Friday, 17 August 2012

Disabling Rightclick on webpage using javascript


JAVA SCRIPT CODE :


var message = "Right click testing";
        function click(e) {
            if (document.all) {
                if (event.button == 2) {
                    alert(message);
                    return false;
                }
            }
            if (document.layers) {
                if (e.which == 3) {
                    alert(message);
                    return false;
                }
            }
        }
        if (document.layers) {
            document.captureEvents(Event.MOUSEDOWN);
        }
        document.onmousedown = click;




ASPX CODE

Put above code between <Head></Head> tag

And Run the script !!

On web , try to right click and wait for alert message !!

Thursday, 16 August 2012

How to Install IIS 7 and Setup a Static Website ?

Installing IIS 7 on Windows Server 2008

Since the IIS web server is not installed by default, the first thing we have to do is install IIS as a role for the server we are working on.
1. Click on Start -> Administrative Tools -> Server Manager
How to Install IIS 7 - 1
2. In Server Manager scroll down to Roles Summary, and click on Add Roles

How to Install IIS 7 - 2
3. The Add Roles Wizard starts at this point and warns you that if you are going to add a role to make sure:
  • The administrator account has a strong password
  • Network settings, such as static IP, are configured
  • The latest security updates from Windows Updates are installed
How to Install IIS 7 - 3
4. Click Next to go the Add Server Role page. Place a checkmark next to Web Server (IIS) and then click on the button Next
How to Install IIS 7 -
5. The next page will give you some basic information on IIS Web Servers and a few links with extra information if needed. Click on the button Next to continue

How to Install IIS 7 -
6. The next window is the Select Role Services. This very important screen will allow you to add only the modules necessary for your planned installation of IIS.
When you choose a module in this screen in the upper right corner you will get more information about what the module is for. For our example we are going to load the following modules:
  • Static Content – Lets the Web server publish static Web file formats, such as HTML pages and image files.
    Use Static Content to publish files on your Web server that users can view using a Web browser.
  • Default Document – Lets you configure a default file for the Web server to return when users do not specify a file in a URL.
    Default Documents make it easier and more convenient for users to reach your Web site.
  • HTTP Errors – Allows you to customize the error messages returned to users’ browsers when the Web server detects a fault condition.
    Use HTTP Errors to provide users with a better user experience when they run up against an error message. Consider providing users with an e-mail address for staff who can help them resolve the error.
  • HTTP Redirection – Provides support to redirect user requests to a specific destination.
    Use HTTP redirection whenever you want customers who are using one URL to actually end up at another URL. This is helpful in many situations, from simply renaming your Web site, to overcoming a domain name that is difficult to spell, or forcing clients to use a secure channel.
  • HTTP Logging – Provides logging of Web site activity for this server.
    When a loggable event, usually an HTTP transaction, occurs, IIS calls the selected logging module, which then writes to one of the logs stored in the files system of the Web server. These logs are in addition to those provided by the operating system.
  • Request Filtering – Screens all incoming requests to the server and filters these requests based on rules set by the administrator.
    Many malicious attacks share common characteristics, like extremely long requests, or requests for an unusual action. By filtering requests, you can attempt to mitigate the impact of these types of attacks.
  • IIS Management Console – Provides infrastructure to manage IIS 7 by using a user interface.
    You can use the IIS management console to manage a local or remote Web server that runs IIS 7. To manage SMTP or FTP, you must install and use the IIS 6 Management Console.
How to Install IIS 7 - 6
7. Click Next to get to the Confirm Installation Selections screen to verify your chosen settings.
How to Install IIS 7 - 7
8. Click Install and installation will start
How to Install IIS 7 - 8


