.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

security question about dynamic data

Posted By:      Posted Date: September 22, 2010    Points: 0   Category :ASP.Net

apologies if this has been answered before.

it seems that the scaffolding that generates the list, edit, details apsx pages uses querystrings to pass the primary key for the relevant record. thus is i have a list.aspx showing me a grid of records, the edit hyperlink will be something like http://../tblTable/edit.aspx?ID=n where n is the key of the record to edit.

however, obviously this is not secure for a multi-user site as someone else with a valid login could potentially see records which they shouldnt simply by trying different "ID=n" values?

is there a way to change this behaviour in a Dynamic Data site or will i have to manually code to ensure a user only see records intended for them?

any help is gratefully appreciated



View Complete Post

More Related Resource Links

Using Sharepoint 2003 - Data Security Question

We need to limit visibility of data in a datasheet to users based on their ID, NOT on who created or loaded the data.  If this is possible, how do we accomplish this?

Dynamic Data Templates in GridView ASP.NET 3.5

At a high level, Dynamic Data Templates can be seen as a system to very quickly build up a User Interface linked with the relevant data model, immediately enabling you to perform CRUD operations (Create, Read, Update, Delete) on the database using the specified data source. They provide a powerful method for building up these kinds of applications, and I'm going to focus on an overview of what Dynamic Data Templates actually are, and a few ways of customizing them to suit industry needs.

ASP.NET 4.0 Dynamic Data and Many to Many Entity Framework Entities

I did not play much with Dynamic Data controls in VS2008 and just made a cool discovery in VS2010 Beta 2. This may not even be new, but as I'm sitting 30,000+ feet over the Atlantic ocean, I don't have access to VS2008 at the moment to check.



Dear gentlemen and ladies of the Microsoft Dynamic Data Team,

Mr. Steve Naughton says (and I hope so) that there might be chances that you read the posts published in this forum: I really hope so.

If that were the case then I am formally requesting to you in providing a "real answer" to my question:

I want to customize a dynamic data page (the details one) so I can have access to the data it has been already gathered from the end user UI (details.aspx) and use it to pass this same data to the following controls/pages that I am going to display next time to the end user.

For instance:

I have a screen with different types of data in it: texts, numbers, dates, check boxes, radio buttons and dropdownlists that has been filled with data by the end user. I want now to reset all fields exept the dropdownlist of which I'd like to keep the previously chosen values(the very same thing you do between dropdownlist of List.aspx ad Details.aspx). Even with FoxPro I could do that because data and controls were available there. It was as simple as setting carrying on to true.


I have found my

Routing in dynamic data applications


Im using ASP.Net 4. I tried to modified the code according to following video tutorial. http://www.asp.net/aspnet-in-net-35-sp1/videos/how-to-enable-table-specific-routing-in-dynamic-data-applications

But Product page directs only to ListDetails.aspx page.

This is my code :

<%@ Application Language="C#" %>
<%@ Import Namespace="System.ComponentModel.DataAnnotations" %>
<%@ Import Namespace="System.Web.Routing" %>
<%@ Import Namespace="System.Web.DynamicData" %>

<script RunAt="server">
    private static MetaModel s_defaultModel = new MetaModel();
    public static MetaModel DefaultModel {
        get {
            return s_defaultModel;

    public static void RegisterRoutes(RouteCollection routes) {

        DefaultModel.RegisterContext(typeof(NorthwindDataContext), new ContextConfiguration() { ScaffoldAllTables = true });


About Dynamic Data in Visual Studio 2010 / .NET 4



Does anybody here have any pointers to screencasts, demos, webcasts for the latest enhancements in Dynamic Data as listed in above link? I'm repeating them here for ready reference :


  • EnableDynamicData method which enables Dynamic Data features in existing ASP.NET applications and DataSource controls
  • A new QueryExtender control, contained in the sample projects to simplify common data filtering operations. It supports a rich ASP.NET declarative query syntax that makes it easy to do things like search data for text or have filters based on ranges
  • A new Dynamic Data filter model that enables the developers to apply templates to pages just like field templates (including user defined filters)
  • New field templates of Email, URL and Enum columns
  • Support for inheritance in Entity Framework and Linq to SQL
  • Support for many to many relationships in Entity Framework
  • New Entity Templates which allow fine control over how an object is displayed and edited
  • DynamicHyperLink control for building links to tables and actions
  • Declarative support for D

How to sell Dynamic Data to the bosses


I have a project which has gone from Excel report to a SharePoint Custom List and now they have tried to make it an application growing legs with additional list hinging off it and no real way to clean up data from one when it deleted from another etc..(unless we add handlers etc which we don't want to do).

It was envisiaged as a simple one page list to generate some reports off of but it more a data driven application they want now.

I am looking into a way after stating this to my boss and am intrested in the quickest most flexible way to achieve this and to sell it to him.

I am more a .net person but also know plsql and most of the team I work with are Oracle specialists.

We currently have at are disposile .net, php and oracle products (portal, plsql, forms and oracle application express.)

We are at a transition stage trying to move away from Oracle Forms and I believe that .net is a better fit that php for production and readability of code.

So I am considering placing Dynamic data on the table for this project as it all data driven with data being inputed and manipulated and then reports being generated (either via code or we could hitch in a reporting tool like mssql or discover.)  The main issue will be the data will be in Oracle so if Dynamic data can handle this then it be perfect as

Dynamic Data, Domain datasource, Poco and lookups


Mr. Edward,

Excuse my question but: it is necessary to involve in our projects something more than just Dynamic Data or should we make use of all other features available in VS2010 (which will make assume taht they had been left out of the Dynamic Data framework) like: wef, poco, azure, wcf, cloud, mvc, silverllight, ajax, odata, agile, workflow, etc.?

Sorry my ignorance, I'm just transcribing names as they come to my mind and of which I don't know anything about


Carlos Porras (El Salvador)

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Cloud Security: Crypto Services and Data Security in Windows Azure


Many early adopters cloud platforms have questions about security. We review some of the cryptography services and providers in Windows Azure along with some security implications for applications in the cloud.

Jonathan Wiggs

MSDN Magazine January 2010

Dynamic WPF: Create Flexible UIs With Flow Documents And Data Binding


Flow documents offer enormous flexibility in arranging text layout and pagination, but they don't support data binding, so you can't dynamically change content. Here we build a component to solve that problem.

Vincent Van Den Berghe

MSDN Magazine April 2009

Basic Instincts: Dynamic Data Entry With XML Literals


Learn how to use Windows Presentation Foundation (WPF), XAML, and the deep XML support in Visual Basic to generate user interfaces dynamically.

Beth Massi

MSDN Magazine October 2008

Data Security: Stop SQL Injection Attacks Before They Stop You


To execute a SQL injection attack, a hacker writes a Web page that captures text in a textbox to be used to execute a query against a database. The hacker enters a malformed SQL statement into the textbox that causes the back-end database to perform operations the owners did not intend it to perform, like making unauthorized updates. This article explains how you can protect against the all too common SQL injection attack in your own database. The steps covered include data validation, proper exception handing, and much more.

Paul Litwin

MSDN Magazine September 2004

Security in IIS 6.0: Innovations in Internet Information Services Let You Tightly Guard Secure Data


Security improvements have been a top priority in the evolution of IIS. IIS 6.0, which will be part of Windows .NET Server, has improved security features and a new approach to server configuration. New security-related tools for IIS, including IIS LockDown, make securing your server against attack easier than ever. The author explains how and why you can shut down services with IIS LockDown. He discusses limiting port access with TCP/IP filtering, controlling how files are served with extension mapping, what's new for Secure Sockets Layer, the use of URLScan, and more.

Wayne Berry

MSDN Magazine September 2002

Security: Protect Private Data with the Cryptography Namespaces of the .NET Framework


The .NET Framework includes a set of cryptographic services that extend the services provided by Windows through the Crypto API. In this article, the author explores the System.Security.Cryptography namespace and the programming model used to apply cryptographic transformations. He discusses reasons why cryptography is easier in .NET than it was before, including the easy programmatic acccess developers have to the cryptography APIs and the difference between symmetric and asymmetric algorithms. Along the way, a brief discussion of the most widely used algorithms, including RSA, DSA, Rijndael, SHA, and other hash algorithms, is provided.

Dan Fox

MSDN Magazine June 2002

Dynamic Data Use And Limitations


I have been looking at dynamic data based applications for a little while now and it looks like this technology could be deployed in many scenarios. In my case I am interested in using it to deliver relatively small database applications to small to medium sized companies, often replacing data in homespun spreadsheets with a well ordered database. The attraction to me being that dynamic data allows the application to be created (and subsequently altered) much more efficiently than with lots of hand coded web forms.

What experience have others had using this technology on live sites, have you come across any road blocks or gotchas in terms of performance, security or general functionality? Is it being used in a diverse range of scenarios?

Dynamic Data Entities Modal GridViewPager not showing


I am using the ModalEF template, converted to a web application.

The GridViewPager is not showing up, though everything else works fine (filters, updates, etc).

I have tried several things in the last two weeks, to no avail.

Any assistance would be greatly appreciated.

The GridViewPager.ascx.cs Page_Load fires, but the Page_PreRender does not.




<%@ Page Title="" Language="C#" MasterPageFile="~/DefaultMaster.master" AutoEventWireup="True" CodeBehind="ListDetailsModal.aspx.cs" Inherits="DATTWeb.DynamicData.PageTemplates.ListDetailsModal" %>

<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="ajaxToolKit" %>
<%@ Register Assembly="System.Web.Entity, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Web.UI.WebControls" tagprefix="asp" %>

<%@ Register src="~/DynamicData/Content/GridViewPager.ascx" tagname="GridViewPager" tagprefix="asp" %>
<%@ Register src="~/DynamicData/Content/FilterUserControl.ascx" tagname="DynamicFilter" tagprefix="asp" %>

<asp:Content ID="Content2&quo

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend