|
i got a application developed with asp.net core mvc where token is always passed with url. it seems if we pass token with each url then it is not secure way. so any time any other user can get url and appear before server as right user.
our token life is 24 hours.
sample url looks like http://localhost:48000/ACX/Default/Login?token=8kzRLdW8lQVIS0MrtlqdZJbmz9p22l33u1wspGOmLgCgEy2MG5XZ0JG1ovVZGiNX7KpAfBVn3[^]
This code is generating the token which would valid up to 24 hours:
public IActionResult Login([FromBody]LoginModel user)
{
if (user == null)
{
return BadRequest("Invalid request");
}
if (user.UserName == "johncitizen" && user.Password == "abc@123")
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("KeyForSignInSecret@1234"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokeOptions = new JwtSecurityToken(
issuer: "http://localhost:2000",
audience: "http://localhost:2000",
claims: new List<Claim>(),
expires: DateTime.Now.AddMinutes(1440),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);
return Ok(new { Token = tokenString });
}
else
{
return Unauthorized();
}
}
What can we do as a result token would be secure passing through URL? I want to change flow bit in such a way that if another user copy and paste the same URL, then he will not be able to access protected resource. So how to achieve and secure long life token?
Please guide me with approach in details. Thanks
|
|
|
|
|
|
|
This is driving me mad!!!
My hobby project a net core 6 Web app was running perfectly until yesterday - I'm now getting this error message whenever I try and return a view. I've obviously done something but I can't for the life of me think what. I can't catch the error either it just bombs and shows this error in the browser - any ideas ? The app runs as a daemon on a Debian box.
MissingMethodException: Method not found: Microsoft.AspNetCore.Razor.Language.RazorConfiguration Microsoft.AspNetCore.Razor.Language.RazorConfiguration.Create(Microsoft.AspNetCore.Razor.Language.RazorLanguageVersion, System.String, System.Collections.Generic.IEnumerable`1<Microsoft.AspNetCore.Razor.Language.RazorExtension>)
Microsoft.AspNetCore.Mvc.Razor.Extensions.RazorPageDocumentClassifierPass..cctor()
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
|
Thanks Richard I updated the nuget packages and the problem disappeared - NuGet does bite me every now and then.
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
Hi everyone,
I'm building my personal web site using ASP.Net and recently noticed something curious.
When publishing my project, it doesn't seem to matter if I use:
dotnet publish -c Release -o out or
dotnet publish -c Debug -o out Both commands will output (as far as I can tell) exactly the same binary. However shouldn't the release output be smaller/optimized?
Unfortunately I can't find much documentation regarding this config flag and as far as I can tell, the dotnet command is just passing it along to MSBuild which then select the proper configuration (profile?).
Does anyone know if it's supposed to work like that or am I doing something dumb?
PS: My csproj has nothing special in it as far as I can tell:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="BuildBundlerMinifier" Version="3.2.449" />
<PackageReference Include="Markdig" Version="0.30.2" />
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.7" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.7" />
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.7">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="6.0.0" />
<PackageReference Include="Microsoft.FeatureManagement.AspNetCore" Version="2.5.1" />
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.7" />
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="6.0.5" />
<PackageReference Include="Serilog" Version="2.11.0" />
<PackageReference Include="Serilog.AspNetCore" Version="6.0.1" />
<PackageReference Include="Serilog.Sinks.Console" Version="4.0.1" />
<PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
</ItemGroup>
</Project>
|
|
|
|
|
The output is MSIL, not machine code native to your CPU. That doesn't get generated until the code is loaded and running, call JIT Compiling. The code can be optimized for the CPU being used. Whether or not there are optimizations depends on how you've written your code and the CPU you run it on.
Debug builds do not run with optimizations, but contain more debugging information that may not be in the final executables.
|
|
|
|
|
Thanks but in that case I don't understand what is the purpose of the --configuration flag?
I understand that JIT will optimize things at runtime but I was expecting the --configuration to, at least, do some sort of (even if small) optimization when compiling (a la gcc compiling C code for example) to MSIL.
Many tutorials (especially Microsoft) almost always add that flag when publishing so it must do something but I can't understand what exactly.
Quote: Debug builds do not run with optimizations, but contain more debugging information that may not be in the final executables.
Yes this is exactly what I find confusing because my debug build doesn't have (as far as I can tell) any extra debugging information. It seems to be exactly the same as the release build (using -c Release)
|
|
|
|
|
You're also assuming that your code has stuff to optimize.
|
|
|
|
|
That's actually a very good point now that you mentioned it.
