.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How secure is Request.IsLocal?

Posted By:      Posted Date: September 16, 2010    Points: 0   Category :ASP.Net
My web app exposes a web service so that it can be run from Windows Scheduler (via a console app) on the web server. I planned to have the console app pass a password to prevent external users from running the web service. Can I just have the web service check Request.IsLocal instead? Since the app may end up in a third part web hosting environment, would other web applications on the same server be able to call the web service and have IsLocal be true for them, allowing them access? Thanks in advance.

View Complete Post

More Related Resource Links

"The request was aborted: Could not create SSL/TLS secure channel." when calling third party web ser


I have a webservice that calls a third party web service over https. It used to work properly but now it's giving me problems in my dev and test environments. I don't want to attach the client certificate manually as the web service on production is running without any trouble. For the dev/testing I'm using the following code to work around the validation:


ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateCertificate);


public bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
      return true;



I also discovered that this might be because of an old microsoft security patch http://support.microsoft.com/kb/980436.

I have tested this service on machines with and without this patch and the result is the same error.

{System.Net.WebException: The request was aborted: Could not create SSL/TLS secu



Dear gentlemen and ladies of the Microsoft Dynamic Data Team,

Mr. Steve Naughton says (and I hope so) that there might be chances that you read the posts published in this forum: I really hope so.

If that were the case then I am formally requesting to you in providing a "real answer" to my question:

I want to customize a dynamic data page (the details one) so I can have access to the data it has been already gathered from the end user UI (details.aspx) and use it to pass this same data to the following controls/pages that I am going to display next time to the end user.

For instance:

I have a screen with different types of data in it: texts, numbers, dates, check boxes, radio buttons and dropdownlists that has been filled with data by the end user. I want now to reset all fields exept the dropdownlist of which I'd like to keep the previously chosen values(the very same thing you do between dropdownlist of List.aspx ad Details.aspx). Even with FoxPro I could do that because data and controls were available there. It was as simple as setting carrying on to true.


I have found my

view state vs request parameters


If  the view state is the data entered into the form fields then they are supposed to be available in the request parameters or request body. Then why would we need view state for?


Unique ID throughout entire request



I am hoping somene here could advise me on a better solution to my present problem.  First a little background information on the application. 

I have a web application using the 3.5 framework.  The structure of this application is as follows: UI -> WebService   -> Business Layer -> DataAccess Layer.   What I want to accomplish is for every request (click on a link or button) have a unique identifer that follows this request through its entire lifecycle.  This unique identifer can be accessible anywhere within this request.  We use Response.Redirects which could easily be changed to Server.Transfers (although I do not want to do that) but  the problem lies with the web service calls.  Currently, a GUID is set in the ApplicationRequest.  This GUID checks for a guid value in the RawURL and if so, assigns this value to a HttpContext Item.  If not, HttpContext.Items gets a new one created.  However, this idea is wrong and will need to be revisisted.  The bigger problem is with the web service calls.  Without changing every web service method signature, and every call for that matter, is there a way of getting this GUID there.  I created a web method in every web service so that each time I instantiate a web service object in the UI, before calling any

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

IIS request filtering module


Hi folks,

I have migrated my web application to iis 7.5 Now I am using windows 7 as dev machine.

the problem is it takes several seconds to download a single page into web browser now. It contains only 300 records.

Everything is ok on prod website though. Prod version contains up to 200000 records .I can't also use code profile tool of red gate to analyze possible bottlenecks since the software in question can't restart IIS. No errors in IIS logs. I am using ISAPI Rewrite 3 filter by Helicon to apply some URL rewriting rules. I am thinking about conflict between ISAPI rewriting rules and default IIS 7.5 request filtering rules, since the IIS request filtering module gets a higher priority than even the built-in IIS 7.5 rewriter module. Is it possible to tweak the module through web.config so that priority is given to ISAPI rewriting rules or something like that?

Frankly, I spent several days to figure out solution. No success...

I've also deployed the application on IIS 5.1. Everything works fine. Any ideas about possible solution for IIS 7.5?

How to implement custom HttpContext for each request under class that implements IHTTPHandler


Hello All,

I created an application and implemented IHTTPHandler for all incoming request ending with ".aspx" extension.

Under "ProcessRequest" module, I am creating an instance of HttpContext (with URL attributes different from my application's URL i.e. if I am working on localhost then speciying Yahoo.com as its URL) and assigning it to "context" which comes as method argument.

After redirection, an error is generated. Also, the custom HTTPContext is not passed to the requested page (default.aspx, in my case.)

Code is as follows.

    Public Sub ProcessRequest(ByVal context As System.Web.HttpContext) Implements System.Web.IHttpHandler.ProcessRequest
            Dim requestedUrl As String
            Dim targetUrl As String
            Dim urlLength As Integer
            'Save settings which will be used while redirecting to appropriate page
            requestedUrl = context.Request.RawUrl
            If requestedUrl.IndexOf("?") >= 0 Then
                targetUrl = requestedUrl.Substring(0, requestedUrl.IndexOf("?"))
                targetUrl = requestedUrl
            End If
            If targetUrl = Nothing Or targetUrl.Length = 0 Then
                targetUrl = requestedUrl
            End If

Test Run: Web Application HTTP Request-Response Test Automation with JavaScript


Write a simple browser-based request-response test automation using JavaScript that's platform independent and useful when you are working in a highly dynamic environment.

James McCaffrey

MSDN Magazine January 2010

Test Run: Request-Response Testing With F#


This month we show you how to use F# to perform HTTP request-response testing for ASP.NET Web applications.

James McCaffrey

MSDN Magazine July 2009

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Test Run: Request/Response Testing with Windows PowerShell


Did you know you can use Windows PowerShell to perform lightweight request/response testing for an ASP.NET Web app? Here's how.

Dr. James McCaffrey

MSDN Magazine May 2008

Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software


Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software.

Michael Howard

MSDN Magazine November 2007

Identity: Secure Your ASP.NET Apps And WCF Services With Windows CardSpace


Windows CardSpace replaces traditional authentication with a more consistent and streamlined login process and improves trust between end-users, applications and services. Michèle Leroux Bustamante explains.

Michele Leroux Bustamante

MSDN Magazine April 2007

Secure Habits: 8 Simple Rules For Developing More Secure Code


Never trust data, model threats against your code, and other good advice from a security expert.

Michael Howard

MSDN Magazine November 2006

Secure By Design: Your Field Guide To Designing Security Into Networking Protocols


If you were to build a new communications protocol from scratch, how would you address security? Here the authors take a look at that question and generate some valuable insights into secure protocols.

Mark Novak and Andrew Roths

MSDN Magazine September 2006

Are You Protected?: Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0


Ensuring the security of a Web application is critical and requires careful planning throughout the design, development, deployment, and operation phases. It is not something that can be slapped onto an existing application. In this article, Mike Volodarsky outlines best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications.

Mike Volodarsky

MSDN Magazine November 2005

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend