asp classic - ASP Login page for ASP.NET Application -

-

In my workplace, we have several classic ASP and ASP.NET applications.

Although all these applications are integrated through a single sign mode, doing separate tasks, which are controlled by a main application.

The main application is in classic ASP and verifies user ID and password initially and then stores the user ID in the session variable, which is then validated by all other ASP and ASP.Net pages. Used as a user. (For Dot Net pages we use session bridging)

Is this a classic ASP certified? (I do not know the classic ASP)

Since that time I was introduced for this setup, I need to worry that this setup is innocent. Is there a better way to do this?

Is it possible to get certified for both classic ASP and DOT net in the same login page?

What have I always done about my classic ASP applications that you have described when the user logs in Then their credentials are authenticated and then user ID and other relevant information is stored in the session cookie.

The potential flaw in this approach is that in theory, users can change their session cookies locally, so when they request for your application, they are another user who is a security risk. The way I usually find it around, when I store the user's information in the session cookie, I generate an authentication code based on this information and some hidden information (in particular I am SRA 256 I make a string of information and makes a hash).

Then you can check the authentication code regularly to see if it matches the expected code for that user, the cookie must be changed in any way, the authentication code is expected. The code will not match the code and the user will be booting

The main issue in doing something like this is that both the ASP and ASP.NET are getting the implementation of the hashing algorithm which is given Returns the same head value for the output string - or to make sure that you convert it appropriately. / P>

Personally I have used free SHA256 implementation of freeze for Classic ASP, which gives the result as 64 case hex less case string while I system for ASP.Net. Security Cryptography is used. As a result of AME but the upper case (there are some things in it - see the examples given below) so you just have a simple case conversion call.

The function SHA256 (in the form of a biline input string) byteInput () as a byte dim bytHash () as the byte dim objBuilder New StringBuilder Dim objCrypto as new SHA256 managed interior IITINT = encoding ASCII.GetBytes (Input) objCrypto = New SHA256 Managed () bytHash = objCrypto.ComputeHash (bytInput) for intI = 0 UBound (bytHash) objBuilder.Append (hex (byHHash (intI)) Return to next Objbuilder.ToString () End Function

Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more