There’s a few ways: Use the <%: %> syntax in ASP.NET MVC2 / .NET 4.0. (Which is just syntactic sugar for Html.Encode()) Follow the directions laid out by Phil Haack where it details using the Anti-XSS library as the ‘default’ encoding engine for ASP.NET.
For the future generation the answer which works for me is to use hidden segments. If you want to secure e.g. Uploads folder go to your root Web.config and add into <system.webServer> following element: <security> <requestFiltering> <hiddenSegments> <add segment=”Uploads”/> </hiddenSegments> </requestFiltering> </security> This will prevent all users from direct access to Uploads folder and its … Read more
Either add the following to your web.config file: <system.web> <globalization culture=”en-US” uiCulture=”en-US” /> </system.web> or you can add this statement on the page: <%@ Page uiCulture=”en-US” culture=”en-US” %> Hope this helps.
Not sure if you are still looking for an answer for this? Mark Redman’s answer is great if you can define the select list in the aspx page, however if you bind the drop down list dynamically obviously you cannot. I had success using the following to achieve the result you are after (not sure … Read more
A number of *.browser files are shipped with .NET: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers The runtime uses regular expressions from the *.browser files to match against the incoming User-Agent string, and then sets a bunch of properties based on each match it finds (there can be several in the hierarchy). If you need in-depth mobile device support, consider installing … Read more
Do the following in the App.config file, Put the connectionStrings element is after the configSections element. Put the startup element after the connectionStrings element. <?xml version=”1.0″ encoding=”utf-8″?> <configuration> <configSections> <section name=”entityFramework” type=”System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.3.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ /> </configSections> <connectionStrings> <add name=”SchedulingContext” connectionString=”Data Source=XXX\SQL2008R2DEV;Initial Catalog=YYY;Persist Security Info=True;User ID=sa;Password=XXX” providerName=”System.Data.SqlClient”/> </connectionStrings> <startup> <supportedRuntime version=”v4.0″ sku=”.NETFramework,Version=v4.5″ /> </startup> … Read more
Have been doing more digging on this. The best way to prevent session fixation attacks in any web application is to issue a new session identifier when a user logs in. In ASP.NET Session.Abandon() is not sufficient for this task. Microsoft state in http://support.microsoft.com/kb/899918 that: “”When you abandon a session, the session ID cookie is … Read more
Use Data binding expressions <asp:Label ID=”Label1″ runat=”server” Text=”<%# DateTime.Now %>” ></asp:Label> Code behind, protected void Page_Load(object sender, EventArgs e){ DataBind(); }
You can configure IIS to cache specific files by extension. For example: Select the folder where your css/js files reside and then click on Output Caching. Then add the file extensions that you want to cache: I don’t think you can specify which ones to cache on a per file basis unless you write an … Read more
There is no built-in facility to resolve it in asp.net However, there is a workaround for this problem; You need to handle it with javascript. Solution is mentioned here: Maintain Scrollbar Position Inside UpdatePanel After Partial PostBack Edited 20-May-2012; after seeing the comments <form id=”form1″ runat=”server”> <asp:ScriptManager ID=”ScriptManager1″ runat=”server” ScriptMode=”Release” /> <script type=”text/javascript”> // It … Read more