|
Thanks a lot for your valuable time. It is working fine. Made a changes based on your search result.
|
|
|
|
|
|
Thank you. It is working fine.
|
|
|
|
|
|
Hi,
I have code as below, which loads a partial view in which I have a Grid, but for some reason when one of the load doesn't happen because some failure or missing View etc, the previous partial view remaining unchanged, can somebody please help me how can I clear the previous page load when loading the current Page. Any help a code snippet, a link or a suggestion anything helps thanks a lot in advance my friends.
function GetLookupTableValue(e)
{<br />
if ($("#drpLookup").data("kendoDropDownList").text() != 'Select')
myHeader.innerText = "List of " + $("#drpLookup").data("kendoDropDownList").text();
else
myHeader.innerText = "";
var noCodeFilter = containsAny($("#drpLookup").data("kendoDropDownList").text(), ['Address Type', 'Gender', 'NPI Status', 'Rendering Provider Status', 'Rendering Provider Classification']);
if (noCodeFilter)
{
var url = '../Admin/GetLookupTableNoCode';
$("#divLookupTable").load(url, { LookupTableId: $("#drpLookup").data("kendoDropDownList").value(), __RequestVerificationToken: $('input[name=__RequestVerificationToken]').val() });
}
else if ($("#drpLookup").data("kendoDropDownList").text() == 'Medi-Cal - Mode of Service - Service Function')
{
var url = '../Admin/GetMCMSSFCrosswalkList';
$("#divLookupTable").load(url, { LookupTableId: $("#drpLookup").data("kendoDropDownList").value(), __RequestVerificationToken: $('input[name=__RequestVerificationToken]').val() });
}
else if ($("#drpLookup").data("kendoDropDownList").text() == 'Service Function Category')
{
var url = '../Admin/GetServiceFunctionCategoryLKPList';
$("#divLookupTable").load(url, { LookupTableId: $("#drpLookup").data("kendoDropDownList").value(), __RequestVerificationToken: $('input[name=__RequestVerificationToken]').val() });
}
else
{
var url = '../Admin/GetLookupTableCode';
$("#divLookupTable").load(url, { LookupTableId: $("#drpLookup").data("kendoDropDownList").value(), __RequestVerificationToken: $('input[name=__RequestVerificationToken]').val() });
}
}
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
load function accepts another parameter which is a function (ajax callback) that takes in response, status and xhr. In case of any error, status will have the error code in it. You can evaluate that and do as needed.
Your code can be refactored to avoid repeated blocks in if/else blocks.
"It is easy to decipher extraterrestrial signals after deciphering Javascript and VB6 themselves.", ISanti[ ^]
|
|
|
|
|
Can you please give me a small sample of load response error status code and can you please give me small sample of how to refactor the repeated if else blocks. A sample or even a link helps please - thank you very much for your suggestion buddy.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
Hello
I am hoping to use the following code in my VS 2017 project (register.aspx.vb) to hash/salt a password:
Public Function GetSalt() As String
Dim saltSize = 32
Dim Salt As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
Dim randomBytes(saltSize - 1) As Byte
Salt.GetBytes(randomBytes)
Return Convert.ToBase64String(randomBytes)
End Function
Public Function HashedPassword(ByVal Salt As String, ByVal providedPassword As String) As String
Dim passWithSalt = String.Concat(Salt, providedPassword)
Dim rawPasswordData() As Byte = Encoding.UTF8.GetBytes(passWithSalt)
Dim SHA512 As New SHA512CryptoServiceProvider()
Dim resultingHash As Byte() = SHA512.ComputeHash(rawPasswordData)
Return Convert.ToBase64String(resultingHash)
End Function
followed by:
Protected Sub btnReg_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReg.Click
Try
Using connection As New OleDbConnection("connectionString")
Dim Sql As String = "INSERT INTO university (username,strEmail,Hash) VALUES (@username,@strEmail,@Hash)"
Dim cmd As New OleDbCommand(Sql)
cmd.Connection = connection
cmd.Parameters.AddWithValue("@username", username.Text)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
cmd.Parameters.AddWithValue("@Hash", "Production based on simple ciphers and fixed encryption keys")
connection.Open()
cmd.ExecuteNonQuery()
End Using
Dim target = String.Format("~/success.aspx?Name={0}", username.Text)
Response.Redirect(target, True)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
How would I relate the GetSalt and HashedPassword functions, please, to the button click, in order to make this code work?
Thank you.
|
|
|
|
|
You need to store the Hash and the salt. When authenticating the password, you need both parts to make a match.
Your really better off using a package like BCrypt to do it for you. I've done it your way but stored the values as byte[] and not string.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Thanks jkirkerx, for your reply.
I am not familiar at all with BCrypt but, following your advice about 'You need to store the Hash and the salt', I take it that I would need two columns in my database to do that, namely, 'Salt', and 'Hash' (where 'Hash' would replace the plain password column), and I would need to alter my code to:
Dim Sql As String = "INSERT INTO university (username,strEmail,Salt,Hash) VALUES (@username,@strEmail,@Salt,@Hash)"
and
cmd.Parameters.AddWithValue("@username", username.Text)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
cmd.Parameters.AddWithValue("@Salt")
cmd.Parameters.AddWithValue("@Hash", "Production based on simple ciphers and fixed encryption keys") (I am not sure about how to code those last two parameters).
Thanks again.
|
|
|
|
|
Yup! 
The Hash is the password that has been generated with Salt.
If you don't store the Salt, you can't verify the Hash
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Very many thanks again - you have been a great help.
Regards
|
|
|
|
|
Since you are in the context of ASP.NET, you may want to look at System.Web.Helpers.Crypto class as it provides a few handy functions to do Hashing for you. For example:
using System.Web.Helpers;
public void SavePassword(string unhashedPassword)
{
string hashedPassword = Crypto.HashPassword(unhashedPassword);
}
The Crypto.HashPassword function takes care of creating a salt for you. The returned value of that function already contains both the salt and the hashed password in a single value. All you need to do is store the username and hashed password in your database and you're done.
More info, read: Password management made easy in ASP.NET with the Crypto API | brockallen[^]
|
|
|
|
|
Very many thanks for your post, Vincent. That must be the simplest hash/salt I have seen! Thanks, to, for the link which discusses password verification for use on a log-in page.
I will give it a try.
I am assuming that, for the new user registration page, I would use (as above):
Public Sub CreateAccount(ByVal username As String, ByVal password As String)
Dim hashedPassword = Crypto.HashPassword(password)
CreateAccountInDatabase(username, hashedPassword)
End Sub
and then my 'Submit' button:
Private Sub BtnReg_Click(sender As Object, e As EventArgs) Handles BtnReg.Click
'Dim hashedPasswordText As New Label With {.Text = (Hash512(password.Text, CreateRandomSalt))}
Using connection As New OleDbConnection("connectionString")
Dim Sql As String = "INSERT INTO university (username,strEmail,hashed,salted) VALUES (@username,@strEmail,@hashed,@salted)"
Dim cmd As New OleDbCommand(Sql)
cmd.Connection = connection
cmd.Parameters.AddWithValue("@username", username.Text)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
Dim hashed As Boolean
cmd.Parameters.AddWithValue("@hashed", hashed)
Dim salted As Boolean
cmd.Parameters.AddWithValue("@salted", salted)
connection.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Does that look as if it may work?
Thanks again!
|
|
|
|
|
You don't need to store the salt anymore in your database as the returned value of the Crypto.HashPassword already has a Salt on it.
