Tuesday, 20 March 2012

Validation of viewstate MAC failed.

"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."

Set EnableViewStateMac="false" for Specific page then set on page directory
<%@ PageLanguage="C#"AutoEventWireup="true"CodeFile="Dashboard.aspx.cs"Inherits="_Default"  EnableViewStateMac="false" %>
For all page then this will set on webconfig file
<page EnableViewStateMac="false">
page >

Saturday, 17 March 2012

Detect the browser using ASP.NET and C#


System.Web.HttpBrowserCapabilities browser = Request.Browser;
stringbtype=   browser.Type.ToString();

GridView must be placed inside a form tag with runat=server

Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server

Here I will explain how to solve the problem Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server during if u want to render
Grid view control in HtmlTextWriter
pnlResults.RenderControl(new HtmlTextWriter(new System.IO.StringWriter(sb)));

Control 'grvtype' of type 'GridView' must be placed inside a form tag with runat=server

This error occurs whenever I am trying to export gridview data to excel or word or csv because compiler thinks that the control is not added to the form.  

To solve this problem I have added one overriding function VerifyRenderingInServerForm event in code behind it solves my problem. 

public override void VerifyRenderingInServerForm(Control control)
{
/* Verifies that the control is rendered */
}
By Setting adding this function in code behind that problem has solved and code runs successfully.

Friday, 16 March 2012

Database Connection String


MySQL Connection String

MySQL ConnectionString using MySQL ODBC Driver

<add name="entaccess" connectionString="Driver={MySQL ODBC 3.51 Driver};SERVER=server_name; DATABASE=DataBase_Name;Port=3306;USER=uid;PASSWORD=pass;Connect Timeout=0; OPTION=3;"/>

MySQL ConnectionString using MySQL.Data.dll

<add name="MySQLConnectionString" connectionString="server=server_name; user id=root; password=pwd; database=databasename; pooling=false;default command timeout=3600;" providerName="MySql.Data.MySqlClient"/>


SQLServer Connection String

SQLServer ConnectionString using sqlserver authentication mode

<add name="SQLConnectionString" connectionString="server= Data Source= server_name;Initial Catalog= DataBase_Name;User Id=myUsername;Password=myPassword; " providerName="System.Data.SqlClient"/>

<add name="SQLConnectionString" connectionString="server= Data Source= server_name; Database = DataBase_Name;User Id=myUsername;Password=myPassword; " providerName="System.Data.SqlClient"/>


SQLServer ConnectionString using Windows authentication mode

<add name="SQLConnectionString" connectionString="server= Data Source= server_name;Initial Catalog= DataBase_Name; Integrated Security=True;" providerName="System.Data.SqlClient"/>

<add name="SQLConnectionString" connectionString="server= Data Source= server_name; Database = DataBase_Name; Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
Attach a database file, located in the data directory
<add name="SQLConnectionString" connectionString="Server=.\SQLExpress;AttachDbFilename=|DataDirectory|dbfile.mdf; Database=dbname;Trusted_Connection=Yes providerName="System.Data.SqlClient"/>

Oracle Connection String

<add name="ConnectionString" connectionString="Data Source=servername;Persist Security Info=True;User ID= uid;Password= passowrd;Unicode=True;"/>

    <addname="ConnectionString" connectionString="Data Source=servername;Persist Security Info=True;User ID= id;Password= pwd;"/>


Preventing SQL injection attacks using C#.NET


What is a SQL Injection Attack?
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application they are interacting with or some other response mechanism, such as email. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload will not be immediately activated.

Avoiding SQL Injection



protected void Button1_Click(object sender, EventArgs e)
{
  string connect = "MyConnString";
 
string username= Regex.Replace(txtuname.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);

string Pwd = Regex.Replace(txtpwd.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);
 
  string query = "Select Count(*) From Users Where Username = 
  '" +       username + "' And Password = '" + Pwd + "'";
  int result = 0;
  using (var conn = new SqlConnection(connect))
  {
    using (var cmd = new SqlCommand(query, conn))
    {
      conn.Open();
      result = (int)cmd.ExecuteScalar();
    }
  }
  if (result > 0)
  {
    Response.Redirect("home.aspx");
  }
  else
  {
    Literal1.Text = "Invalid credentials";
}

Using this
string username= Regex.Replace(txtuname.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);

string Pwd = Regex.Replace(txtpwd.Text.ToString(), "[^-a-zA-Z0-9_./:&()#!@$%^&*?]+", "", RegexOptions.Compiled);


you will avoid all type of sql injection

Monday, 5 March 2012

MySQL server has gone away

Error :- MySQL server has gone away

you could run these commands in a MySQL console connected to that same server:

set global net_buffer_length=1000000;
set global max_allowed_packet=1000000000;
 

 

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by Blogger