Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / April 2006

Tip: Looking for answers? Try searching our database.

Help - Need to allow Java Client to post form data to ASPX Web Page

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
jjouett - 28 Apr 2006 14:50 GMT
I'm trying to setup an ASPX web page such that an existing Java Client
used by external customers can post form data, and I'm running into a
problem. The existing Java Client doesn't set any credentials, and when
I try to post to my page, the Java Client gets a 401 error. My own C#
client works because I am setting the Credentials of the WebClient, but
I have to support the existing Java Client as-is by external users.
What is the setup of my Web Page or IIS to allow a client to post form
data without requiring them to define credentials without opening up
any security holes?

Thanks in advance
Reply to this Message
Robert Ginsburg - 28 Apr 2006 15:17 GMT
It appears that you are going to allow anonymous access and anonymous post
data, so the "without any security holes" requirement is the problem.
You could go to external infrastracture and only allow client IP addresses
to connect (router settings) to your anonmyous site, or you could setup an
internally accessible URL, and require that clients vpn in to get to it,
since the vpn would be password protected you would have some protection of
your site.

> I'm trying to setup an ASPX web page such that an existing Java Client
> used by external customers can post form data, and I'm running into a
[quoted text clipped - 7 lines]
>
> Thanks in advance
Reply to this Message
jjouett - 28 Apr 2006 15:41 GMT
Thanks for the feedback. The existing Java client application has a
user/password pair in the values it posts, so I guess that there can be
application logic provided to only allow authorized users to upload
data.  Concerning the configuration of the web page or IIS, is there a
recommended resource for describing how to set this up? Searching for
"anonymous post" turns up a log of results that are in no way related
to this topic.

Thanks in advance
Reply to this Message
Robert Ginsburg - 28 Apr 2006 16:04 GMT
Its as simple as enabling anonymous access on the web site directory
security tab.

> Thanks for the feedback. The existing Java client application has a
> user/password pair in the values it posts, so I guess that there can be
[quoted text clipped - 5 lines]
>
> Thanks in advance
Reply to this Message
Mitch Gallant - 28 Apr 2006 16:14 GMT
which should be the default setting on a web folder via IIS
- Mitch

> Its as simple as enabling anonymous access on the web site directory
> security tab.
[quoted text clipped - 8 lines]
>>
>> Thanks in advance
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.