bri189a

Has anyone seen anything out there that 'validates' a query string - i.e. ensures that the user hasn't altered the contents of the QueryString - for example on this page: http://www.xtremedotnettalk.com/newthread.php?do=newthread&f=62 I could change the f=62 to f=54 to enter a new thread on the Windows forum. Now let me say before anyone tries to correct me, that I know there are other ways around the situation - I've just found a caveat in those other ways that can be worked around, but implementing my idea would be easier - IMO; it's clever, but clever isn't always good. I'm just trying to find out if someone has already done this and I'm wasting my time....what if I digitally signed the query string? In otherwords use a keyed hash algorithm, passing that hash value in the query string to make sure the other values in the query string weren't tampered with? I've already designed it out and I think it will be pretty cool, but as any good coder knows, just because it's cool doesn't mean it's useful. :) Would other people find this valuable if no one else has ever done it?

You're preaching to the choir brother.

VB.NOT - tell us how your really feel. Hey, at least your not stuck doing it for a living...go to work do VB.NET, come home do C#.NET - both have become so interchangable to me now I forget about some of the stupidity in the name conventions, but, if you know what you're doing in C# and understand OOP, VB.NOT holds up just fine... just don't do anything to advanced and try not to let VB let you get too lazy and you'll be fine: Always Option Strict On and always remove the VisualBasic reference...then you can port to C# seemlessly...and some day I will convert that shop to C#!!!!

Well of course in plain .NET you can get...the easiest way is through the Management namespace... but you can't get it through ASP.NET.

You can't. You would have to have access to the client machine and web applications don't run on a clients machine and therefore can't retrieve the information, or any kind of information such as that.

Now I know there is no such thing as good free software, but there are some nice ones out there I'm sure...or at least hope... has anyone got any links?

Truthfully on the 'login' page itself I wouldn't have a duplicate place to log on...maybe in France that's typical, but in America it's not really seen...least by me and I'm on the internet a lot. If you were to have it on both page I would use a user control that has the user name, password and submit button, it would then pass that to the security manager or whatever you use for validation. As for validation, that would be rather complicated with the built in validators because you have the same control twice on a page, I'd have to do some thinking on that...but honestly why are there two logins on the same page? That's what's confusing me. Notice this page, Hotmail, Yahoo, etc... all only have one place to login.

Cool. Thanks.

I can't think of any good reason to have two forms. Why do you need two forms? That may illicit more responses.

I have no familiarity with table hints, and what I don't quite get is...you're saying that specifyng an index like that pulls it in sorted already, okay, understand that - what kind of performance implications does this have when you dynamically add it and have it in a stored procedure, or is it better to have before hand if you know you're going to do it a lot. Do you have to 'drop' the index afterwards - if you do such a thing? What are some other caveats? Is this a pretty standard ANSI SQL thing, or an SQL server thing only? Good thing to know about, thanks, and thanks again for any further info you have.

It's kind of vague what you're trying to do but... You could make the link a LinkButton instead of a html anchor (it will display the same), and then on your post back if the login fails do nothing, but if it's successful hide the button by setting it's visiblility to false...but then most login pages go to a differant screen after successful login attempts so I don't know why you would stay on the same page. If your trying to hide the button so they can't click it more than once you can add the following the button's on load event: if(btnOk.Attributes("onclick")==null) { btnOk.Attribute("onclick") = "javascript:hideMe();" } And then do the same code as I mentioned above to hide the button if necessary. Also you should use <span style="color: #0D4985;">Click</span><a href="javascript:hideMe():"> instead of the font tag...it's deprecated I believe.

Why would it be coming back as a string if the database column is an int? That's the part I don't understand...if I have an int column in a database I return the data as an int whether it be to a DataReader, or populating a dataset, and using a dataset I have the column set up to be an int...so it really doesn't make since that if you've designed the table, the stored procedure, or in line SQL, set up the params to be of type int then how you are they getting to be strings...that's what I would wonder about. Maybe I'm missing your point, and if I am I appologize.

I think you were asking how you would determine and compare the type of an unknown object to make sure it was an integer???? I would: if(PersonID().GetType()==typeof(int)) { //code } else { //throw some sort of error. } //A quick console program demonstrates: static void Main(string[] args) { object o = 5; if(o.GetType()==typeof(int)) Console.Write("Is Integer"); else Console.Write("Is not integer"); Console.Read(); }

I agree with that...totally. Just trying to see if it's possible to short cut writing another stored procedure (in-line SQL not an option). Didn't figure there was...more of a curiousity question than anything. Thanks.

I have that book and I can second his recommendation. :)

Maybe the file is open by another process? And I don't see anywhere that you close your XmlTextReader object, and you should be closing that your your other object that you're closing in a finally block too (along with any Dispose methods), that way it's not left open by the ASP.NET worker process if there is an error. If you've checked the permissions on the C:\Temp folder, and you are impersonating, and you've addressed the things I've mentioned as not being an issue, then there is something else happening. Wish I could be of more help. Oh and what is this line about...it does nothing: loc.Replace(@"\",@"\\"); Now if you had loc = loc.Replace(@"\", @"\\"); that would do something.

3. CType is slow, if you know what it's going to be use DirectCast. As a matter of practice you should check to make sure the control is found too. IMO

That is pretty cool...the source is all put together so I didn't take to much time to decipher but it looks like they just got a lot of javascript in there and some well placed gif's or png's...very cool though...kudo's to them for think outside of the box.

You didn't mention it so.... And you have windows authentication in the web.config file?

Has anyone seen a good way to do the equivelant of a GROUP BY using a DataSet or DataView? Just curious because if I didn't have to go back to the database to get the same information, only grouped, it would save me a step. On that note, an equivelant to SELECT DISTINCT would be cool tool. Thanks.

It's been so long since I've done a windows project... Got a custom control I'm making, it's size can only be in increments of 128...I have the math worked out...the problem is I can't remember the property or the technique to use to make sure the Resizing is completed before applying the math. The OnResize and OnSizeChanged overrides/events seem to happen constantly throughout the user resizing, the OnLayout override/event seems to fall in that category to. I know a spagetti way to do it would be to watch the mouse and keyboard events, but I think there is probably something more natural that is built in like OnResizeComplete or something like that. Also...again, been so long, where is the UITypeEditor for my designer for file browsing to tie to a property I have that is suppose to specify a path? Thanks!

The code is above, all you should need according to MSDN is what is above. If you've done it another way, let me see how you code it and maybe I'll see what I'm missing. Thanks.

"~" will do it. Response.Redirect("~/One/Two/Three.aspx") This will take you to that page whether you are in the one folder, two folder, root folder, some other folder 18 levels deep, etc.