Dim hashedPassword = Crypto.HashPassword(password)
For example, the variable hashedPassword already contains the Hash + Salt
So your code would now be something like:
Private Sub CreateAccount(ByVal username As String, ByVal password As String, ByVal email As String)
Dim hashedPassword = Crypto.HashPassword(password)
Using connection As New OleDbConnection("connectionString")
Dim Sql As String = "INSERT INTO university (username,strEmail,hashed) VALUES (@username,@strEmail,@hashed)"
Dim cmd As New OleDbCommand(Sql)
cmd.Connection = connection
cmd.Parameters.AddWithValue("@username", username)
cmd.Parameters.AddWithValue("@strEmail", email)
cmd.Parameters.AddWithValue("@hashed", hashedPassword)
connection.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Private Sub BtnReg_Click(sender As Object, e As EventArgs) Handles BtnReg.Click
CreateAccount(username.Text,password.Text,strEmail.Text)
End Sub
PS: My apology as I'm not good at VB.NET 
|
|
|
|
|
Public Sub CreateAccount(ByVal username As String, ByVal password As String)
Dim hashedPassword = Crypto.HashPassword(password)
CreateAccountInDatabase(username, hashedPassword)
End Sub
Private Sub CreateAccountInDatabase(username As String, hashedPassword As Object)
Throw New NotImplementedException()
End Sub
Private Sub CreateAccount(ByVal username As String, ByVal password As String, ByVal email As String)
Dim hashedPassword = Crypto.HashPassword(password)
Using connection As New OleDbConnection("connectionString")
Dim Sql As String = "INSERT INTO university (username,strEmail,hashed) VALUES (@username,@strEmail,@hashed)"
Dim cmd As New OleDbCommand(Sql)
cmd.Connection = connection
cmd.Parameters.AddWithValue("@username", username)
cmd.Parameters.AddWithValue("@strEmail", email)
cmd.Parameters.AddWithValue("@hashed", hashedPassword)
connection.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Private Sub BtnReg_Click(sender As Object, e As EventArgs) Handles BtnReg.Click
'Do some forms validation here
CreateAccount(username.Text, password.Text, strEmail.Text)
End Sub
I still get one compilation error while trying to load the page I my browser and that relates to Crypto which, VS tells me, is not declared. Again, the light-bulb pops up with a few alternatives including 'generate Crypto as class'. Not sure if that's what I should opt for as I am in unfamiliar territory here.
Thanks again.
|
|
|
|
|
You need to add a reference to the System.Web.Helpers assembly, and add Imports System.Web.Helpers to the top of your code file.
You'll also want to remove CreateAccount(ByVal username As String, ByVal password As String) and CreateAccountInDatabase(username As String, hashedPassword As Object), since they're not used, and calling either of them will result in an exception.
NB: Don't remove CreateAccount(ByVal username As String, ByVal password As String, ByVal email As String), since that's the one you're using.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
You need to add a reference to System.Web.Helpers. If it's not present in your project references then add it. You will find this assembly in the Extensions group under Assemblies in Visual Studio 2010, 2012 & 2013 (Reference Manager). You can also add it via NuGet package manager.
Once you've added that reference to your project, then declare the following in your code:
Imports System.Web.Helpers
|
|
|
|
|
how to hold browsing path in fileupload control(i want to choose my choice folder) & How to get uploaded file path ,while click on show in folder(Show in Folder)?
Select Saving path: Fileupload1(Holds saving path)
Select File: Fileupload2 (file)
Show in folder(link Button)(sucessfull uploaded file show in folder)
Thanks in Advance..
|
|
|
|
|
You can't get that for security reasons.
|
|
|
|
|
I've been going to programmer seminars over the last month and learning more about .Net Core, and the concepts of breaking up my programs into smaller pieces and processes. My plan going forward is to start running my .Net Core apps in Docker Containers in my little data center first, then Azure later. So we were talking about Azure and Web Jobs, which Segway into sending email as a separate process. Rob Rich, the speaker was talking about making email more durable and stateless by making it a separate process that works off a message queue. I get the concept as if it was an illustration, but can't grasp the code architecture of it.
I currently just have classes that handle email in a separate project that is attached to the main project. The email classes just generates the email message and then calls SendMailAsync in the same external project. I'm thinking perhaps I should create a new project that just handles email. Something completely modular that I could use over and over with little configuration or integration.
My first thought is take the SendMailAsync, and create a .Net Core console app for it. Pass the mail to it, send it, if it fails add it back to the queue.
Second thought is to take all the email stuff, and create another program for it and use dependency injection to generate the message, and send it.
As an exercise towards writing better architected code, I would like to get it right this time. I'm asking for help on this.