9. After installation you should see the Installation Results page. Click Close to finish the process.
How to Install IIS 7 - 9
10. In the Server Manager window, under Roles Summary, you should now see Web Server (IIS)
How to Install IIS 7 - 10
11. Let’s go ahead and open IIS Manager by going to Start -> Administrative Tools -> Internet Information Services (IIS) Manager
How to Install IIS 7 - 11
12. Once IIS Manager opens, expand out the web server and then expand the Sites folder. Right click on sites and then click on Add Web Site
How to Install IIS 7 - 12
13. In the Add Web Site window we have some basic information to fill out for a static site:
  • Site Name – Name of the site, this will be either domain.com or *.domain.com (Where * would represent a sub domain name such as www or blog for example)
  • Physical Path – The location on the local server that will hold the files for the website. If you did not set this up beforehand you can create a folder through this interface
  • Type – choose either http or https depending on whether your site will use Secure Socket Layer (SSL) certificate or not
  • IP Address – From the dropdown you can specify what IP the website should answer on or use the default switch of All Unassigned
  • Host Name – If you would like this site to respond to other domain names you can put these here
How to Install IIS 7 - 13
You have now installed IIS 7 and configured a static website. Just place your html files in the directory you specified when creating the site and you are good to go.
How to Install IIS 7 - 14

How to copy data from one table to another in oracle / sql server

// Correct Query to copy data from one table to another where column name not same

INSERT INTO [TestApp].[dbo].[Table_1]SELECT
 [table_two_col1] as [table_one_col],[table_two_col2] as [table_one_col2],
[table_two_col3] as [table_one_col3]
FROM [TestApp].[dbo].[table_2]








//Following query useful for only Copy data from one table to another

2)   

INSERT
INTO  [TestApp].[dbo].[Table_1]VALUES
( SELECT
 [table_two_col1] ,[table_two_col2],[table_two_col3]  FROM [TestApp].[dbo].[table_2]
)



3) 


SELECT  [table_two_col1] ,[table_two_col2],[table_two_col3]
into [TestApp].[dbo].[Table_1]
FROM [TestApp].[dbo].[table_2]


Try it... :)

Thursday, 9 August 2012

Conversion failed when converting the nvarchar value 'GENERAL' to data type int.

SQL Server Error :


Causes : 

       -       It causes when you are executing query in SQL Server 2008 /2005 or ..
   
       -       Here it may cause because of your query execution or datatype of entity.

       -       Ex :  Converting from int to string  or input int but datatype is nvarchar etc


Actions :

      -       Suppose your data stored in varchar format , then you should use   ' '   single quotationmark for parameters in where conditions.

      Example :


 Datatype  name nvarchar(50)

1)  Wrong Query :- >    

SELECT [emp_no]  from  [emp_MAST] where [shift_cd] = 1;

Here shift_cd  = 1 (which is int) bt my ticketNo is nvarchar(50) .
So error .


2)   Correct query  :- >    

SELECT [emp_no]  from  [emp_MAST] where [shift_cd] = '1';


This is will help you !!



Tuesday, 7 August 2012

How to print report for multiple employee's ( Ex : For 1000 employee payslip in one report )

Here ,

If you want one report file for multiple employee or object and with same format ??

it is possible because of crystal reports.


Here
-  Create crystal report and design as you want and provide schema.

-  After creating report from .net , gather all information in DataTable or DataSet .

-  Call function or query to DataSet for storing information.

-  Make DataSet as datasource for crystal reports.


In crystal reports :->

In crystal reports , you need to follow steps as

-  Right click on report . In  "Report"  Section click on submenu "Section Expert"

- One window will open ,on that window observ  "Section"  Part where you will get "Details"  (3rd option)
  Select that.

-  After Click on " Details" ,In  Adjcent window multiple checkboxes will appear.

- From that checkboxes select "Format Multiple column .. "

After that , from "Layout " tab of same section ,Click on "Format Multiple Column .. "


You will get result as you want.

Hope this will help you !! :)

NUMTOYMINTERVAL IN ORACLE

NUMTOYMINTERVAL converts number n to an INTERVAL YEAR TO MONTH literal. The argument n can  be any NUMBER value or an expression that can be implicitly converted to a NUMBER value. The argument interval_unit can be of CHAR, VARCHAR2, NCHAR, or NVARCHAR2 datatype. The value for interval_unit specifies the unit of n and must resolve to one of the following string values:


YEAR'

'MONTH'

interval_unit is case insensitive. Leading and trailing values within the parentheses are ignored. By default, the precision of the return is 9.


Examples
The following example calculates, for each employee, the total salary of employees hired in the past one year from his or her hire date.
SELECT last_name, hire_date, salary, SUM(salary) 
   OVER (ORDER BY hire_date 
   RANGE NUMTOYMINTERVAL(1,'year') PRECEDING) AS t_sal 
   FROM employees;

Monday, 6 August 2012

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)



Causes : 

Before i came here i searched every possibilities to fix this error. I followed the correct steps and still shows this error when i am trying to access the website.


Actions

It was because i was using the default user provided by windows. I've created an SQL user and now is working like a charm


You also follow the same.

Thursday, 2 August 2012

Common errors in Web.Config of ASP.NET

1. Custom Errors Disabled
When you disable custom errors as shown below, ASP.NET provides a detailed error message to clients by default.

Wrong configuration:
<configuration>
<system.web>
<customErrors mode="Off">
Right configuration:
<configuration>
<system.web>
<customErrors mode="RemoteOnly">
The more information a hacker can gather about a Web site, the more likely it is that he will be able to successfully attack it. An error message can be of vital significance to an attacker. A default ASP.NET error message lists the specific versions of ASP.NET and the .NET framework which are being used by the Web server, as well as the type of exception that was thrown. Just knowing which Web-based applications are used (in this case ASP.NET) compromises application security by telling the attacker that the server is running a relatively recent version of Microsoft Windows and that Microsoft Internet Information Server (IIS) 6.0 or later is being used as the Web server.
You can build up application security to prevent such information leakage by modifying the mode attribute of the <customErrors> element to "On" or "RemoteOnly." This setting instructs Web-based applications to display a nondescript, generic error message when an unhandled exception is generated. Another way to circumvent this application security issue is to redirect the user to a new page when errors occur by setting the "defaultRedirect" attribute of the <customErrors> element. This approach can provide even better application security because the default generic error page still gives away too much information about the system (namely, that it's using a Web.config file, which reveals that the server is running ASP.NET).


2. Leaving Tracing Enabled in Web-Based Applications
The trace feature of ASP.NET is one of the most useful tools that you can use to ensure application security by debugging and profiling your Web-based applications. Unfortunately, it is also one of the most useful tools that a hacker can use to attack your Web-based applications if it is left enabled in a production environment.

Wrong configuration:
<configuration>
<system.web>
<trace enabled="true" localOnly="false">
Right configuration:
<configuration>
<system.web>
<trace enabled="false" localOnly="true">
When the <trace> element is enabled for remote users of Web-based applications (localOnly="false"), any user can get detailed list of recent requests to the application simply by browsing to the page "trace.axd." A trace log presents a wealth of information: the .NET and ASP.NET versions that the server is running; a complete trace of all the page methods that the request caused, including their times of execution; the session state and application state keys; the request and response cookies; the complete set of request headers, form variables, and QueryString variables; and finally the complete set of server variables.
A hacker looking for a way around application security would obviously find the form variable histories useful because these might include email addresses that could be harvested and sold to spammers, IDs and passwords that could be used to impersonate the user, or credit card and bank account numbers. Even the most innocent-looking piece of data in the trace collection can be dangerous in the wrong hands. For example, the "APPL_PHYSICAL_PATH" server variable, which contains the physical path of Web-based applications on the server, could help an attacker perform directory traversal attacks against the system.
The best way to prevent a hacker from obtaining trace data from Web-based applications is to disable the trace viewer completely by setting the "enabled" attribute of the <trace> element to "false." If you have to have the trace viewer enabled, either to debug or to profile your application, then be sure to set the "localOnly" attribute of the <trace> element to "true." That allows users to access the trace viewer only from the Web server and disables viewing it from any remote machine, increasing your application security.


3. Debugging Enabled
You should never deploy an ASP.Net application in debug mode. Visual Studio 2005/2010 will even automatically modify the Web.config file to allow debugging when you start to debug your application. And, since deploying ASP.NET applications is as simple as copying the files from the development folder into the deployment folder, it's easy to see how development configuration settings can accidentally make it into production, compromising application security.

Wrong configuration:
<configuration>
<system.web>
<compilation debug="true">
Right configuration:
<configuration>
<system.web>
<compilation debug="false">
Leaving debugging enabled is dangerous because you are providing inside information to end users who shouldn't have access to it, and who may use it to attack your Web-based applications. For example, if you have enabled debugging and disabled custom errors in your application, then any error message displayed to an end user of your Web-based applications will include not only the server information, a detailed exception message, and a stack trace, but also the actual source code of the page where the error occurred.
Unfortunately, this configuration setting isn't the only way that source code might be displayed to the user. Here's a story that illustrates why developers shouldn't concentrate solely on one type of configuration setting to improve application security. In early versions of Microsoft's ASP.NET AJAX framework, some controls would return a stack trace with source code to the client browser whenever exceptions occurred. This behavior happened whenever debugging was enabled, regardless of the custom error setting in the configuration. So, even if you properly configured your Web-based applications to display non-descriptive messages when errors occurred, you could still have unexpectedly revealed your source code to your end users if you forgot to disable debugging.
If you want to disable debugging, set the value of the "debug" attribute of the <compilation> element to "false."



4. Cookies Accessible through Client-Side Script
In Internet Explorer 6.0, Microsoft introduced a new cookie property called "HttpOnly". While you can set the property programmatically on a per-cookie basis, you also can set it globally in the site configuration.

Wrong configuration:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="false">
Right configuration:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true">
Any cookie marked with this property will be accessible only from server-side code, and not to any client-side scripting code like JavaScript or VBScript. This shielding of cookies from the client helps to protect Web-based applications from Cross-Site Scripting attacks. A hacker initiates a Cross-Site Scripting (also called CSS or XSS) attack by attempting to insert his own script code into the Web page to get around any application security in place. Any page that accepts input from a user and echoes that input back is potentially vulnerable. For example, a login page that prompts for a user name and password and then displays "Welcome back, <username>" on a successful login may be susceptible to an XSS attack.
As mentioned earlier, it is possible to enable "HttpOnly" programmatically on any individual cookie by setting the "HttpOnly" property of the "HttpCookie" object to "true." However, it is easier and more reliable to configure the application to automatically enable "HttpOnly" for all cookies. To do this, set the "httpOnlyCookies" attribute of the <httpCookies> element to "true."


5. Cookieless Session State Enabled
In the initial 1.0 release of ASP.NET, you had no choice about how to transmit the session token between requests when your Web application needed to maintain session state: it was always stored in a cookie. Unfortunately, this meant that users who would not accept cookies could not use your application. So, in ASP.NET 1.1, Microsoft added support for cookieless session tokens via use of the "cookieless" setting.

