Wednesday, 21 May 2014

Real Time Pan Card Validation While Entering

<asp:TextBox ID="AN_UC7_txtpan" runat="server" class="input-style-newone"  onkeyup="return CheckPAN(this.id,event,'CPH1_ID_AN_ODProposer_AN_UC7_lblerrpan');"
                                    onkeypress="return CheckPAN(this.id,event,'CPH1_ID_AN_ODProposer_AN_UC7_lblerrpan'); "
                                    MaxLength="10" TabIndex="5" oncopy ="return false" onpaste="return false" oncut="return false" ></asp:TextBox>


 <div class="error-box" style="width: 500px">
                                    <div class="error-box-inner">
                                        <asp:Image ID="AN_UC7_Imgerriconpan" runat="server" src="images/error-icon.jpg" Style="margin: 0 5px -1px 0;
                                            display: none" />
                                        <asp:Label ID="AN_UC7_lblerrpan" runat="server" Text=""></asp:Label>
                                    </div>
                                </div>



function IsOnlyNumeric(strString) {
    var strValidChars = "0123456789";
    var strChar;
    var blnResult = true;
    for (i = 0; i < strString.length && blnResult == true; i++) {
        strChar = strString.charAt(i);
        if (strValidChars.indexOf(strChar) == -1) {
            blnResult = false;
        }
    }
    return blnResult;
}


function CheckPAN(obj, evt, lblname) {
    var lbl = lblname;
    var ctrlname = obj;
    var ucctrlname = ctrlname;
    var strInitial = ucctrlname;

    var code = (evt.which) ? evt.which : evt.keyCode ? evt.keyCode : evt.charCode;
    //For IE7 browser
    if (typeof String.prototype.trim !== 'function') {
        String.prototype.trim = function () {
            return this.replace(/^\s+|\s+$/g, '');
        }
    }
    if (navigator.userAgent.search("Firefox") != -1) {
        if (code == 32 || code == 190) {
            var pancard = document.getElementById(obj).value;
            document.getElementById(obj).value = pancard.substring(0, pancard.length - 1);
        }
    }
    if ((code >= 65 && code <= 90) || (code >= 97 && code <= 122) || (code >= 48 && code <= 57) || (code == 13 || code == 8 || code == 9)) {
        var pancard = document.getElementById(obj).value;    
   
        if ((pancard.trim().length > 0 && IsOnlyNumeric(pancard.charAt(0).toString()) == true) || (pancard.trim().length > 1 && IsOnlyNumeric(pancard.charAt(1).toString()) == true) || (pancard.trim().length > 2 && IsOnlyNumeric(pancard.charAt(2).toString()) == true) || (pancard.trim().length > 3 && IsOnlyNumeric(pancard.charAt(3).toString()) == true) || (pancard.trim().length > 4 && IsOnlyNumeric(pancard.charAt(4).toString()) == true)) {
            document.getElementById(obj).value = pancard.substring(0, pancard.length - 1);
            document.getElementById(lbl).innerHTML = ""; //"Starting five digits should be Alphabets";
            if (pancard.trim().length == 1) {
                document.getElementById(obj).value = "";
            }
            return false;
        }
        if ((pancard.trim().length > 5 && IsOnlyNumeric(pancard.charAt(5).toString()) == false) || (pancard.trim().length > 6 && IsOnlyNumeric(pancard.charAt(6).toString()) == false) || (pancard.trim().length > 7 && IsOnlyNumeric(pancard.charAt(7).toString()) == false) || (pancard.trim().length > 8 && IsOnlyNumeric(pancard.charAt(8).toString()) == false)) {
            document.getElementById(obj).value = pancard.substring(0, pancard.length - 1);
            document.getElementById(lbl).innerHTML = ""; //"6,7,8 & 9th digits should be numeric";
            return false;

        }
        if (pancard.trim().length > 9 && IsOnlyNumeric(pancard.charAt(9).toString()) == true) {
            document.getElementById(obj).value = pancard.substring(0, pancard.length - 1);
            document.getElementById(lbl).innerHTML = ""; // "Last digit should be Alphabet";
            return false;
        }
    }
    else {
        return false;
    }
    return true;
}
Posted by No comments:

Wednesday, 7 May 2014

Asp.net set session timeout

Asp.net set session timeout:


