tr ue" />
</system.web>
<location path="Admin">
<system.web>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</location> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Brian Genisio |
last post by:
Hello all,
I am developing a class where speed is important, and memory size is
also important. I need to give the user of the class read-only access
to one of the private members (size as an int). I have two options:
1. Make a method : int getSize() {return m_size;}
2. Use a reference: const int &size;, and link it to the private size value
Option #1 is nice, because it does not take an extra member, but it is
|
by: baustin75 |
last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie
only when debugging in php designer 2005
--------------------------------------------------------------------------------
Hello,
I have a very simple problem but cannot seem to figure it out. I have a
very simple php script that sends a test email to myself. When I debug
it in PHP designer, it works with no problems, I get the test email. If
|
by: Andy |
last post by:
I am having some trouble validating XML using the XmlValidatingReader.
I have created some xml and used the visual studio to generate the
schema. So I am confident that the xml and schema match.
The problem I am having is that the validation event fires for each
node in the xml. It seems to be completely ignoring the schema that I
have used.
I'm wondering if I need to do something extra to tell the xml which
schema to use.
|
by: Srinivasa Rao |
last post by:
I have read in one article that when we compile the application in release
mode, all the debug classes and properties will be automatically removed from
the code. I tried to implement this thing by using the following code in
Page_Load event handler.
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim intcount As Integer
intcount = 0
For intcount = 0 To 4
|
by: Sam |
last post by:
Hi,
I have a grid on which the Validating event contains a pop up that
prompts the user for yes or no. If the user click yes the event is
cancel otherwise it's not (e.Cancel = True vs e.Cancel = False)
The problem is that if the user clicks no, I would expect things to
keep being processed normally, that is if the user leaves the grid by
clicking on the node of a Treeview and then clik 'No', the node in the
tree should be selected, but...
| |
by: B. |
last post by:
We just recently move to code from VC++6 to VC++.NET 2005 and upgrade
the warning level from 3 to 4. In debug mode, we compile the
application with no warning no error, but when I build it in release
mode, there are quite few C4701 warnings and some C2679 errors. Note
that some of warning and error happens in debug mode as well and was
fixed. Anyone know why some of warning and error happens only in
release mode?
|
by: sandari |
last post by:
The following code (web.config in Visual Studio 2005) is supposed to redirect a user to the appropriate Form depending on their role.
However, regardless of the user's role, the only page displayed is the login page with the URL of the page the user was supposed to go to being displayed in the address bar.
A valid user is:
name "sandy"
password = san_mcd
role = Administrator
...
|
by: =?Utf-8?B?bXBhaW5l?= |
last post by:
Hello,
I am completely lost as to why I can't update a DropDownList inside a
DetailsView after I perform an insert into an object datasource. I tried to
simply it down to the core demostration:
default.aspx:
|
by: BeemerBiker |
last post by:
My asp.net app can connect to the sql server when running in debug mode, VS2008.
It will not connect at the published location using
http://localhost/...default.aspx .etc
Connection string
Data Source=SWRI16SQL1;Initial Catalog=training09;Integrated Security=SSPI;
Error message at the connection "open" statement:
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |