.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

App Lockdown: Defend Your Apps and Critical User Info with Defensive Coding Techniques

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Whether you're storing database connection strings, user credentials, or logon info, you'll need to practice good defensive programming techniques to avoid those surprise situations in which your data is exposed. In this article, author Kenny Kerry shows you how.

Kenny Kerr

MSDN Magazine November 2004

View Complete Post

More Related Resource Links

Best Coding Techniques To Improve Performance for SharePoint Applications

As more developers write custom code by using the SharePoint Object Model, they encounter common issues that can affect application performance.

The following areas reflect the main issues encountered by developers as they write custom code by using the SharePoint object model:

§ Disposing of SharePoint objects

§ Caching data and objects

§ Writing code that is scalable

User messages without hard coding


Hi All,


How to manage user messages to avoid hardcoding messages accross the web application.





Least Privilege: Teach Your Apps To Play Nicely With Windows Vista User Account Control


User Account Control in Windows Vista keeps the OS safe from intentional and accidental configuration changes.

Chris Corio

MSDN Magazine January 2007

WCF Essentials: Discover Mighty Instance Management Techniques For Developing WCF Apps


Instance management refers to a set of techniques used by Windows Communication Foundation to bind a set of messages to a service instance. This article introduces the concept and shows you why you need instance management.

Juval Lowy

MSDN Magazine June 2006

No More Hangs: Advanced Techniques To Avoid And Detect Deadlocks In .NET Apps


You can combat deadlock using a combination of disciplined locking practices which Joe Duffy aptly explains in this article.

Joe Duffy

MSDN Magazine April 2006

Memory Models: Understand the Impact of Low-Lock Techniques in Multithreaded Apps


Because the use of low-lock techniques in your application significantly increases the likelihood of introducing hard-to-find bugs, it is best to use them only when absolutely necessary. Here Vance Morrison demonstrates the limitations and subtleties low-lock techniques so that if you are forced to use them you have a better chance of using them correctly.

Vance Morrison

MSDN Magazine October 2005

FBA users (ldap provider) don't have any user profile info when logged in.... what am I doing wrong

Sharepoint 2010, Claims authentication, FBA using ldap membership provider and role provider against Active Directory.  User profiles all imported just fine -- used the LDAP FBA provider hitting Active Directory to do so too.  whenever an FBA user logs in, it doesn't seem like sharepoint is picking up any user attributes.  targeted audiences don't work and MY SETTINGS is blank other than account and name.  If the same user logs in but through Active Directory, everything works just fine... targeted audiences, etc. Am I doing something wrong or can I not use the LDAP provider to authenticate to AD and also use the user profiles from Sharepoint?  GRRRRR.  All this to get around the Windows Authentication popup so I can customize a better looking logon experience.  Help?

Critical Error with User Profile synchronization timer job

Hello! We are currently running SharePoint 2010 on Windows 2008 R2 servers. Our User Profile Service and User Profile Sync Service are currently running, and profile imports work fine when kicked off from Central Admin. However, the profile sync timer job always fails with the following Application Event error: Event 6398, SharePoint Foundation The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID 340e8ca2-6f3b-4bd8-80f2-0fe011709805) threw an exception. More information is included below. Generic failure Looking at the ManageUserProfileServiceApplication.aspx log, indeed the only imports visible are ones which have been kicked off manually in Central Admin. The failed scheduled imports are not even recorded to this log. The ULS entry associated with this error is as follows: 08/31/2010 17:11:17.32  OWSTIMER.EXE (0x0CD0)                    0x0C04 SharePoint Foundation          Timer                          6398 Critical The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID 340e8ca2-6f3b-4bd8-80f2-0fe

VS , Where Create User Wizard Save User and Pass and info

Hi , First Sorry For My Bad English :DAnd Second:I Have Question : Can I Edit Create User Wizard To Save Info To My Project  Sql ? And Where Normal Create User Wizard Save Info Of Register ? TanX !! :D !

Get user info in infopath using data connection

hi,  i want to use the absence request template form and connect the employee section and manager section to an existing database. what i want to create now in this template is this (i'm going to explain my scenario): - when the user open the infopath absence request form and insert his name, id number etc (employee section), the approver's name and mail addres (manager section) filled automatically. the approver name must be corresponding to the user name. in the existing database there is a table with the approvers name filled for each user, but from there i dont know how to apllicate this table to use for the auto fill. and after the form is ready can i publish it to my wss 3 site collection? is there a tutorial that explain a scenario like this? thnx

How to get current user in an action of a workflow (without .NET coding) in SharePoint Designer


Does somebody know how to get current user (logon user) in an action of a workflow definition from the Sharepoint Designer 2007. I know how to do it by using .NET coding, but it requires to upload a dll to the bin directory of the application which is not an option due to my company Sharepoint policies.

Why separate account data and user info?



If I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?


Using same user store for multiple apps


I have spent hours on the forum trying to find this answer.  I have a requirement on a project.  There is an internal (intranet employees only) site which has much more control over the data etc.  and i have an external site (to allow customers to enter usage data).  I am using forms auth and hitting a common sql server 2008 db with the standard aspnet schema.  I have an internal web server and an external web server both windows 2003.  The problem that i am having is that if you are logged into the external site and then open a new ie window and enter into the internal site, even as a different user it logs you out of the external and vice versa.  I don't have access to update the machine config. 

I started out as a single app in the db but now have seperated into 2 apps and i am able to log in as an external admin and see only the external users and vice versa.  Creating a seperate security only db for the external app is not an option because i have a  

I have the application name listed in the web.config for both internal and external which matches the app name in the aspnet_applications table.

external app

            <roleManager enabled="true">
                <clear />

Update User Profile info from another SharePoint site


Hi All,

I have MOSS 2007 up and running, and the Staff Profile is maintained by the users.

Now there is another NEW sharepoint 2010 apps planning. In order to avoid the duplication of staff profile in SharePoint 2010, the requirement is to update the SharePoint 2010 Staff Profile from the existing MOSS 2007.

Is it possible? Any help.


Changes in Active Directory not reflected in SharePoint user info



I have a client who uses WSS 3.0 w/ SP1, and does not want to move to MOSS 2007.  The client will be migrating to Exchange 2007 soon, and part of this migration will include populating attributes for the user objects in Active Directory so that the phone numbers, addresses, departments, etc are all stored in AD.  The problem is that the mojority of the user base has already used SharePoint, and when each user first used SharePoint, their info was imported from AD.  Is there a way to force an import so that all the user info in SharePoint will be updated based on what is in Active Directory?  Is it possible to do it in the reverse direction so that users can update their info in SharePoint, and have it write back to their AD user object?


-Derek Brown

Sr System Engineer



Open document(s) in Office web apps (from User controls)


Hi forum,

In my sharepoint application we are using Visual web part (with User control) to display document(s) stored in a Document Library of my sharepoint site.

And we WANT to open the document, from Hyperlink in Usercontrol, in Office web apps. Which could be done as suggested in following link


but the issue with that is it shows the Header & Toolbar which are not required in our case.

I tried playing with the below URL by adding variour request query string parameters like '&popup=1' . But No lock.


Currently i'm trying to find out OWA web part which does the needful for me.

Please share your opinion on the same. Any pointer on the same are warmly welcome.

Thanks in advance




ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend