Re: Use cookies as authenticate under wince

I'm thinking that you're probably asking in the wrong place. This doesn't
really have anything to do with the .NET Compact Framework, so, unless you
happen to find an expert on the CE Web server who also hangs out here...

If it were me, I'd post to microsoft.public.windowsce.platbuilder. You
should also mention some crucial information in your post like: what version
of Windows CE, what device is it running on (it's a Windows Mobile device or
one that you built, etc.)?

Paul T.

"Jooo" <Jooo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:52E8D3E7-8C08-4EA7-AD9D-39921E608352@xxxxxxxxxxxxxxxx
Hello!
I'am working on A Web-based interface that is runing at the HTTPD Server
that Windows ce is providing. The system for which the project is build
for
is an headless device. I developped a authentication system that will
check
the password on a sqlce database, and then redirect the User on different
websites in dependence of the user access rights.

It works well, but I have a major security problem!

When the login data are checked, I create a cookie that is send to the
page
to which the user is redirected by response.redirect("xxx.asp").In fact
I'm
using asp with vbscripts. I want to make at the top of the target site a
check of this cookie, to ensure that the user not simply came there by
typing
the right url. The only problem is that I can't make this cookie_check
because the webserver returns me this error:

The HTTP headers are already written to the client. HTTP
header
modifications must be made before writing page content

ASP scripting compilation error: '80020009'

Description:

In file: /Storage Card/ad_bnz_page.asp
On line: 2

Here is the corresponding script:

<%
response.Buffer=true
if request.cookies("rights")<>"2" or request.cookies("st")<>"admin" then
response.redirect("login.asp?mess=6")
end if
%>

If I remove line 2, the same error will occure at line 3 =>
response.redirect("....asp")

How can I make this check work if the respnse.buffer=true method doen't
work?
Thx for your help!

p.s: The server method I'm using is POST



.

Relevant Pages

  • Re: Use cookies as authenticate under wince
    ... OK, thx for the information! ... of Windows CE, what device is it running on (it's a Windows Mobile device or ... I'am working on A Web-based interface that is runing at the HTTPD Server ... The server method I'm using is POST ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: moving exchange 5.5
    ... Use the move server method as described here: ... I have an Exchange 5.5 SP4 installed on a Windows NT 4.0 server which is ...
    (microsoft.public.exchange.setup)
  • SecurityFocus Microsoft Newsletter #154
    ... MICROSOFT VULNERABILITY SUMMARY ... ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi... ... Roger Wilco Remote Server Side Buffer Overrun Vulnerability ... available for Microsoft Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #49
    ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
    (Focus-Microsoft)
  • Questions Relating to Administering Windows 2000 Server
    ... installed the network client on the target computer. ... Sarah has been attempting to install Windows 2000 ... Server for two days. ... Sarah has checked the cables and hard drives. ...
    (microsoft.public.cert.exam.mcse)