Posting data to third party - server side and client side issues - asp.net

Using .Net WebForms c# 4.5,
I have a requirement to post data to a third party and on doing so, the user by redirected to the external site in a new tab in ther browser. Like in this question: How to perform an HTTP POST and redirect the user to an external site?
So, I first of all tried doing a Post via WebClient. I was able to Post to the external site OK and get a html response string back. I want to be redirected to the external site as I would be with a normal form post however. The html response is no good if I render as it contains relative paths etc. I really need to redirect to the external site.
So the logical solution is to have a form on the page with a target="_blank" and an action of the external site. My problem is that I cannot do this as there is already a form which includes the whole page (this can not be changed) and nested forms aren't allowed.
Any suggestions

I can post to the third party by setting the PostBackUrl property on a LinkButton.
My remaining problem is that I want this to open in a new tab but the target="_blank" doesnt do anything here.
<asp:LinkButton ID="hlApplication" runat="server" Text="Start your application" aria-describedby="information" target="_blank" OnClientClick="this.disabled=true;" UseSubmitBehavior="false"/>
hlApplication.PostbackUrl ="http://externalurl";

Related

external POST request to update on aspx page

I am working in .net webforms and am submitting something to an external web service via .ashx which then returns a POST request with parameters to my .aspx page. I am having trouble figuring out how to get that data back on my page.
I understand that Request.QueryString["parameterName"] should get anything sent as a querystring, but how can I then take that information and, say, put it in a label on the page in my browser.
Basically I want this: user is on .aspx page, clicks a button, processing happens externally and information from the POST request from the webservice is then displayed on the screen for the user on the same .aspx page.
I assume this involves and needs some ajax - I just am not quite comfortable enough with it to know how to do it and if what I am doing is right.
Any help would be much appreciated!
thank you in advance,
syd

Cross-site scripting - ASP.NET form action being modified by URL

After running a security scan across our web application (WebInspect), it has reported several XSS vulnerabilities with some aspx pages.
The request URL seems to be able to change the form action.
Example,
/Website/somepage.aspx/'+alert(1234)+'
the form action is changed to
action="'+alert(1234)+'"
To rule out our application code, I tried this with the default new Visual Studio webform project and it allows the same.
How can this be prevented?
I've always been told that un-validated input being reflected into the page is bad news.
just put something in the action, something like this:
<form id="id_form" runat="server" action="Default.aspx">
When the action form is not specified asp fills this attribute with which you wrote in the URL next to the last slash. If you write something there asp doesn't rewrite this.
Please check your global.asax - Application_Start to see if any routes have been defined.

Do webforms post to server on every page change?

This might be a very basic question that I should already know the answer to but I can not seem to validate it.
I would like to know, in a webforms app (DotnetNuke) there is a master form which is created by DotNetNuke
<form method="post" action="/buynow?mode=form" onsubmit="javascript:return WebForm_OnSubmit();" id="Form" enctype="multipart/form-data">
In the app I have some fields and a button which fires a jQuery ajax POST to an external API. On the success of the post I use jQuery to redirect to a new page.
On this redirect will the form be posted to the server? I ask because in order to be PCI compliant I can not have the content of this form post to my server.
If it does post the form data by default is there a way to prevent it, or would it be just a matter of clearing the form fields before the redirect will solve my issue.
I use jQuery to redirect to a new page
Assuming you are using window.location to set the new URL, this will perform a GET of the new URL. No POST to the original URL (or anywhere else) will occur.
Many ASP.Net server controls cause a POST back to the same page, but these POSTs are almost always in response to a user action (a click, a dropdown change, etc.).
In general, you don't have to worry about postbacks occurring without your knowledge, but when in doubt, fire up a network sniffer (Firebug, Chrome tools, IE tools, etc.) to be sure.
I use jQuery to redirect to a new page
When you use redirect you are instructing the browser to perform a GET. In other words the browser won't perform a POST.

Legitamate cross site communication

I am building a website, within a large intranet, that wraps and adds functionality to another site within the same intranet. I do not have access to the other site's source and they do not provide any api's for the functionality they provide. I need to, somehow, have my server-side code go to that site, fill in some forms, then press a submit button.
Is this possible? If so, how can I accomplish this?
Note: I am working in asp.NET if that matters at all.
Not the most efficient, but maybe WatiN can get you started:
http://watin.sourceforge.net/
Just look at the URL the form is supposed to submit to and the method it employs (POST or GET) and then send a request to that URL using the same method and put the field you want as parameters
Your server-side code is basically a web client to the other web site. You will need to write the code to send the HTML form data to the other web site and process the response. I would start with the System.Net.WebClient class. Take a look at System.Net.WebClient.UploadValues. That class/method will enable you to POST the form data to the web site via a NameValueCollection.

ASP.NET - Send Information to Website

I have an asp.net webpage that only contains a textbox and a button. The user submits their email address using this webpage.
What I am trying to do now is take the information submitted by the user and go to another website. Where my "website/program" gives the different website the entered email address, and clicks the submit button.
If I where to physically go to the different website, there would be a textbox to enter the email. But since I am accessing the website from my page "behind the scenes" I cant manually enter their email address...
Is it possible to do this, if so how? Also, my code behind is in VB.
Thanks!
Well it can be done, but the simpllicity of it depends on what this other webpage is. Will this webpage always be the same or can it change?
If it a dynamic website that will frequently change, then you will need to basically parse the html and emulate how the email address gets posted to the webpage. Look for the tag in the html and see what page it posts to.
What you want to do is use HttpWebRequest. This class can send information to another web page. Here is a tutorial on how to do what you are asking: http://www.jigar.net/howdoi/viewhtmlcontent106.aspx
And here is the MSDN documentation on it: http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest(VS.71).aspx
Keep in mind that my solution will work if the web site is using POST or GET, but some sites use Javascript. To do this, it will require you to build a javascript interpreter.

Resources