I am new to asp .net web forms and I am having trouble in efficiently handling the broswer refersh. I have used the below link to do the same.
http://geekswithblogs.net/Vipin/archive/2011/06/08/detecting-browser-refresh-from-code-behind-in-.net.aspx
However , the problem with the above approach is that the button click is throwing the below error:
Invalid postback or callback argument. Event validation is enabled using in configuration or <%# Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Any help would be appreciated.
I suggest you to use Post/Redirect/Get pattern
If a web user attempts to refresh the page this pattern avoid the HTTP POST request to be resubmitted.
Just force a redirect at the end of the page that receive the posted data.
Moreover rely on session like example does is never a good practice
Related
I would like to use the WebRequest class to crawl some data.
I use the get request to access the site, and then use the regular expression to get to VIEWSTATE, PREVIOUSPAGE and EVENTVALIDATION..., and then use the post request related pages, get the error message, as follows:
505|error|500|Invalid postback or callback argument. Event validation is enabled using in configuration or <%# Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Where is the problem?
I have multiple UpdatePanels on a page, each filled by somewhat expensive controls. On async postbacks, all UpdatePanels are initialized, but only the updates UpdatePanel is sent to the client. Now I would like to initialize only the UpdatePanel that actually requires an update.
http://ryanfarley.com/blog/archive/2005/03/11/1886.aspx suggests decoding the __EVENTTARGET parameter to find the control that caused the post back. forums.asp.net/p/1385862/2947336.aspx suggests decoding the Request.Form value corresponding the the ScriptManager unique ID. Both seems to work fine. However, our production system (IIS 6, .NET 3.5) frequently reports requests where __EVENTTARGET is set to the unique ID of the ScriptManager (MyScriptManager). In these cases the ScriptManager parameter also decodes to MyScriptManager|MyScriptManager instead of UpdatePanelId|EventTargetId.
It has been observed for Firefox 3.0 and 3.5 as well as IE 6, 7 and 8. However, I was unable to reproduce it. Does anyone have a hint what causes our clients' browsers to post back these values?
Have you tried setting the updatepanel's updatemode to "conditional" ? I think this would solve your problem.
More information here: http://codeclimber.net.nz/archive/2007/05/24/updatemode-default-value-for-the-updatepanel-is-always.aspx
The ASP.NET AJAX history state causes this kind of requests. When a client uses our web application, we track the partial page updates using EnableHistory="true" on the ScriptManager. If the client clicks the back button in her browser, the ScriptManager initiates an asynchronous request, using itself as EventTarget.
Is there a way to detect page refresh without using viewstate in asp.net webforms ? I was wondering if it was at all even possible since asp.net mvc doesn't use viewstate for example.
I am trying to avoid using viewstate alltogether to keep my page size small.
IsPostBack is not going to work because its a F5 or Pager refresh case not the post back from any event.
You can detect a page refresh on the server-side using IsPostBack. In fact, any code you put in Page_Load in your code-behind will run each time the page is refreshed. Or have I misunderstood your question?
Why can't you just use IsPostback in the code behind with ViewState disabled in the page? This way you can do whatever you need to in the code behind and not worry about ViewState clogging up your page size.
You can disable ViewState in the page by adding the enableViewState flag to the #Page directive.
The only other thing I can think of is to have a piece of javascript code which catches the key press of F5, but obviously this will only capture an F5 refresh and not a Refresh-button refresh.
This site shows how to capture key presses with Javascript:
http://www.go4expert.com/forums/showthread.php?t=2733
The http protocal is stateless and after a response is send to the one how requestet it removes all trace of him except his session. The way webforms work is that it serialize your page state and send it to the client and then back to the server when you make a postback(A form post request). So you can save information about your client in his session about the page he been on before and then check in the session if he request the same page again.
When we write our own custom HTTPHandlers aren't they behave the same way as ICallBackEventHanlder does? we use both to make ajax calls from our web page, isn't this correct? or my understanding wrong, I wont doubt if it is :(
Obviously HTTPHandlers are more broader concept since a web page (.aspx) etc are also http handlers.
A ICallBackEventHandler is for integration with a page -- a handler is for anything. A callback handler is useful when you want to do an ajax request from the client-side of a page, and from that handler you still want access to all of the controls on the page, their re-saturated state that comes from ViewState, etc. An http handler has no access to the page or its state. A callback handler can also push some state changes back to the client. For example, a callback handler might render something which requires the __EVENTVALIDATION field on the client-side to be updated.
I've got an HTTPModule that does some role-based page access security (I'm having to retrofit some security into some code that we've acquired).
I've noticed that in one instance that it doesn't fire on a Server.Transfer.
Here's a snippet of the code:
' move to target page
Select Case eTransferMethod
Case TargetPageTransferMethod.Redirect
Page.Response.Redirect(strPage, False)
Case TargetPageTransferMethod.Transfer
Context.Handler = Me
Page.Server.Transfer(strPage)
Case TargetPageTransferMethod.None
' Do nothing
End Select
The case that I'm talking about here is the TargetPageTransferMethod.Transfer case. The page will be an .aspx page.
Now I know that AcquireRequestState is fired on other Server.Transfer calls in this code. In fact it gets fired on the postback when a button on the page transferred to is clicked. Ironically my security code is bypassed on the transfer to this page but denies access on the postback when this page's cancel button is clicked! :eek:
I'd post further details of the codebase but it's so convoluted and sprawling it'd be a nightmare to explain.
So basically I'm asking 'What might cause the AcquireRequestState event in an HTTPModule to not fire when a Server.Transfer is called?'
The way to get around this is to create a custom HttpHandler that inherits the System.Web.UI.PageHandlerFactory class.
You can then override the GetHandler method which is called whenever a page instance is created, both on Response.Redirect and on Server.Transfer.
Register this new handler to use the "*.aspx" extension and all pages will automatically use the new handler. This allows you to do custom authorisation on Server.Transfer as well as use a dependency injection framework (e.g. MS Unity).
I can understand it being called on a post back, as that is another request from the client, but Server.Transfer doesn't initiate a new request, it transfers execution from one page to another.
As the AcquireRequestState event is fired "when ASP.NET acquires the current state (for example, session state) that is associated with the current request" - this would occur on the initial request from the browser, but not on the server transfer as the server didn't get another request, you're just asking it to process a different page.
A key comment is this one from the HttpServerUtility.Transfer documentation:
ASP.NET does not verify that the current user is authorized to view the resource delivered by the Transfer method. Although the ASP.NET authorization and authentication logic runs before the original resource handler is called, ASP.NET directly calls the handler indicated by the Transfer method and does not rerun authentication and authorization logic for the new resource. If your application's security policy requires clients to have appropriate authorization to access the resource, the application should force reauthorization or provide a custom access-control mechanism.
Server.Transfer doesn't reprocess the entire HTTP pipeline for the destination page. It just calls the destination page's HttpHandler. Because of this, you shouldn't see any of the earlier applicaton events get fired.