I didn't consider that and assumed that an ASP.Net app would be large enough to see some optimizations but I guess the libraries used are already optimized and my code doesn't have much stuff to optimize.
|
|
|
|
|
Does anyone know of a good reference, learning book that targets vb.net and .Net Core 6? Most of the books I see are for C# and .Net core 6
|
|
|
|
|
|
It's time to lose the training wheels and convert yourself to C#. All of the same power, and more, without the verbosity.
Embrace the curly brace!
|
|
|
|
|
I belive internet is the best source.
|
|
|
|
|
I have this SQL Statement "SELECT vYear, EmpCode, VacType, DocNum, DocDate, DepCode, SecCode, vName, vStart, vEnd, vDays, LType, CUsrName, CDate, MUsrName, MDate, Result, Reson, EmpCode_Act, MngID
FROM NetVac
WHERE ('12/07/2022' BETWEEN vStart AND vEnd) AND (vYear = 2022) AND (EmpCode = 5229) AND (VacType <> 10) AND (VacType <> 15) AND (VacType <> 16) AND (VacType <> 17) AND (VacType <> 18) AND (VacType <> 19) AND
(VacType <> 20) AND (VacType <> 21) AND (VacType <> 23) AND (VacType <> 24) AND (Result <> 1) OR
(vYear = 2022) AND (EmpCode = 5229) AND (VacType <> 10) AND (VacType <> 15) AND (VacType <> 16) AND (VacType <> 17) AND (VacType <> 18) AND (VacType <> 19) AND (VacType <> 20) AND (VacType <> 21) AND
(VacType <> 23) AND (VacType <> 24) AND (Result <> 1) AND (CONVERT(DATETIME, '2022-07-13 00:00:00', 102) BETWEEN vStart AND vEnd)" and it work fine, i would like to do the same with EF but not using ADO or >,<
Can anybody help me
|
|
|
|
|
If you are using Entity Framework and you want to use BETWEEN, the standard way is to use => and<=.
|
|
|
|
|
I'd start by looking at what your SQL is trying to do and simplify it. From what I can see, your WHERE clause can be reduced to
vYear = 2022
AND EmpCode = 5229
AND NOT VacType IN (10, 15, 16, 17, 18, 19, 20, 21, 23, 24)
AND Result <> 1
AND ('12/07/2022' BETWEEN vStart AND vEnd
OR CONVERT(DATETIME, '2022-07-13 00:00:00', 102) BETWEEN vStart AND vEnd
)
I do not understand what the date ranges are for and why there are two different ways of representing dates unless your data has two sets of texts neither as real dates, in which case the comparisons are meaningless.
|
|
|
|
|
I would like to display numbers from a loop from 0 - 100 for multiples of 3 to display the number for multiples of 5 to display the number for multiples of 3 and 5 to display the number
|
|
|
|
|
|
Using asp.net I would like to display numbers from 1 to 100 for multiples of 3 display fizz for multiples of 5 display buzz for multiples of 3 and 5 display fizz buzz
|
|
|
|
|
|
Now that you're reposting the exact same non-question again, I take it you're going to fail the assignment now?
|
|
|
|
|
Hi,
I'm trying to make a document comparison viewer for web browser that feels as same as Microsoft word's 'Track Changes' and 'Compare' (options available in Review Tab).
I am already using Aspose.Words to convert every file type to docx and compare two files which gives me a redline copy merged into one single document. What i want to get is the resulting document(s) in a **side by side comparison** on UI. Also i want to give the ability to do the basic:
1. Get a summary of changes made and able to navigate as to where to changes are made in the document.(Scroll to the position of change in the document, just like Review Pane in MS word)
2. Accept and Reject those changes and download the revised document.
3. Able to compare text as well as non text related changes.
I've looked for many 3rd party tools but always end up in a limitation surrounding them, to list a few
1. GroupDocs.Comparison - Gives navigation and auto scroll but in a
merged document not in side by side view. Also, does not gives a document but a set of images.
2. Draftable - Compares only text and style, no image/tagged file
objection insertion or deletion. No option to accept or reject
changes
3. ipdf-net - No option to accept or reject changes.
4. PrizmDocs Document Compare API - No navigation to where the change is made in the document. Also no side by side comparison.
5. Litera Compare: No side by side comparison.
Where i could such 3rd party SDK that would help me achieve my objective or is there any was i could overcome the limitations i am getting from the tolls I've looked at ? The main concern is to have a navigation/mapping of change made to its position in the document and ability accept or reject those changes.
|
|
|
|
|
Don't post the same questions in multiple forums. Once is enough.
|
|
|
|