Webbrowser calls iframes as empty - asp.net

I am using a web browser for a ticket sales system. After I login to the system, I fill out the form to send the request for the ticket, but some problem occurs.
The browser sends the request succesfully, but when the ticket page is loading, the browser calls iframes as empty. I can't see the existence of iframes and unfortunately, iframes include the result of the request. I thought calls include the ticket, but the boss does not want it.
I want the result to be displayed in the iframe.
I just use Webbrowser1.Navigate("pageurl") for calling the request form page. After that I filled out the form and click the submit button programmatically:
WebBrowser1.Document.GetElementById("sbmtBTN").invokeMember("click");
How can I solve It

I solved the problem. Before I call the the page, Blocked main page of Iframe. I re-call the pages with their main pages and iframes run.

Related

Redirection not working with JQuery Mobile

I am running a DNN7.1 website. I have a regular website. I added a page which acts as login page for mobile users. I am using JQuery Mobile 1.3.2 on the mobile pages including this mobile login page. If the user navigates to that page and enters username and password, it works correctly and redirects them to the correct page sent on the url using a querystring, example:
http://localhost/Mobilelogin?url=http://localhost/somePage
it correctly redirects to
http://localhost/somePage
Now I want to add capability where user can directly send his username and password along with the url that he wants to navigate, the login page should authenticate using the username and password provided and once successful redirect it to the url (using asp.net Response.Redirect method), in the format
http://localhost/Mobilelogin?u=username&p=password&url=http://localhost/somePage
The issue is, it works fine if the user is not logged in but if he is already logged in and then uses the same url, (which has username and password) redirection doesn't work. I tried disabling the ajax using following code, as I read redirection and JQM doesn't work well.
$(document).on("mobileinit", function () {
$.extend($.mobile, {
linkBindingEnabled: false,
ajaxEnabled: false
});
});
But it still is not working. Can anyone please let me know what I need to do to make this work.
I tried debugging the login module, which is written in c#, when the user enters the url when not logged in, it calls the page load and hits the break point but when logged in and enters the url the break point is never hit. It looks like browser is not even contacting the server. I am new to JQM, I thought disabling the ajax globally will always hit the server to get the information. Is that not how it works? How can I make the redirection work in my case. Any help is greatly appreciated.
You need to be aware that by default, jQuery Mobile uses AJAX to load page content and does not "redirect" as per normal.
You should read the FAQ's as these provide useful information: -
http://view.jquerymobile.com/1.3.2/dist/demos/faq/
Specifically: -
.. it will only inject the contents of the response's body element (or
more specifically the data-role="page" element, if it's provided),
meaning nothing in the head of the page will be used
http://view.jquerymobile.com/1.3.2/dist/demos/faq/scripts-and-styles-not-loading.html
This might explain why your script doesn't execute, as if it's in the <head> it's not being loaded.

Only one asp.net page through out

I have created a web page but i want to restrict only one instance of the page should be running at all times. The scenarios are given as below.
First time - User launches the page by URL and page loads.
User types URL again in another window and it should say that a page is already open OR refresh the existing page.
User closes the window and tries again - new fresh page will be loaded.
Additional Details : I have a database, user authentication.
Tried So Far : Set a flag in DB-->> This method how do i redirect the user back to the page which is already opened.
Any ideas to implement this.?
Thanks in Advance for your opinions and suggestions.
Perhaps you should use a cookie which expires when the user closes the browser. However, all browser instances may need to be closed.
First time, there is no cookie and http_referer does not contain the same domain. (set cookie now)
http_referer contains the same domain
cookie expires and go back to (1)
You should consider using cookies for this. Create a session-long cookie upon opening of the window and destroy it upon closing of the window. If a cookie already exists, you know the window is already open.
This of course relies on javascript and is easily got round. You can not use a server-side solution because it would be impossible to catch the closing of the browser window in order to clear the cookie.
Personally, I wouldn't try and restrict the opening of multiple windows but restrict the functionality available in each window. This approach would be much easier to control using a server-side approach, e.g. events fired in the window can be validated server-side.

When browser sets the "referrer" in HTTP Request header?

I have a login page and users from different domains are redirected to this page for the purpose of SSO. I use the referrer HTTP Header field to know where the user has come from, thus on successful login, I return him/her back to his/her original domain.
But sometimes my referrer is not set, while other times it's set. Why?
Users can come to your page using different methods:
By entering the URL of your page, directly into the address bar of the browser
By clicking a link to your site from another site
By reloading your current page
By Submitting a form on your site (sending POST request back to your site)
By navigating through back/forward buttons of your browser.
By being redirected through a previous page to the current page.
Now, browsers really differ in how and when they set referrer header field. But as a general rule, you can be sure that on link click, or on submitting a form (post request), they set referrer field. Also if you have come to the current page via a redirect or a link, browser still preserves referrer header on F5 (page reload).
If you see that your referrer field is empty, it's because someone knows your Login page URL and enters that directly into the address bar, or someone has bookmarked it, so sends a GET request.
Generally, you shouldn't always expect the referrer field, because it's outside your control. You should use cookies, or query strings, because they are under your control.
the other thing is that some user may have referer option set as disabled in their browsers as a part of browser security settings.

SSL Login in iFrame

My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or "you are logged in as". The last bit don't have to be secure, as it's only info to the user, nothing I will use server side. But the first part should send secure to the server.
It seems that I would have to use https for all pages on the site then. I would like to only use ssl for the things that are required to be secure.
One way is putting the login information into a https://../login.aspx and show it on my mainpage as an IFrame.
One disadvantage I can see is that the user won't know that https is being used, unless they read the IFrame src in the source code.
What do you think?
Are you using the built-in asp.net login controls or do you just use two textbox controls?
You could use your own form tag (not runat="server") with the action attribute set to "https://..." and just use two html input tags and a button to log on.
Again this wouldn't show the user that there credentials are secure when logging in.
Because of some recently discovered SSL attacks, it is always preferable to also put the logon form on a https:// page. Otherwise a hacked can intercept the http stream and change your form action from "https://..." to "http://..." and then sniff the credentials.
Another option would be to take advantage of the PostBackUrl property of the Button control.
You would need to create your own login LayoutTemplate to take advantage of this though. You would then be able to add the secure scheme to the current page URL, and set the PostBackUrl property of the submit button to that.
This would have a similar issues to your iFrame solution (the user wouldn't see the padlock symbols), however you would have the advantage that you wouldn't be using iFrames.
Another issue using an iFrame is the affects that they can have on the page:
They are a separate request, but can cause a block on the JavaScript PageLoad event firing.
The login form would only postback within the iFrame, so you'd need to refresh the parent page when the user is successfully logged in to remove it.
Additionally to that, errors would be returned in the iFrame, probably not leaving you much space for displaying the form as well, etc.
You've hit the major problems. You want the login, which needs to be on every page to use SSL, but you don't want the entire page to be SSL.
This is more of a business decision at this point than anything else. Would you rather your customers feel more secure about visiting your site, or do you want the login information present on every screen?
If you need to have both, you may need to also look at making your entire site SSL.

Images in IFRAME no longer showing after I log out of Flickr?

I have a iframe window which displays user's flickr images. I use the flickr.photos.search api to download the user's image from flickr. This works great when the user is logged into flickr.
But when I explicitly log off the user from flickr and the yahoo network and then attempt to download the flickr images, I get redirected to www.yahoo.com in a full browser window (not in my iframe).
If I remember correctly, I did not have this issue when I was not using iframes and I was being redirected to the yahoo login screen.
Any suggestions?
To elaborate, this URI - http://www.flickr.com/services/api/auth.howto.web.html, lists the below step -
Create an auth handler
When users follow your login url, they are directed to a page on flickr.com which asks them if they want to authorize your application. This page displays your application title and description along with the logo, if you uploaded one.
When the user accepts the request, they are sent back to the Callback URL you defined in step 2. The URL will have a frob parameter added to it. For example, if your Callback URL was http://test.com/auth.php then the user might be redirected to http://test.com/auth.php?frob=185-837403740 (The frob value in this example is '185-837403740').
This does not happen when I am in my iframe window but it does happen in my full browser window.
I posted the above question in the flickr forums and I received a response which said this cannot be done in iframes. So, I would need to rejig my UI to achieve this.

Resources