Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm newbie when talks about Error Handling. It's a subject that i want to study but right now i just don't have free time, so i'm looking to implement an error/exception handler one a few projects i've developing last weeks (C#, .NET 3.5).
What do you recommend me to implement for this? Other point is where to store the errors logs. In database or .xml file? Well, i really need some help on this!
By the way, is there any book about error handling?
Thanks in advance,
Guilherme Cardoso
For unhandled exceptions you might want to use ELMAH. Its super simple to setup - just a dll and some settings in your web.config.
Log4net is a robust tool for logging to a variety of sources. Where I work, we use the Logging Application Blocks from the Enterprise Library. You can read up about these resources on their websites.
As for logging to XML files vs. databases, there are tradeoffs to each approach. Using local files reduces how many breakable components are required for a functioning application. Imagine that the database goes down, and your app tries to log to the database that the database went down... Hmmm.
On the other hand, logging to a database can dramatically improve your ability to query and gain intelligence on the nature of errors that get logged.
No one will be able to tell you absolutely what you should do; just weigh the tradeoffs and your expectations, and you'll be good to go.
If you want to go with some home-brewed error handling, you can tap into the Application_Error method of your Global.asax and manually log members of the HttpContext.Current.AllErrors property. You can also use the ClearError() method on the context to wipe out the errors, and then redirect to a safe page if you want to log-and-continue.
Good luck!
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Apologies if this is in the wrong category. I'm currently developing and application in ASP, due to my inexperience with ASP I'm worried about vulnerabilities that a user can exploit.
My application is being coded from scratch, no templates used or defaults from Visual Studio, completely blank projects. The user is greeted with a login page where depending on there user access in active directory depends on which pages the user can access.
The exploit I'm worried about is if the user will be able to commit a directory traversal and access a page in which they're not allowed to access and change critical information.
I'm afraid my inexperience has caught up with me. Could someone explain to me how I could limit the access to the user or, If I'm over thinking the process, correct me? Constructive criticism is accepted.
Microsoft does try to help protect your application through their defaults, so if you're running in IIS, make sure the user the application pool is running under only has write access to the folders it needs to write into.
This is a very open-ended question and depends on many factors such as version of .net, server OS/IIS version, other handlers installed, etc. But a good start is to review the OWASP Top 10:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013
Here's a list of some automated tools you can use for testing your implementation:
https://geekflare.com/online-scan-website-security-vulnerabilities/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
Can anyone recommend any out-of-the-box solutions that can protect a "classic" ASP application against cross-site request forgery? I'm looking for suggestions from folks who have actual experience with the product. In particular, pros, cons, and implementation gotchas relating to the product would be very helpful.
The ASP application is legacy and is slated for decommission, so I'm hoping to find a solution that integrates easily and with a minimum amount of impact to the app.
Have you looked into using IIS level tools like UrlScan 3? We've used this with IIS 6 and classic ASP applications to successfully protect our systems from SQL injection and XSS vunerabilities. Plus it's FREE!
There's lots of helpful custom configuration tutorials if you want to enhance what is checked for. Read this article that covers specifically XSS.
We've also spent alot of time on re-developing our application code itself to protect against things like sql injection and people trying to post malicious scripts via url or form.
However UrlScan has provided a solid base for keeping our sites secure.
You can also look at products provided by Port80 Software.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I know some of you will discourage scanning through a web page, unfortunately, it is a requirement.
I want to view my options in the situation, and maybe, some of you may have already gone through this and had a workable solution.
Problem is, we need to have a universal approach in scanning documents through the webpage without any external helper apps that does this for us.
I know this is a tall order, I would simply want to know the best next thing.
Thank you!
You can't do it with just a browser and JavaScript, full stop, you'll need to include something else -- a Java applet, a .Net "No Touch Deployment" application (mostly IE-only), a Flash or Shockwave application, something like that. In the Windows world, Flash has a huge installed base on browsers, but I don't know if it can do what you want (not knowing much about Flash). Next up would be a signed Java applet.
The user will then need to give your thingy permission to access local resources, a process that varies depending on the technology used. It's quite a simple process with a signed Java applet, much more involved and awkward for the end user with a .Net "No Touch Deployment" app.
I've seen this done with a Java applet successfully. ActiveX might also work.
Here is what appears to be a working TWAIN applet.
Here is question with answers related to TWAIN and Java.
I've successfully used Morena for implementing web scanning. It requires only that the user have Java installed. (With older versions of Java you can run out of memory when processing the scanned image. I had to cut large images into 100 pixel strips and send them individually to the server.)
Here's a small scan-to-email project that I used Morena with.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I am involved in a project with UI comprising mainly of Action Script.
My role as an ASP.NET programmer is to pull data from DB using Web Services and
supply it as XML to the Action Script.
It would help me immensely if I could learn more about XML Web Services in ASP.NET.
I searched for a new book in this topic but couldn't find any book completely dedicated to the topic.
I have found many books published at around 2002 or so.
I would like to know whether there is a good new book that would be handy for my project.
It would be better if they use 3.5 technologies like Linq to XML and all.
Thank you.
If you're only just starting to do web services in ASP.NET, I would strongly recommend you go and check out WCF. It's the current and future standard for communications between machines - web services and a lot more. The "old-style" ASMX web services are on their way out.
The book I always recommend to get up and running in WCF quickly is Learning WCF by Michele Leroux Bustamante. She covers all the necessary topics, and in a very understandable and approachable way. This will teach you everything - basics, intermediate topics, security, transaction control and so forth - that you need to know to write high quality, useful WCF services.
alt text http://ecx.images-amazon.com/images/I/41wYa%2BNiPML._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpg
Also, I'd strongly recommend the Pluralsight series of WCF screen casts. I love books and they are great to read up on stuff - but sometimes, I find it easier to actually see someone show how to really code the thing and see it work and run. Highly recommended, 10-20 minute for each video, very informative and useful indeed!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
A good detailed tutorial on the lifecycle of a page request.
I've read up on the ASP.NET page lifecycle, I am talking about things that happened before the .NET process starts to handle the request.
i.e. domain typed into browser, DNS mapping? etc.
For Quick Reference:
I use the following chart all the time, it is hanging by my desk:
http://blog.krisvandermast.com/ASPNET20PageLifeCycle.aspx
As well as a detailed version of each stage:
http://john-sheehan.com/blog/wp-content/uploads/aspnet-life-cycles-events.pdf
I found this MSDN article really interesting, hope you like it too.
I would read ASP.NET Application Life Cycle Overview for IIS 5.0 and 6.0:
Within ASP.NET, several processing
steps must occur for an ASP.NET
application to be initialized and
process requests. Additionally,
ASP.NET is only one piece of the Web
server architecture that services
requests made by browsers. It is
important for you to understand the
application life cycle so that you can
write code at the appropriate life
cycle stage for the effect you intend.