How do I encrypt the Telerik Rad Editor viewstate? - asp.net

The viewstate or application's pages are already encrypted but looking at the Burp output of the response from a POST to the Telerik.UI.DialogHandler (ImageMananger) it seems the Telerik view state in the response appears not to be. See attached image.
Burp output
We've generated and specified the DialogParametersEncryptionKey, ConfigurationEncryptionKey, and ConfigurationHashKey keys in the site level web.config as described in article https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/functionality/dialogs/security. This didn't change the viewstate.
The machine key in IIS is set for auto-generation.
I'm only assuming the Telerik viewstate can be encrypted because what I've read seems to imply that, but I haven't found a clear example so I'm not sure.

Can you please change the TargetFramework of the application to 4.5 or above and test again:
> <compilation debug="false" targetFramework="4.8" />
> <httpRuntime targetFramework="4.8" />
> <pages viewStateEncryptionMode="Always" enableViewStateMac="true">
> <controls>
> <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
> </controls>
> </pages>
> <httpHandlers>
It is also a must to set viewStateEncryptionMode="Always" enableViewStateMac="true" in the page directive or the web.config.
Check out this product forum thread for more information: https://www.telerik.com/forums/can-the-rad-editor-viewstate-be-encrypted.

Related

Ajax Sys.WebForms.PageRequestManagerServerErrorException

A little background. I have a IIS8 server. Lets call this server ABC.
In server ABC. I have two website. One is called websiteA and websiteB. they are identical website. Only subtle differences since websiteB is primary used for test and dev purpose.
Can you please help me to troubleshoot the issue on WebsiteA?
The error is a generic error:
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500
This error does not happen in WebsiteB. and I have compared the ASPX page to make sure they are exactly the same.
Can you help me how to troubleshoot the error 500 on the server? I don't know how...
This is the register Assembly for the ajax on top of the ASPX page:
<%# Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
This is the snippet for my toolkit
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server" EnablePageMethods="True"></asp:ToolkitScriptManager>
Wow. I fixed this. So for kicks I start removing stuff from the page.
The first one I remove was this bit. because in less than 1 year ago I added this bit.
<asp:UpdatePanel ID="UpdatePanel1" runat="server">
<ContentTemplate>
</ContentTemplate>
</asp:UpdatePanel>
Then I get a different error message:
I get this error now:
System.Web.HttpException: Maximum request length exceeded
Did some google of that error and boom! I get this stackoverflow link:
Maximum request length exceeded. I follow the suggestion and my problem goes away! Horray
and the solution is to add this in my web.config!
(the one in bold is the new stuff I added)
System.webserver is the new bit
and
executionTimeout="100000" maxRequestLength="214748364"
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" executionTimeout="100000" maxRequestLength="214748364" />
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
</configuration>

RequiredFieldValidators issue in Asp.net

I am in the process of adding RequiredFieldValidators into my form and just tested it on the web and received this error
Error
WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for 'jquery'. Please add a ScriptResourceMapping named jquery(case-sensitive).
I added the solution which was this in the web.config file:
<appsettings> <add value="None" key="ValidationSettings:UnobtrusiveValidationMode"></add> </appsettings>
But that prompted this error
Error
HTTP Error 500.19 - Internal Server Error
This last error is saying something is wrong with the solution I inputted above.. Has anyone else ever run into this and have a solution?
Hope you have set targetFramework to 4.5 . The full config should look like this.
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None"></add>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
</configuration>
If this key value is set to "None" [default], the ASP.NET application will use the pre-4.5 behavior (JavaScript inline in the pages) for client-side validation logic. If this key value is set to "WebForms", ASP.NET uses HTML5 data-attributes and late bound JavaScript from an added script reference for client-side validation logic.
Reminder: <appSettings> parent in the web.Config file should be the root element, that is <configuration>.
Helpful links - http://www.codeproject.com/Articles/465613/WebForms-UnobtrusiveValidationMode-requires-a
http://msdn.microsoft.com/en-us/library/system.web.ui.unobtrusivevalidationmode.aspx -- This says it a feature of v4.5, you should have to specify targetFramework = 4.5 in cofig to make it work.

Cannot use the Session variable

after many research in Google, i didn't found the solution to my problem.
When i want to make enter value to the Session variable, all is ok :
Session["idResult"] = youthID;
but when i want to get the value with the line code :
youthID = (int)Session["idResult"];
i get the error :
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration>\<system.web>\<httpModules> section in the application configuration.
i tried to add in the web.config :
EnableSessionState="True"
and also :
<httpModules><add name="Session" type="System.Web.SessionState.SessionStateModule"/> </httpModules>
<pages enableSessionState="true"/>
and many other possibilities but it's doesn't work
my default web.config is :
> <?xml version="1.0"?> <!-- For more information on how to configure
> your ASP.NET application, please visit
> http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration>
> <system.web>
> <compilation debug="true" targetFramework="4.5"/>
> <httpRuntime targetFramework="4.5"/> </system.web> </configuration>

RadControl disappear and unrecognized tag prefix

i need to enhance the application which developed by other colleagues, the source code located at share folder such as \10.1.1.1\App1
and i had map the share folder as network drive such as T: drive
my colleagues can open the apps by VS and work properly, but when i open it by VS2010, it cannot display the RadControl in Toolbox, display unrecognized tag prefix error message and cannot reference telerik function in code behind.
i had tried many methods that found on forum and website but doesn't work. e.g.
Using Caspol.exe to grant .NET applications rights to a remote ...
Caspol.exe –m –ag 1.2 –url file://\10.1.1.13/App1/* FullTrust
Caspol.exe –m –ag 1.2 –url file://\T:/* FullTrust
Add reference to web.config
Remove dll from bin folder
refer Telerik.Web.UI assembly and register the tagprefix in the web.config or directly into the page:
<system.web>
<compilation debug="false" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<pages>
<controls>
<add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
</controls>
</pages>
or in the aspx page:
<%# Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>

How to register tagPrefix in app.config

in my ASP.net project's web.config I register the tagprefix cr as follows:
<pages>
<controls>
<add tagPrefix="cr" namespace="CrystalDecisions.Web" assembly="CrystalDecisions.Web,Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" />
</controls>
</pages>
I would like to start using configuration specific app.configs, but if I include the same setting in the app.config I get an error at compile time saying that the tagprefix is unrecognized
How can I force recognition of the tagprefix when it is in app.config instead of web.config
app.config is not used in a web project; anything you put in that file might as well not exist; ASP.NET and IIS completely ignore that file.

Resources