if you can use a captcha too..

report server side check for the objects in page load event..for eg: c# lo aithe

          if ((Session["validLogin"]) == null)

            {

                Response.Redirect("default.aspx", false);

                return;

            }

logout session cleared...

 

2nd point ni ela achieve cheyalo koncham clarity please.

 

i am not a report dev

 

see issue here as i understand: when user generate report, this report link is stored in browser history. when third person want to use this link, then it should go back to report database and authenticate the credentials. talk with dba guy and report developer. they will solve this in minutes.

 

report server side check for the objects..for eg: c# lo aithe

          if ((Session["validLogin"]) == null)

            {

                Response.Redirect("default.aspx", false);

                return;

            }

 

I have this code...but when they hit the url say localhost/../report.csv idi browser lo undi anuko..or hacker guess chesadu anuko..it is directly opening the file..its not even hitting the .net part..directly location lonchi report picking.

aa history ante?

 

I'm not sure what is the problem but here's the thing, the service method that will get the report data should have a security check. Just a simple example, lets say you have a service method that bank account number and gives total amount. Now, in this service method you should have some authentication to validate the user...here in this case CheckAuthentication ani method pettu which should validate whether the user is genuineor not....already ne application lo some security object lo value untundi kabati...aa checkauth method lo check if it sohuld be allowed adhi false return chestey dobey antadi...UnauthorizedAccessException .net lo untadi adi use chesi festival chesko

example

[TotalService]

public aa Ding(int accnuner)

{

CheckAuthentication();

return gettotal(accnuner)

}

 

Brothers,

 

Oka report URL undi ma system lo..where some user is logged in and browse that url to view/download report. Then he will log out. Tarvatha evadina ochi aa history lo chusi click cheste report open aipotundi..so ikada user is not logged in..also random ga hackers ila guess kotti url tho system ni attack cheyochu ..i am trying to fix this issue. Any suggestions??

 

Thanks

 

idi choodu...may help

http://stackoverflow.com/questions/3814128/activate-form-authentication-for-csv-files-in-iis7

vachindhaa, raledhaa? raledhu antee IIS(inetmgr) lo report folder ki authentication ananymous enabled vuntundhi dhanni disable cheyyi.

vachindhaa, raledhaa? raledhu antee IIS(inetmgr) lo report folder ki authentication ananymous enabled vuntundhi dhanni disable cheyyi.

authentication through application ichanu baa

Page_load lo
response.cache.setcacheability(httpcacheablitiy.nocache);

Ravi history lo nundi open cheste malli credentials aduguta di logout chesaka.... Enjoy

Page_load lo response .cache.setcacheability(httpcacheablitiy.nocache); rayi....

that's different he as seperate URL for report so we need to disable anonymous authentication for that URL only 

Dude web.config lo control cheyyi using the below 

 

<location path="PageName">

    <system.web>

      <authorization>

        <allow users="*"/>

      </authorization>

    </system.web>

  </location>