In my web.config file there are below entries. It seems like it is used to send mails from my website.
How i know maiks has been sent from my website?
<add key="emailFromAddress" value="help-desk#home.com"/>
<add key="emailTo_StoreAuthorise" value="help-desk#home.com"/>
You can't know that mails have been sent from your web application. It is the responsibility of the mail server to process emails, not the web server - this means that your code will use mail code, which uses the mail server (e.g. exchange) to actually send out the mails.
What you could do, is check the mail server to see what's been sent out on this email address. It's not perfect, because you may have a user who sends mails on this account, so it will only tell you that mail was sent - not that this mail was sent by your code.
If you need this functionality, you'll need to write this information out at some point - e.g. when the code requests the send mail.
The mails are not sent through your website, but through your mail server.
Your options are:
Check the mail server to see if it logs your sent mails.
Add code to the method that sends the mail in your website to log this event in some place.
Maybe check some kind of IIS-log.
Use such a code to generate link wich will set the mail's subject:
<asp:HyperLink id="EMailLink" runat="server"
NavigateUrl="mailto:<%# System.Configuration.ConfigurationSettings.AppSettings("emailFromAddress") %>?subject=[YourSite.com]"
>EmailUs</asp:HyperLink>
I'm assuming you didn't write the app and have inherited it from someone else, but now wish to check that the email functionality is working and can't be bothered to look at the code?
If you are just trying to check that they work in a development setting and your app has a mailSettings config element, you could configure it so that the mails are written to disk, as shown here.
Related
I am a newbie in using SendGrid. I have a web application that send a mail to users after the successful registration. I am using send grid to send mails.
It works fine when I try to send Google email accounts. But when I send mails to Outlook email addresses, it always failed to deliver emails.
I checked the SendGrid 'Activity' section it shows like below.
You might need to setup domain authentication. This link should be a good place to start: https://sendgrid.com/docs/ui/account-and-settings/how-to-set-up-domain-authentication/
Outlook might have different firewall rules blocking incoming (potentially malicious) emails while GMail might have a different set of them.
I have an asp.net application that accepts User Name as Form Post value, and authenticates based on the posted value.
in Page_Init of my Login.aspx, I have below code
if (!String.IsNullOrEmpty(HttpContext.Current.Request.Form["username"].ToString()))
{
//my logic to authenticate, authorize, redirect to page
}
It works fine so far. I had to add this because I have an external authentication system in my company which does all authentication part and send user name to the Application accessed to auto-login within the application.
Though it works fine, I want to add an additional layer of security on top of this Posted user name. I want to identify if this Post request came from our Gateway website. My questions are
Is there a way to identify the URL posted to my Login.aspx?
If not, is there a way to identify any other client information to validate the post?
I don't want anyone who creates a simple HTML with post variable "username" get access to my application. Thanks for your insights on this.
Is looking at one or both the values in Request.UserHostAddress and Request.UserHostName fine?
Is there a way to identify the URL posted to my Login.aspx?
No.
If not, is there a way to identify any other client information to
validate the post?
Well, the only reliable information is the client IP. So if you know the address of the application that will be sending this HTTP request you could use HttpContext.Current.Request.UserHostAddress to compare against.
As an alternative you could share some common secret between the client application and your server. And then in addition to posting the username, you could require the client to POST some additional message that will be signed with this secret. Now the the server can verify the signature and guarantee that it is coming from the client (because it is the only one who knows how to sign the message). This process is called Digital Signature and guarantees that a message hasn't been tampered between a sender and a receiver.
This is my first time making a website.
On the website I have made a form for client to fill in their details. It uses the CDO.Message and smtpserver (gmail) and the details can be sent successfully to my email.
Now I want to add a function to allow client to attach file(s) and send the files with the form to my email.
Can I do this without having the attachment(s) being uploaded to the server? I want the details on the form and the attachment(s) being sent directly to email.
Is it possible to use the AddAttachment function, get the file path on client's machine and send the attachment to email? If so how to get the full file path on client's machine?
Thanks a lot.
No. The file will have to be on the server to use that method to add it to the e-mail.If you do this, be very careful because it is a high security risk to allow users to upload files to the file system of a web server.
I am not very familiar with hacking techniques and safety vulnerabilities, but I am starting to worry a little bit about our site's security, which is built on ASP Classic, running IIS 7.5
We use ASP inline authentication. Inside the ASP file I have the username and password set up. I have restricted the access to a certain username to a specific IP address (the username used by employees) and the other usernames use a confirmation password received by SMS on the phone.
Is the IP based auth safe? I've heard of entering a certain IP address through certain ports and thus gaining access from that certain IP address.
Can the content of the ASP file get hacked and read?
When generating the SMS, the ASP script opens a link through XMLHTTP 'https://generate.sms-company-domain.com/?password=&acount=&message=Your confirmation password is '. Could somebody listen to the URL that are called and easily get the SMS password?
Can you think of any vulnerabilities of our log in methods?
Thanks!
your 3rd point is looks like problem if URL expose in that way any one can read password or information via some tools like fiddler.
for protect your site from hacking please make sure
1) you site used SQL injection technique
2) all important data submit via post method.
3) need to take care of Cross site scripting attack like when someone load page it save one encrypted value in cookie and in code read that cookie value so we can confirm that page is not calling from some other place.
hi i want to send a some form entries resulting in a postback to be mailed automatically with my gmail account to the target mail id entered by the user with asp.net - c#?
You can send an email using: http://www.systemnetmail.com/
Gmail uses the mail server that you can configure (I forget the exact address, but you can find it on the google site) your web application to use when it sends mail.
As gmail lets you send mail var SMTP you should just be able to use the SmtpClient class in the .net framework.
Do you however often have to configure your virus scanner to allow out going emails from the process the Asp.net is running in.