I have a requirement to check that all the hyperlinks still work on a password protected, private website. What's the best way of doing this?
The site is mix of HTML and ASP.NET Webforms.
EDIT: Sorry - I don't think this question was clear.
I need something like this:
http://validator.w3.org/checklink
But for a site hidden behind a user/pass form. I don't mind doing something programmatically or purchasing something if it's reasonable.
You should seriously look at the unix command line tools to do this. Esp wget
take a look at the --spider option in combination with the --user and --password options...
Also take a look at curl or libcurl+php
There are two things that are not terrible clear about your question.
First, what sort of user/password are required. These can be POST values or they can be the username and password from the http protocol. Which do you want? There are several ways to provide a username and password to a website, and whatever solution you use has to work with your website. That means that you have to have a very accurate understanding of which method you are using. Just the fact that it has a username and password is not nearly enough information.
Second it is unclear what you mean by "links still work" do you mean internal links that will or will not work based on the proper functioning of your application, or do you mean links to public Internet sites that happen to be on a password protected site?
I am assuming the later with this answer. But if you meant the former then you should look into one of several web application test suites that have recently come available.
HTH,
FT
Rel Software's Web Link Validator works quite happily with Forms Auth based sites - we've been using it on client sites for some time now.
The main things to watch out for are:
Send the link checker to your Login Page first.
Ensure you tell it to ignore all Logout URLs (so it doesn't inadvertently log itself out).
I enjoy using SimpleTest for testing my own websites, but there's no built-in link checker.You could use it to navigate the login and fetch the page body. You'd then parse the content using regular expressions to find all links, and use SimpleTest again to verify those links (and even crawl them to verify recursively).
Of course, using cURL (or libcurl with your language of choice) gets you pretty close, too.
You just need to authenticate the WebRequests ...
Where are you stuck?
-- Edit
Well, it depends on what you mean by 'password protected'. How do is the login scheme implemented?
You can do this using Apache httpclient has the features
Related
I have a set of pages that are authenticated using Forms Authentication. When I try to test such a page using SuperPreview and punch in the URL in the Url Location box, automatically the Login page comes up! One possible solution that comes off the head to me is to disable the authentication, but m sure one of you sharp guys out there have a cleaner(better) way to do it. So, how do I go about it??
NOTE: I am fairly new to SuperPreview and not fully acquainted with it.
Impatient soul that I am, I went ahead to familiarize myself with SuperPreview and guess what! Right next to the Url Location is the Page Interaction Mode to help you login to those pages that require that. Pretty neat yeah......
I have an online photo archive. My webpage is password protected but I have not yet protected the photo folder to stop people direct linking the photos by URL. All the photos are uniquely named so it is a little hard to guess... but if somebody wanted to guess, they can - and I don't want them to.
How can I stop them from doing this? Is there a way to show a custom webpage if they do try this, that's says "Oi, don't steal!" or similar?
I have a windows dedicated server with administrator access via remote desktop. The only thing that should enter that folder is a script, nothing else.
Many thanks
Do you mean to say you have enabled basic authentication on the folder containing the images? If that is the case no user should be able to guess, or browse the directory contents without putting in username and password first, otherwise they will get a 401 unauthorized error.
You can check the referrer. It can be easily defeated but most people likely wont care enough to do so. Here is some more detail about that http://davidwalsh.name/prevent-image-hotlinking
For password protecting a portion of your website you can also use .htaccess files - http://weavervsworld.com/docs/other/passprotect.html
I dont know how to do either of these in IIS, apologies.
I have not found the same as or related to my question above.
If it is already asked, please let me know, I will delete mine.
I am learning asp.net mvc 2.
After downloading the rendered page, the visitors have a chance to manipulate the html contents ILLEGALLY and submit it back to the server. In MVC, how can I avoid this issue?
You cannot prevent anything on the user side. Therefore you must ensure that the server reacts correctly to manipulated input.
Note that the automatic model binding is tricky: both over- and under-posting can cause trouble.
This is an excellent post on that topic: http://bradwilson.typepad.com/blog/2010/01/input-validation-vs-model-validation-in-aspnet-mvc.html
Take all the efforts you can to validate the user input at the server. MVC offers the AntiForgeryToken which helps verify that the page being posted back is the correct page but as with any client-side verification, it's not foolproof.
You can't do anything about this.
Use the mantra "never trust anything from your users" and validate everything on server side.
I have an ASP.Net 3.0 SP1 app that uses Form Authentication.
While testing, I noticed that if I viewed a page that another user was viewing, the other users name would be displayed in the control on my master page. The Context.User.Identity is also for the other user.
If I switch to different page that no one else is viewing the Context.User.Identity is correct.
I stumped and would appreciate suggestions.
Thanks in advance.
Chris
Maybe because output caching is enabled for the page: if the page is cached server-side with VaryByParam=none, all users will get the same copy from the cache.
I can only think of two things that can cause this:
You're storing user-specific data in a place shared between requests (e.g. in a static(C#)/shared(VB) variable, in the ASP.NET Cache, in the Application object, ...)
You have output caching enabled.
Check for:
OutputCache directives in your aspx and ascx files,
system.web/caching element in your web.config file(s),
Calls to the HttpCacheability.SetCacheability method.
If you can't find the problem:
Try creating a simplified version of your application until you get the simplest possible version that still reproduces the undesirable behaviour.
During this process of simplification you'll likely discover the problem for yourself. If not, post some code from the simplified version.
Make sure you are not using a link that comes with the authentication ticket when using a cookieless browser.
Also make sure to review any other that might be sharing the data among requests. Just like DOK said, but remember Application isn't the only way you could be doing that.
It looks like the issue was caused because I setting targetframe="_self" or Target="_self". I removed all these and everything seem to be working fine.
One other note: If I were to refresh the page it would also display the page with the correct user.
I've inherited a DotNetNuke site that was built and managed by someone who thought storing user passwords as plain text was a good idea because he could easily look up a password and tell the user what it is if they forgot it and to log in as them if they had an issue. After recovering from my heart attack at discovering this and getting my mind to navigate away from the idea of how stupid that is, I need to fix it.
I know to change the web.config settings to use the correct password configuration, but was hoping someone else that's had to do this with a DotNetNuke site might provide some guidance on the best way to approach this. Should I just use standard .NET code and write an app to cycle through them and change them or do I need to use the DotNetNuke user objects? Any article links or sample code would be really helpful. I've found posts about doing this generally but not in the context of a DotNetNuke site and am unsure if there's any special considerations I need to take into account.
Sadly there isn't any real documentation that I'm aware of that would handle this. My recommendation would be to make the web.config change to hashed. After doing this user resets will start using the new format.
You could then write a simple module that grabs all users with plan text and resets their password using the ChangePassword API call from the UserController API. It isn't elegant but would get the job done.