Thanks.
Richard:
Is this what you meant by console apps?
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Wasn't he talking about using some kind of queuing broker (e.g. Apache Kafka)? From your explanation, that is what it sounds to me.
If that's the case, you will have an application that would send a message to the queue with an email object and another application that would take those objects, send the emails and, if successful, remove them from the queue.
The broker is the specialized middle-ware responsible for saving those messages until needed and delivering them, guaranteeing that no messages are lost due to applications crashing, servers not available, etc.
|
|
|
|
|
Hi everyone
I am fairly new to MVC and I've only done simple projects without security before. I am now working in a new, more complex project that requires a security model based on role + organization.
The authorization will be based on Windows user. Once the users are validated, they will be marked as working with their default organization, but the can change the organization at any time. We are imagining a drop-down with the organizations the user belong to, and stored the current one as a session variable.
The simplest part of the projects consists of several CRUDs. We have users that are either viewers or editors in these CRUDs, but their role may vary depending on the organization they are working on.
E.g. for the "Branches" table, User "Peter" may be an editor for organization 1 and a viewer for organizations 2 and 3.
If I ignore the organization, I can easily manage the security by extending System.Web.Security.RoleProvider and handling the logic within that class. I believe I could read the current organization from the session variable (haven't tried that yet) in order to add that to the class logic, but I'm pretty sure there must be a better solution.
Can anyone suggest a better solution? Ideally it should be following the ASP.NET System.Web.Security model. Any Visual Studio integrated framework that makes this security handling easier is also very welcomed.
Thank you
|
|
|
|
|
I'm no expert at this by far. But I'll mention the HttpContext. It has a lifespan of one cycle and is stateless.
So I made a Attribute that you decorate the controller ActionResult with. It runs run before the ActionResult is fired, and passes everything downstream. Basically it's session free so you don't have to worry about restarts or what server you hit. I do remember this being a little buggy, in terms of having to erase the cookie a couple of times when exiting debug and starting again, but I think I fixed it.
[AdminCheck]
public IActionResult SomeEditor()
The AdminCheck reads the cookie with special data in it, and if the user authenticates, it creates a new HttpContext.User using a GenericIdentity and GenericPrincipal
I wrote this for .Net Core
[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class AdminCheckAttribute : ActionFilterAttribute, IActionFilter
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var controller = filterContext.Controller as Controller;
var httpContext = controller.HttpContext;
Model_Admin_Login pResult = SecurityCookies.CookieRead_Admin_Login(httpContext);
if (pResult.AccountName != null)
{<br />
Model_Admin_Login model = new Model_Admin_Login();
bool result = EF_Website_Users.AdminCheck_AccountName(pResult.AccountName, ref model);
if (true == result)
{
String[] newRoles = { "Administrator" };
GenericIdentity newIdentity = new GenericIdentity(pResult.AccountName);
GenericPrincipal newPrincipal = new GenericPrincipal(newIdentity, newRoles);
httpContext.User = newPrincipal;
System.Threading.Thread.CurrentPrincipal = httpContext.User;
controller.ViewData["Admin_Menu"] = true;
controller.ViewData["Admin_UserID"] = model.ID;
controller.ViewData["Admin_UserName"] = pResult.AccountName.ToLower();
controller.ViewData["Admin_ImageUrl"] = model.Avatar.Url;
controller.ViewData["Admin_ImageAlt"] = model.Avatar.Alt;
controller.ViewData["Admin_Base64"] = model.Avatar.Data != null ? Convert.ToBase64String(model.Avatar.Data, 0, model.Avatar.Data.Length) : null;
}
else
{
controller.ViewData["Admin_Menu"] = false;
}<br />
}
else
{
controller.ViewData["Admin_Menu"] = false;<br />
}
base.OnActionExecuting(filterContext);
}
}
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Thanks for your reply Jim. I will look into the example you provided.
When you said "It has a lifespan of one cycle and is stateless.", you mean that it won't survive a IIS/Server reboot? As long as it keeps track of sessions (which I'm pretty sure it does), we are OK with it.
Thanks you
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
