Breaking News

Editors Picks

Tuesday, March 20, 2012

Validation of viewstate MAC failed.

"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."

Set EnableViewStateMac="false" for Specific page then set on page directory
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Dashboard.aspx.cs" Inherits="_Default"  EnableViewStateMac="false" %>
For all page then this will set on webconfig file
<page EnableViewStateMac="false">
page >

Read more ...

Saturday, March 17, 2012

Detect the browser using ASP.NET and C#


System.Web.HttpBrowserCapabilities browser = Request.Browser;
string btype=   browser.Type.ToString();
Read more ...

GridView must be placed inside a form tag with runat=server

Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server

Here I will explain how to solve the problem Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server during if u want to render
Grid view control in HtmlTextWriter
pnlResults.RenderControl(new HtmlTextWriter(new System.IO.StringWriter(sb)));

Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server

This error occurs whenever I am trying to export gridview data to excel or word or csv because compiler thinks that the control is not added to the form.  

To solve this problem I have added one overriding function VerifyRenderingInServerForm event in code behind it solves my problem. 

public override void VerifyRenderingInServerForm(Control control)
{
/* Verifies that the control is rendered */
}
By Setting adding this function in code behind that problem has solved and code runs successfully.

Read more ...

Friday, March 16, 2012

Database Connection String


MySQL Connection String

MySQL ConnectionString using MySQL ODBC Driver

<add name="entaccess" connectionString="Driver={MySQL ODBC 3.51 Driver};SERVER=server_name; DATABASE=DataBase_Name;Port=3306;USER=uid;PASSWORD=pass;Connect Timeout=0; OPTION=3;"/>

MySQL ConnectionString using MySQL.Data.dll

<add name="MySQLConnectionString" connectionString="server=server_name; user id=root; password=pwd; database=databasename; pooling=false;default command timeout=3600;" providerName="MySql.Data.MySqlClient"/>


SQLServer Connection String

SQLServer ConnectionString using sqlserver authentication mode

<add name="SQLConnectionString" connectionString="server= Data Source= server_name;Initial Catalog= DataBase_Name;User Id=myUsername;Password=myPassword; " providerName="System.Data.SqlClient"/>

<add name="SQLConnectionString" connectionString="server= Data Source= server_name; Database = DataBase_Name;User Id=myUsername;Password=myPassword; " providerName="System.Data.SqlClient"/>


SQLServer ConnectionString using Windows authentication mode

<add name="SQLConnectionString" connectionString="server= Data Source= server_name;Initial Catalog= DataBase_Name; Integrated Security=True;" providerName="System.Data.SqlClient"/>

<add name="SQLConnectionString" connectionString="server= Data Source= server_name; Database = DataBase_Name; Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
Attach a database file, located in the data directory
<add name="SQLConnectionString" connectionString=" Server=.\SQLExpress;AttachDbFilename=|DataDirectory|dbfile.mdf; Database=dbname;Trusted_Connection=Yes providerName="System.Data.SqlClient"/>

Oracle Connection String

<add name="ConnectionString" connectionString="Data Source=servername;Persist Security Info=True;User ID= uid;Password= passowrd;Unicode=True;"/>

    <add name="ConnectionString" connectionString="Data Source=servername;Persist Security Info=True;User ID= id;Password= pwd;"/>


Read more ...

Preventing SQL injection attacks using C#.NET


What is a SQL Injection Attack?
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application they are interacting with or some other response mechanism, such as email. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload will not be immediately activated.

Avoiding SQL Injection



protected void Button1_Click(object sender, EventArgs e)
{
  string connect = "MyConnString";
 
string username= Regex.Replace(txtuname.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);

string Pwd = Regex.Replace(txtpwd.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);
 
  string query = "Select Count(*) From Users Where Username = 
  '" +       username + "' And Password = '" + Pwd + "'";
  int result = 0;
  using (var conn = new SqlConnection(connect))
  {
    using (var cmd = new SqlCommand(query, conn))
    {
      conn.Open();
      result = (int)cmd.ExecuteScalar();
    }
  }
  if (result > 0)
  {
    Response.Redirect("home.aspx");
  }
  else
  {
    Literal1.Text = "Invalid credentials";
}

Using this
string username= Regex.Replace(txtuname.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);

string Pwd = Regex.Replace(txtpwd.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);


you will avoid all type of sql injection
Read more ...

A potentially dangerous Request.Form value was detected from the client


The issue was, when user enters unenclosed HTML content into a comment text box s/he got something like the following error message:

"A potentially dangerous Request.Form value was detected from the client".

This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a link Request Validation that is a feature put in place to protect your application cross site scripting attack and followed accordingly.

To disable
request validation, I added the following to the existing "page" directive in that .aspx file.

validateRequest="false" 
Like this

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" validateRequest="false"  %>

But still I got the same error.

Later I found, for .NET 4, we need to add
requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:

<httpRuntime requestValidationMode="2.0"/>

But if there is no
httpRuntime section in the web.config file, then this goes inside the section.

If anyone wants to
turn off request validation for globally user, the following line in the web.config file within section:
 
<pages validateRequest="false" />
Read more ...

Contact Us

Name

Email *

Message *