Osama Bin Gandhi Posted December 23, 2013 Report Posted December 23, 2013 if you can use a captcha too..
Osama Bin Gandhi Posted December 23, 2013 Report Posted December 23, 2013 report server side check for the objects in page load event..for eg: c# lo aithe if ((Session["validLogin"]) == null) { Response.Redirect("default.aspx", false); return; } logout session cleared... 2nd point ni ela achieve cheyalo koncham clarity please.
mukunda1 Posted December 23, 2013 Report Posted December 23, 2013 i am not a report dev see issue here as i understand: when user generate report, this report link is stored in browser history. when third person want to use this link, then it should go back to report database and authenticate the credentials. talk with dba guy and report developer. they will solve this in minutes.
Yuvatha Posted December 23, 2013 Author Report Posted December 23, 2013 report server side check for the objects..for eg: c# lo aithe if ((Session["validLogin"]) == null) { Response.Redirect("default.aspx", false); return; } I have this code...but when they hit the url say localhost/../report.csv idi browser lo undi anuko..or hacker guess chesadu anuko..it is directly opening the file..its not even hitting the .net part..directly location lonchi report picking.
ChampakDas Posted December 23, 2013 Report Posted December 23, 2013 aa history ante? I'm not sure what is the problem but here's the thing, the service method that will get the report data should have a security check. Just a simple example, lets say you have a service method that bank account number and gives total amount. Now, in this service method you should have some authentication to validate the user...here in this case CheckAuthentication ani method pettu which should validate whether the user is genuineor not....already ne application lo some security object lo value untundi kabati...aa checkauth method lo check if it sohuld be allowed adhi false return chestey dobey antadi...UnauthorizedAccessException .net lo untadi adi use chesi festival chesko example [TotalService] public aa Ding(int accnuner) { CheckAuthentication(); return gettotal(accnuner) } Brothers, Oka report URL undi ma system lo..where some user is logged in and browse that url to view/download report. Then he will log out. Tarvatha evadina ochi aa history lo chusi click cheste report open aipotundi..so ikada user is not logged in..also random ga hackers ila guess kotti url tho system ni attack cheyochu ..i am trying to fix this issue. Any suggestions?? Thanks
Osama Bin Gandhi Posted December 23, 2013 Report Posted December 23, 2013 idi choodu...may help http://stackoverflow.com/questions/3814128/activate-form-authentication-for-csv-files-in-iis7
karna11 Posted December 23, 2013 Report Posted December 23, 2013 vachindhaa, raledhaa? raledhu antee IIS(inetmgr) lo report folder ki authentication ananymous enabled vuntundhi dhanni disable cheyyi.
Yuvatha Posted December 23, 2013 Author Report Posted December 23, 2013 vachindhaa, raledhaa? raledhu antee IIS(inetmgr) lo report folder ki authentication ananymous enabled vuntundhi dhanni disable cheyyi. authentication through application ichanu baa
mavrick4 Posted December 23, 2013 Report Posted December 23, 2013 Page_load lo response.cache.setcacheability(httpcacheablitiy.nocache); Ravi history lo nundi open cheste malli credentials aduguta di logout chesaka.... Enjoy 1
karna11 Posted December 23, 2013 Report Posted December 23, 2013 Page_load lo response .cache.setcacheability(httpcacheablitiy.nocache); rayi.... that's different he as seperate URL for report so we need to disable anonymous authentication for that URL only
cowboyz Posted December 23, 2013 Report Posted December 23, 2013 Dude web.config lo control cheyyi using the below <location path="PageName"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>
.thumb.jpg.ce42bb16ec102475a78c2087ce269c7d.jpg)
.thumb.gif.343fe49c7e1c507ae0056326bd8cf77e.gif)
Recommended Posts