By default our websites session timeout is 20 mins after that session will gets expire suppose if we want to set our custom timeout in our applications we can set it in different ways 
Write below code in .CS file
  string str_jscript = "TimeOutExpire(" + Convert.ToString(Session.Timeout * (60 * 1000)) + ");";
        Page page = System.Web.HttpContext.Current.Handler as Page;
        System.Web.UI.ScriptManager.RegisterStartupScript(page, page.GetType(), "", str_jscript, true);



Write Below code  in .ASPX page

 <script type="text/javascript">
        var timer;
        function TimeOutExpire(obj) {
            window.clearTimeout(timer);
            timer = window.setTimeout(function () { window.location = "Loginpage.aspx?PID=EAN" }, parseInt(obj));
        }          
    </script>
Posted by No comments:

Displaying a Custom Error Page


Introduction

In a perfect world there would be no run-time errors. Programmers would write code with nary a bug and with robust user input validation, and external resources like database servers and e-mail servers would never go offline. Of course, in reality errors are inevitable. The classes in the .NET Framework signal an error by throwing an exception. For example, calling a SqlConnection object's Open method establishes a connection to the database specified by a connection string. However, if the database is down or if the credentials in the connection string are invalid then the Open method throws a SqlException. Exceptions can be handled by the use oftry/catch/finally blocks. If code within a try block throws an exception, control is transferred to the appropriate catch block where the developer can attempt to recover from the error. If there is no matching catch block, or if the code that threw the exception is not in a try block, the exception percolates up the call stack in search of try/catch/finally blocks.

Examining the Three Types of Error Pages

When an unhandled exception arises in an ASP.NET application one of three types of error pages is displayed:
  • The Exception Details Yellow Screen of Death error page,
  • The Runtime Error Yellow Screen of Death error page, or
  • A custom error page
  • Figure 1 shows the Exception Details YSOD page. Note the URL in the browser's address window:http://localhost:62275/Genre.aspx?ID=foo. Recall that the Genre.aspx page lists the book reviews in a particular genre. It requires that GenreId value (a uniqueidentifier) be passed through the querystring; for example, the appropriate URL to view the fiction reviews is Genre.aspx?ID=7683ab5d-4589-4f03-a139-1c26044d0146. If a non-uniqueidentifier value is passed in through the querystring (such as "foo") an exception is thrown.
aspnet_tutorial11_CustomErrors_cs_figure01.png (852×602)






Using a Custom Error Page

Every web application should have a custom error page. It provides a more professional-looking alternative to the Runtime Error YSOD, it is easy to create, and configuring the application to use the custom error page takes only a few moments. The first step is creating the custom error page. I've added a new folder to the Book Reviews application named ErrorPages and added to that a new ASP.NET page named Oops.aspx. Have the page use the same master page as the rest of the pages on your site so that it automatically inherits the same look and feel.


With the error page completed, configure the web application to use the custom error page in lieu of the Runtime Error YSOD. This is accomplished by specifying the URL of the error page in the <customErrors> section'sdefaultRedirect attribute. Add the following markup to your application's Web.config file:


<system.web>
        <customErrors mode="RemoteOnly"
                      defaultRedirect="~/ErrorPages/Oops.aspx" />

        ...
    </system.web>
Posted by No comments:

The Clickjacking attack, X-Frame-Options

ASP.NET web application security 

Overview:


This article helps you build and enable robust web applications with respect to various aspects of securities that need to be taken care while designing a system. The system designed without considering security assessment leads to non compliance and may come under security threats. Such systems are vulnerable to harmful attacks. The guide below will foster the strengthening of applications and mitigate the risk of probable attacks and reduce unauthorized activities. The problem, scenario, and solution statement stated here are .NET centric. I have tried to cover most essential security review items that cause most issues and non compliance


Real time scenario

Assume there is an e-commerce site where we can purchase a book online. There will be another website with the exact replica but with a few changes such that users are motivated to transact. A scenario where an e-commerce site will have a button with a Buy caption and a malicious site will have a screen with a masked non–event button ‘Donate’ just placed above it. The moment the user clicks on the masked non-event button ‘Donate’, in reality, it will trigger the low level z-index Buy button. This is how hackers can misuse your website for their purpose.


Solution : This works absolutely fine for all authentication modes

Write Below code in Global.asax file:


void Application_BeginRequest(object sender, EventArgs e)
    {
        HttpContext.Current.Response.AddHeader("x-frame-options", "DENY");
    }
Posted by No comments:
Subscribe to: Posts (Atom)