How can I hide/change URL in the starting page?
protected void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
RegisterRoutes(RouteTable.Routes);
}
static void RegisterRoutes(RouteCollection routes)
{
//routes.MapPageRoute("Uniquename", "Name to shown on Adddress bar AND for redirecting", "Physical Path to the page");
routes.MapPageRoute("Home", "StoreFrontPage", "~/BestSeller.aspx");
routes.MapPageRoute("index", "MainPage", "~/index.aspx");
routes.MapPageRoute("ProductDetails", "DetailOfProduct", "~/ProductDetails.aspx");
}
Above codes helps me change the name of the url when i use "href" or "response.redirect" so when i open the first webpage (the starting page) i could not hide the url. i do not want users to see the name of the webpage.aspx file. thanks for any advices/help!
See also questions close to this topic
-
Assigning an empty string is throwing a null reference exception?
While debugging code today, I ran into an issue I've never encountered before. When assigning an empty string value (
""notstring.Empty), to a variable, I get aNullReferenceException. I see no reason why this exception should be thrown at this point in the code, considering the line directly above it, assigns the same value to another variable:
Here's the code in a copypasta form:
string city = ""; string state = ""; // Throws null reference exception.I initially thought that maybe, just maybe, somehow the same variable was declared elsewhere and wasn't throwing a compiler error, but after running a search through the code, that variable is created there, no where else.
NOTE: There is no inner exception, and we have no other ideas as to what could cause this. If anyone has ideas I'll gladly update the post with more information.
UPDATE: Okay, after a clean, rebuild, and checking the changes window, the following call that references it is the only change made to the file before the break:
List<string> validStates = StateList.Split(',').ToList(); if (validStates.Any(validState => validState.Equals(state, StringComparison.InvariantCultureIgnoreCase))) ... // UnchangedAfter swapping the call to
.Anyfor a call to.Containsas a test, the issue is no longer happening:List<string> validStates = StateList.Split(',').ToList(); if (validStates.Contains(state.ToUpperInvariant())) ... // Unchanged
Why would assigning an empty string value to a variable throw a
NullReferenceExceptionwhen using the LINQ method.Any? -
WFC Service Not Seeing Operation Contract
I am having a weird problem where I have a wcf service that has some Operation Contracts but when I add the service reference to another project they are there.
When I go to add -> add service reference. I put in the wfc url and the service shows up.
When I look at the operations list I see those endpoints but when I hit "ok" and then I try to find those endpoints in my project they are not found.
How can I go about debugging this?
-
Wait for a user input during Selenium process for two-steps verification code (C#)
I am currently automating (Visual Studio C#) the invoice submission process through Tungsten portal using Selenium and I have to get through the two-steps verification code. One way would be to get the code directly from the email received (which is not mine, but could still have access to it) by script and the other I though of would be to start the Selenium process right after the user logins manually or to interrupt the process to wait for the user to enter the verification code manually.
Is there a way to achieve the second possibility (manual login before starting Selenium process from there or process interruption for manual input of the verification code)?
Thank you all for your answers!
-
gRPC IdentityServer4 Error: Can't sign in with google auth
I'm using Blazor WebAssembly with gRPC and i'm new to Identity Server 4 and trying to implement google sign-in. I already followed the tutorial in the docs but when i tried to load the website, the console gave 2 errors like below. I searched many StackOverflow posts and GitHub issues similiar to this error and it didn't really helped me. My guess is that the error is in the server side because it happens when the website is loading.
Access to XMLHttpRequest at 'https://localhost:5000/signin-google/.well-known/openid-configuration' from origin 'https://localhost:5001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
AuthenticationService.js:1 GET https://localhost:5000/signin-google/.well-known/openid-configuration net::ERR_FAILED
The error shows that it has been blocked by CORS policy even though i already allowed all website url to access it(for testing purposes) and when i'm trying to sign-in with google, i got redirected to a failed login url that says network error. Here's the code.
BackEnd/Startup.csnamespace BackEnd { public class Startup { // This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddGrpc(); services.AddDbContext<UserDbContext>(options => options.UseInMemoryDatabase("UserDatabase")); services.AddCors(o => o.AddPolicy("AllowAll", builder => { builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .WithExposedHeaders("Grpc-Status", "Grpc-Message", "Grpc-Encoding", "Grpc-Accept-Encoding"); })); services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true) .AddRoles<IdentityRole>() .AddEntityFrameworkStores<UserDbContext>(); services.AddIdentityServer() .AddInMemoryIdentityResources(ServerConfiguration.IdentityResources) .AddInMemoryApiResources(ServerConfiguration.ApiResources) .AddInMemoryApiScopes(ServerConfiguration.ApiScopes) .AddInMemoryClients(ServerConfiguration.Clients) // .AddApiAuthorization<ApplicationUser, UserDbContext>() .AddTestUsers(ServerConfiguration.TestUsers); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddTransient<IProfileService, ProfileService>(); services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddGoogle("Google", options => { options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; options.ClientId = "499675830263-ldcg4fm7kcbjlt48tpaffqdbfnskmi8v.apps.googleusercontent.com"; options.ClientSecret = "1gACMFwq-il8ETUzJYbQFO5v"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.Authority = "https://localhost:5000"; options.ClientId = "499675830263-ldcg4fm7kcbjlt48tpaffqdbfnskmi8v.apps.googleusercontent.com"; options.ResponseType = "code"; options.SaveTokens = true; options.Scope.Add("protectedScope"); options.Scope.Add("offline_access"); options.Scope.Add("role"); options.ClaimActions.MapJsonKey("role", "role", "role"); options.TokenValidationParameters.RoleClaimType = "role"; }); services.AddAuthorization(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); app.UseCors(); app.UseGrpcWeb(new GrpcWebOptions { DefaultEnabled = true }); app.UseIdentityServer(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapGrpcService<GreeterService>().RequireCors("AllowAll"); endpoints.MapGrpcService<UserService>().RequireCors("AllowAll"); endpoints.MapGet("/", async context => { await context.Response.WriteAsync("Communication with gRPC endpoints must be made through a gRPC client. To learn how to create a client, visit: https://go.microsoft.com/fwlink/?linkid=2086909"); }); }); } } }BackEnd/ServerConfiguration.cs
namespace BackEnd { public static class ServerConfiguration { public static List<IdentityResource> IdentityResources { get { List<IdentityResource> idResources = new List<IdentityResource>() { new IdentityResources.OpenId(), new IdentityResources.Profile(), new IdentityResources.Email(), new IdentityResource("roles", "User roles", new List<string> { "role" }) }; return idResources; } } public static List<ApiScope> ApiScopes { get { List<ApiScope> apiScopes = new List<ApiScope>(); apiScopes.Add(new ApiScope("protectedScope", "Protected Scope")); return apiScopes; } } public static List<ApiResource> ApiResources { get { ApiResource userApiResource = new ApiResource("toDoWebApiResource", "Todo Web Api") { Scopes = { "protectedScope" }, UserClaims = { "openid", "email", "profile", "role" } }; List<ApiResource> apiResources = new List<ApiResource>(); apiResources.Add(userApiResource); return apiResources; } } public static List<Client> Clients { get { Client client = new Client() { ClientId = "499675830263-ldcg4fm7kcbjlt48tpaffqdbfnskmi8v.apps.googleusercontent.com", ClientName = "client 1", RequireClientSecret = false, RequirePkce = true, AllowedCorsOrigins = { "https://localhost:5001" }, AllowedGrantTypes = GrantTypes.Code, RedirectUris = { "https://localhost:5001/authentication/login-callback" }, PostLogoutRedirectUris = { "https://localhost:5001/authentication/logout-callback" }, AllowOfflineAccess = true, AllowedScopes = new List<string>{ IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "protectedScope" } }; List<Client> clients = new List<Client>(); clients.Add(client); return clients; } } public static List<TestUser> TestUsers { get { TestUser user1 = new TestUser() { SubjectId = "2f47f8f0-bea1-4f0e-ade1-88533a0eaf57", Username = "John", Claims = new List<Claim>() { new Claim("role", "SignedInUser"), new Claim("email", "johnsmith@gmail.com"), new Claim("picture", "https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.business2community.com%2Fsocial-media%2Fimportance-profile-picture-career-01899604&psig=AOvVaw2LC5T-WZMYnHD9I7PeK7lT&ust=1615219065948000&source=images&cd=vfe&ved=2ahUKEwip1caGxp7vAhV1NbcAHd_2BFwQjRx6BAgAEAc") } }; List<TestUser> testUsers = new List<TestUser>(); testUsers.Add(user1); return testUsers; } } } }FrontEnd/wwwroot/appsettings.json
{ "Authentication":{ "Google": { "Authority": "https://localhost:5000/signin-google", "ClientId": <confidential>, "ClientSecret": <confidential>, "DefaultScopes": [ "email", "profile", "openid" ], "PostLogoutRedirectUri": "https://localhost:5001//authentication/logout-callback", "RedirectUri": "https://localhost:5001//authentication/login-callback", "ResponseType": "code" } } } -
Using Steeltoe DiscoveryHttpMessageHandler with FlurlClient
I am looking to switch our HttpClients to use Flurl. However, our HttpClient is currently configured to use Service Discovery via Steeltoe. Basically it's doing this in ConfigureServices:
services.AddHttpClient<IMyClass, MyClass>().AddHttpMessageHandler<DiscoveryHttpMessageHandler>();DiscoveryHttpMessageHandler is a custom http message handler in the Steeltoe library (https://github.com/SteeltoeOSS)
How do I access the IHttpClientBuilder with Flurl so I can add this same message hander? Or is there another clean way with Flurl to add a custom message handler for every HttpClient/FlurlClient created?
-
Get time ticks in DateTime format C#
Date time comes from Database side like this
"2021-03-08T21:27:21.065"and then i have tried and format it from C# side like below,string fullDate = Convert.ToDateTime(x.start_date).ToString("dd-MM-yyyy HH:mm:ss");But i need to show last part of the date
065as well. -
Script Bundle and Style Bundle returning 302 Not Found Error
I'm trying to add Script and Style Bundling to a fairly old legacy WebForms application. It works great in debug mode or with BundleTable.EnableOptimizations = false.
But when I try to enable optimizations as it should be in production, it's not actually creating the bundles so they are returning 302 Not Found errors.
Here's my BundleConfig class
public static void RegisterBundles(BundleCollection bundles) { bundles.IgnoreList.Clear(); bundles.Add(new ScriptBundle("~/bundles/js") .Include("~/Scripts/jquery-{version}.js", "~/Scripts/jquery-migrate-{version}.js", "~/Scripts/jquery-validate.js", "~/Scripts/jquery-validate-unobtrusive.js", "~/Scripts/bootstrap.min.js", "~/Scripts/css_browser_selector.js", "~/Scripts/menu.js", "~/Scripts/owl.carousel.js", "~/Scripts/owl.carousel2.thumbs.js", "~/Scripts/general.js")); bundles.Add(new StyleBundle("~/bundles/css") .Include("~/css/bootstrap.css", "~/css/owl.carousel.min.css", "~/css/menu.css", "~/css/style.css", "~/css/responsive.css", "~/css/faeaapps_style.css" )); BundleTable.EnableOptimizations = true; }Application_Start in Global.asax:
BundleConfig.RegisterBundles(BundleTable.Bundles);In the of the master page:
<asp:PlaceHolder runat="server"> <%: Scripts.Render("~/bundles/js") %> <%: Styles.Render("~/bundles/css") %> </asp:PlaceHolder>How they're getting rendered:
<script src="/AppName/bundles/js?v=wMldU3OL4sMBTxZpOsGwPTsnbckw_2T1BVZNp1Lopag1"></script> <link href="/AppName/bundles/css?v=Mdb6m_Rz-GAE4EuPddeqG8CHLfgK1ODoN0WhXZmy09k1" rel="stylesheet"/>What happens when the browser tries to load them:
Any idea what I'm doing wrong?
-
pdf file not opening on android phone
I am trying to show a pdf file embedded on my web page as soon as the web page loads. This is what I am doing to show the pdf file on my aspx page:
<asp:Literal ID="ltEmbed" runat="server"></asp:Literal>and in my .cs page
string embed = "<object class=\"ss-pdfjs-viewer\" data=\"{0}\" type=\"application/pdf\" allowfullscreen webkitallowfullscreen>"; embed += "</object>"; string fileName = HttpContext.Current.Session["RequestType"] + "_" + HttpContext.Current.Session["MailID"].ToString() + ".pdf"; ltEmbed.Text = string.Format(embed, ResolveUrl("~/Documents/" + fileName));everything works fine. I can open this pdf file in my web application, iphone, but not in android phone.
I am not sure why it is not working in android and all other places.
-
Bootsrap, Required, Fontawesome, and ASP.NET webforms
I'm trying to do something which I think should be doable, but I'm having problems with. Here are my requirements:
- I need to check that four values on a webform form are entered.
- I need to allow a user to submit the data on a button click.
- The button has some text and has some fontawesome icons in it.
- When the data is submitted, I need to turn off the button so that the user does not inadvertently click it again and submit the exact same data the second time.
- Get the required popups from bootstrap on an insert/update of data, assuming some data has not been entered.
I am only able to get pieces of this working. Here is what I have tried:
An asp:LinkButton. I can get everything but the bootstrap required popups. I found that this seems to be caused because bootstrap required looks for a button of type "submit".
An asp:Button. I can get everything but the fontawesome icons. I found that I can actually insert this on a jquery document ready method, but I get all kinds of asp .net security violations when I try this. I simply can't open this up.
A button tag with a runat="server" on it. I've tied this in with the asp.net button click event like below. Unfortunately, when I click the button, if there is a client side onclick event handler, the server side click event never gets called. I am able to style the button like a link. This is the option that seems to get me the closest. Unfortunately, I seem to be able to get the client side onclick event or the server side onserverclick event, but not both. I'm open to any and all suggestions here.
<button type="submit" ID="btnSubmission" runat="server" onserverclick="lbCaseUpdate_Click" class="buttonAsLink nav-link pl-0" ><i class="fa fa-pen fa-fw"></i> Update</button>
What I need is a button/link that activates the "required" display in bootstrap, contains the fontawesome icons, runs some client side javascript to somehow communicate an update is occurring, turns off the input button, and then performs the server side operation. I don't see how to get it. I'm open to any and all suggestions.
TIA
-
3DES-Sweet32 Vulnerability Compensating Control(s)?
For backward compatibility reasons if the 3DES (
TLS_RSA_WITH_3DES_EDE_CBC_SHA) cipher needs to be enabled in a web server, is there any compensating security control that can be used to detect and mitigate Sweet32-Birthday attacks on 3DES? Does a WAF help in this situation? Consider the web-application is running on containers behind a cloud load balancer.One example is, Google has 3DES cipher enabled for https://www.google.com, in this scenario how they are continuing 3DES cipher support while maintaining defense against Sweet32-Birthday attacks.
Thank you for your help.
-
Security implications of refresh token grace period
I have an OAuth2 server built with django-oauth-toolkit, and by default, refresh tokens are revoked immediately upon use. This means that if a client requests a new access token using a refresh token but doesn't receive the response due to a network interruption they will be forced to reauthenticate.
The library provides the setting
REFRESH_TOKEN_GRACE_PERIOD_SECONDSwhich is an amount of time to wait between the use of a refresh token and its revocation. If a client uses a refresh token and does not receive the response, that original refresh token will still be valid forREFRESH_TOKEN_GRACE_PERIOD_SECONDSwhich allows the client to get a new access token without needing to reauthenticate.As far as I can tell, the purpose of immediately revoking refresh tokens upon use is to prevent replay attacks, but since this authorization server exclusively uses https, it seems this is a sufficient defense against this type of attack.
Are there other vulnerabilities that can result from having a grace period for refresh token revocation? What would be the implications of never revoking a refresh token?
-
Web site brows form specified device
I want to force some of my web application users to access from specified PC/device (their pc's mac address , private IP already stored at database). How i implement this?