Category Archives: Website Dev

A potentially dangerous Request.Form value was detected from the client

Have you ever experience the following error in ASP .NET?

A potentially dangerous Request.Form value was detected from the client 

Then you are one like me. Then you should now that one of the values of your elements (<inputs> or <button> or <textarea>) has html elements on it. Example is bellow:

<input type=’text’ name=’content’ value='<script language=”javascript”>alert(“Hello World!”);</script>’/>

Then you should also know that this error is persisting because the values given above might be an XSS attack. If you are sure that you want to accept this type of values on your dabatase you may explicitly remove this validation by adding this tag to your page’s masterpage or 1st line of tag.

validateRequest=”false”

If you are on ASP .NET MVC you can add this to your model, assuming that your model has the content variable.

[AllowHtml]
public string content = String.Empty;

Thanks hope it help you allot. Also if you are not familiar with XSS attacks, I will try to make an article for that so you can create your own script that is hack-able, be able to prevent it, and know what are it’s crons.

God Bless!

jStorage:An alternative for Cookies

Have you ever wondered if there is an alternative for Cookies? 

You should, because there are limitation and downsides in using Cookies on your website that massively use this feature.

  1. Cookies has limited size on most browsers
  2. Cookies is transfer to server every page load
  3. If you overload the size of the Cookies it will also eat up the space of session and might remove it

Introducing jStorage, a jQuery way of saving your data to the local client and I quote

jStorage is a cross-browser key-value store database to store data locally in the browser – jStorage supports all major browsers, both in desktop (yes – even Internet Explorer 6) and in mobile.

Yes it even support IE 6!

So how to use it in an easy way?

  1. Include the following references to your project
    1. <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.0/jquery.min.js"></script>
      <script src="https://raw.github.com/andris9/jStorage/master/jstorage.js"></script>
  2. Use $.jStorage.set(key, value) to save a value 
  3. Use $.jStorage.get(key, “default value”) to get a value

And thats it you are now using jStorage. 

Reference : http://www.jstorage.info/

WCF in Different Domain or Server

Hi There,

Its bean a while since I have updated my blog so I will be posting one of the things that I have experience on my work. That is WCF in Different Domain or Server. One of the main error that you may experience is the same as bellow:

Server Error in ‘/’ Application.


The request for security token could not be satisfied because authentication failed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

Source Error:

Line 87:         
Line 88:         public bool IsExisting(string domain, string username) {
Line 89: return base.Channel.IsExisting(domain, username); Line 90:         }
Line 91:         


Source File: D:\Projects\MobileWeb\MobileWeb\Service References\SykesAD\Reference.cs Line: 89

Stack Trace:

[FaultException: The request for security token could not be satisfied because authentication failed.]
   System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) +8904771
   System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) +203

[SecurityNegotiationException: The caller was not authenticated by the service.]
   System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +4729651
   System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +1725

 

This message or exeception happens in production (published files has been uploaded to IIS) and not when you are currently developing it on your Visual Studio. So what is the solution? Here is the simple solution that made me a little crazy upon gazing unto it.

//Let say here is your Instantiation of your WCF
ClassADClient ad = new ClassADClient();
//Then the solution is to add a credential that the system will use on using the said WCF
//Such as like this
ad.ClientCredentials.Windows.ClientCredential = new NetworkCredential(“domain\\username”, “password”);

That’s it thats the solution and you can now use the said service without the said error.

Hope I help you! 

 

Thanks,
Thomie Jose San Agustin, MCP 

IIS Missing ASP .Net 4.0 Pool

Have you’ve been missing some pool in your IIS for your ASP .Net?

The this article entitle IIS Missing ASP .Net 4.0 Pool will help you.

Chances are, you need to install .NET 4 (Which will also take care of a new AppPool for you)

  1. Open your command prompt (Windows + R) and type cmd and press ENTER
    You may need to start this as an administrator if you have UAC enabled.
    To do so, locate the exe (usually you can start typing with Start Menu open), right click and select “Run as Administrator”
  2. Type cd C:\Windows\Microsoft.NET\Framework\v4.0.30319\ and press ENTER.
  3. Type aspnet_regiis.exe -ir and press ENTER again.
    • at this point you will see it begin working on installing .NET’s framework in to IIS for you
  4. Close the DOS prompt, re-open your start menu and right click Computer and select Manage
  5. Expand the left-hand side (Services and Applications) and select Internet Information Services
    • You’ll now have a new applet within the content window exclusively for IIS.
  6. Expand out your computer and locate the Application Pools node, and select it. (You should now see ASP.NET v4.0 listed)
  7. Expand out your Sites node and locate the site you want to modify (select it)
  8. To the right you’ll notice Basic Settings… just below the Edit Site text. Click this, and a new window should appear
  9. Select the .NET 4 AppPool using the Select… button and click ok.
  10. Restart the site, and you should be good-to-go.

(You can repeat steps 7-on for every site you want to apply .NET 4 on as well)

That’s it!

Thanks,
Thomie

Remove a Website From Google

Have you ever wondered how to remove a website from Google? Or may be its your website that you don’t want anyone to see on Google when other people search about you. Then You are reading the right article. It just simple as 1-2-3.

Here its how it is done

  1. Go to this website.
  2. Choose either from the two selection if its your website or not and follow the steps
  3. Put the link to your desired page and wait for an approval

That’s it all other things will be taken care by Google. Hope it help you.

Thanks,
Thomie Jose San Agustin

Tip on Website Structure

Greetings!

Just a few days ago I have encountered a Website Structure that made me really sad. Upon opening the folder I was shocked how was the file structure was handled. I think I can share how you should do the structuring of your files if your going to create a website with any programming language out of scratch.

  1. First group your files accordingly
    • You put all your javascript files inside a folder, let say js,  in which all javascript files are there and no where else. Inside it you can again group it accrdingly to what javascript its all about. If your using jquery put it under a js/jquery folder, if your using tinymce put it on js/tinymce, and so on.
    • The same thing goes to css and other files. Group them so you can easily find them
  2. Second, Use consistent file type
               If your going to use PNG use png in all cases. If your not using transparent images then use JPG.
  3. Lastly, Use naming conventions that you can easily remember

These aren’t all that you can do. But I can say that this can help in improving the readability of your website when you are giving over the development or getting help from another developer. Next time I will be giving some tips on coding on PHP.

Thanks,
Thomie Jose