How to block different extension files accessed by unauthorized user before Login

sushanta-kumar.blogspot.com


Web.config


<system.web>
               <!--Secure ASP.NET cookies-->
<httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" />
<!—Extension files block for unauthorized user access-->
<httpHandlers>
      <add verb="*" path="*.txt" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.pdf" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.jpg" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.gif" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.png" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.ico" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.xls" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.xlsx" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.csv" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.doc" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.docx" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.cab" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.htm" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.log" type="WebHandlers.Handler,WebHandlers"/>
      <add verb="*" path="*.xml" type="WebHandlers.Handler,WebHandlers"/>
</httpHandlers>
<system.web>


Type of file extension added to block before login


*.jpg, *.txt, *.xls, *.xlsx, *.png, *.gif, *.pdf, *.doc, *.docx


*.csv, *.ico, *.cab,*.htm, *.log, *.xml






i

Bind the Certificate to a website & check Secure

http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html

http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html


Check Secure Your site (Rating)

http://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html

Datatable using datarow & datacolumn to fecth data to send mail (adding in string Builder)

Ans 1.
DataTable dt = DAL.ExecStoredProc(DAL.DatabaseName.DB, "storedProc", param);
StringBuilder sb = new StringBuilder();
sb.Append("<br/><br/>");
sb.Append("<table border='0' cellpadding='3'>");
for (int i = 0; i < dt.Rows.Count; i++)
{
    sb.Append("<tr><td>");
    sb.Append(dt.Rows[i]["EMail"].ToString());
    sb.Append("</td></tr>");
}
sb.Append("</table>");
return sb.ToString();

Ans 2.
DataTable dt = DAL.ExecStoredProc(DAL.DatabaseName.DB, "storedProc", param);
StringBuilder sb = new StringBuilder();
sb.Append("<br/><br/>");
sb.Append("<table border='0' cellpadding='3'>");
for (int i = 0; i < dt.Rows.Count; i++)
{
    sb.Append("<tr><td>");
    sb.Append(dt.Rows[i]["EMail"].ToString());
    sb.Append("</td>");
    sb.Append("<td>");
    sb.Append(dt.Rows[i]["EMail"].ToString());
    sb.Append("</td>");
    sb.Append("<td>");
    sb.Append(dt.Rows[i]["EMail"].ToString());
    sb.Append("</td></tr>");
}
sb.Append("</table>");
return sb.ToString();

List of Errors Follow before Go Live a Site

http://www.dotnetnoob.com/2010/11/how-to-secure-aspnet-cookies.html

http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

http://msdn.microsoft.com/en-us/library/ff648339.aspx

http://www.codeproject.com/Articles/573458/An-Absolute-Beginners-Tutorial-on-Cross-Site-Scrip

http://www.iis.net/downloads/microsoft/urlscan

http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx

http://www.rapid7.com/vulndb/lookup/spider-sensitive-form-data-autocomplete-enabled

　

A1: Injection

A2: Cross-Site Scripting (XSS)

A3: Broken Authentication and Session Management

A4: Insecure Direct Object References

A5: Cross-Site Request Forgery (CSRF)

A6: Security Misconfiguration

A7: Insecure Cryptographic Storage

A8: Failure to Restrict URL Access

A9: Insufficient Transport Layer Protection

A10: Unvalidated Redirects and Forwards