Right configuration:
<configuration>
<system.web>
<sessionState cookieless="UseUri">
Secure configuration:
<configuration>
<system.web>
<sessionState cookieless="UseCookies">
Web applications configured to use cookieless session state now stored the session token in the page URLs rather than a cookie. For example, the page URL might change from
http://myserver/MyApplication/default.aspx to http://myserver/MyApplication/(123456789ABCDEFG)/default.aspx. In this case, "123456789ABCDEFG" represents the current user's session token. A different user browsing the site at the same time would receive a completely different session token, resulting in a different URL, such as http://myserver/MyApplication/(ZYXWVU987654321)/default.aspx.
While adding support for cookieless session state did improve the usability of ASP.NET Web applications for users who would not accept cookies, it also had the side effect of making those applications much more vulnerable to session hijacking attacks. Session hijacking is basically a form of identity theft wherein a hacker impersonates a legitimate user by stealing his session token. When the session token is transmitted in a cookie, and the request is made on a secure channel (that is, it uses SSL), the token is secure. However, when the session token is included as part of the URL, it is much easier for a hacker to find and steal it. By using a network monitoring tool (also known as a "sniffer") or by obtaining a recent request log, hijacking the user's session becomes a simple matter of browsing to the URL containing the stolen unique session token. The Web application has no way of knowing that this new request with session token "123456789ABCDEFG" is not coming from the original, legitimate user. It happily loads the corresponding session state and returns the response back to the hacker, who has now effectively impersonated the user.
The most effective way to prevent these session hijacking attacks is to force your Web application to use cookies to store the session token. This is accomplished by setting the "cookieless" attribute of the <sessionState> element to "UseCookies" or "false." But what about the users who do not accept cookies? Do you have to choose between making your application available to all users versus ensuring that it operates securely for all users? A compromise between the two is possible in ASP.NET 2.0. By setting the "cookieless" attribute to "AutoDetect", the application will store the session token in a cookie for users who accept them and in the URL for those who won't.
Hope it helps...

Web Services in ASP.NET

A Web Service is programmable application logic accessible via standard Web protocols. One of these Web protocols is the Simple Object Access Protocol (SOAP). SOAP is a W3C submitted note (as of May 2000) that uses standards based technologies (XML for data description and HTTP for transport) to encode and transmit application data.
Consumers of a Web Service do not need to know anything about the platform, object model, or programming language used to implement the service; they only need to understand how to send and receive SOAP messages (HTTP and XML).

Try simple code :

ASPX :->


<html xmlns="http://www.w3.org/1999/xhtml">
<
head runat="server"><title></title></
head><
body><form id="form1" runat="server"><div><asp:GridView ID="GridView1" runat="server"><Columns><asp:BoundField DataField="id" HeaderText="ID" /><asp:BoundField DataField="f_name" HeaderText="Firts name" /><asp:BoundField DataField="adds" HeaderText="ADDS" /></Columns></asp:GridView><asp:Button ID="Button1" runat="server" Text="Click" onclick="Button1_Click" /></div></form></
body></
html>

CS ->

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using webServiceTrial;namespace webServiceTrial{

public partial class _Default : System.Web.UI.Page{
protected void Page_Load(object sender, EventArgs e){
}

protected void Button1_Click(object sender, EventArgs e){
webServiceTrial.
WebService1 wrr = new webServiceTrial.WebService1();GridView1.DataSource = wrr.getDetails();
GridView1.DataBind();
}
}
}


WebService asmx :-?


using System.Web.Services;using System.Data;using System.Data.Sql;using System.Data.SqlClient;namespace webServiceTrial{

/// <summary>/// Summary description for WebService1/// </summary>[WebService(Namespace = "http://tempuri.org/")][
WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)][System.ComponentModel.
ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. // [System.Web.Script.Services.ScriptService]public class WebService1 : System.Web.Services.WebService{
[
WebMethod]
public string HelloWorld(){

return "Hello World";}
[
WebMethod]
public DataSet getDetails(){

SqlConnection conn;
SqlDataAdapter myDataAdapter;
DataSet myDataSet;
const string cmdString = "Select * From Info";conn =
new SqlConnection("Data Source=ADS;Initial Catalog=TestApp;Persist Security Info=True;User ID=Nihar.Kulkarni;Password=bflmcd");myDataAdapter =
new SqlDataAdapter(cmdString, conn);myDataSet =
new DataSet();myDataAdapter.Fill(myDataSet,
"Info");
return myDataSet;
}
}
}