I have requirement is like below.
The user can call the url like domainname/applicationname/instancesname
For Ex: abc.com/xyz/pqr
From the URL with instance name I need to take and i need to redirect to the login page.
but what ever the user is enter the URL, I should keep in browser url.
[Because user may bookmark the URL]
Think I will receive the instance name dynamically.
how can i use this in Spring MVC.
The main concept is single url we are handling with multiple instances.
Unless you don not pass any url parameters with abc.com/xyz/pq this url it wont be a problem. Book mark url will work since you have the request mapping in your controller.
Related
I have configured an OpenID Connection application on OneLogin (not sure the provider matters) with a configured post MFA authentication redirect uri of
http://localhost:4200/LoginResponse.aspx?
The code behind my LoginResponse.aspx page grabs the returned id_token and processes it.
The issue is that after my initial redirect to the MFA login and successful login/MFA validation, the redirect is coming to
http://localhost:4200/LoginResponse.aspx#id_token=12345678987...........
Note the "#" symbol after my .aspx extension. This is corrupting the parameter string that is returned and not allowing me to grab the value of id_token from the Response.
After the redirect comes back, if I simply manually replace the "#" with a "?" and hit enter, my LoginResponse.aspx page loads fine and finds the id_token and processes it with my business logic.
My question is, how can I get the redirect to actually return to "LoginResponse.aspx?" so that I can grab the parameters.
On my OpenID Application I have tried the following options as Redirect URIs
LoginResponse
LoginResponse.aspx
LoginResponse.aspx?
LoginResponse.aspx?action=test
Did that last one to see if I could get around the ? not being there. But that just redirected the page to "LoginResponse.aspx?action=test#id_token=..............." So again, I could not grab the "id_token" variable out of the URL Response/QueryString.
I just cannot figure out how to get rid of this unwanted "#" sign and have a "?" after my .aspx extension.
Any help would be greatly appreciated!
I assume you are using the implicit flow to retrieve the tokens and in this flow you can either get back the tokens in the URL with the #. The # is added to make sure the tokens are not sent back to the server, instead they just stay in the browser. If it was a #, then the secret tokens would be sent back to the server and end up in various logs and creating various security issues.
I don't know how you implemented the client, but in OpenID Connect, if you add this parameter "&response_mode=form_post" to the initial authorization request, then you will get back the token using a POST request instead. just like this picture shows:
PS, I doubt you can get back the tokens using a ? instead of #.
Asp.net, when it sees an unauthenticated request, typically send the request to the login page.
An example is below:
http://localhost:9001/?a=x&b=y&c=z
Request to the login page:
http://localhost:9001/Account/Login.aspx?ReturnUrl=%2f%3fa%3dx%26b%3dy%26c%3dz&a=x&b=y&c=z
Notice how Asp.net creates a new parameter ReturnUrl but still retains the original parameters while redirecting to the login page.
I have a situation where the initial url length is around 1000+ characters and after this redirection, it becomes 2000+ which is kind of going beyond some browser limits.
Is there a quick way (configuration/httpmodule etc) to prevent the automatic parameters forwarding to the login page? (I can manage the login page needing these parameters to be extracted from ReturnUrl.)
For anyone who is wondering about this issue, the issue happens even in a default asp.net application but I was able to implement a fix for it.
Following is the fix:
Implement an HttpModule; handle the EndRequest event and check for 302/unauthenticated request
We have to use Response.RedirectLocation for most steps below
Using HttpUtility.ParseQueryString, get collection of all parameters
Using HttpUtility.ParseQueryString, get collection of all parameters within ReturnUrl value
Except ReturnUrl, strip out all other parameters which exist in ReturnUrl value
Update Response.RedirectLocation with ReturnUrl and remaining parameters (none in most cases), Url encoding as necessary
This will ensure the Url now has only ReturnUrl and other parameters which aren't copied in ReturnUrl.
You need to ensure that the login page (Account/Login in above e.g.) does not use any of these parameters or if they do, you have code to pull those out from value of ReturnUrl.
Hope this solution helps anyone with similar situation.
I wonder if it's possible to use FB.ui to invite friends to a custom page of my web application, but not to it's index.
Apprequests method doesn't seem to have any parameters as customizable uri
FB.ui({method: 'apprequests',
message: 'yay!',
});
In case if it's impossible to achieve with FB.ui, I would be glad to accept any other options. Thanks in advance.
By default, the invite will always send the user to the default canvas URL for your application. What you should do is detect this URL on the Index page, and then redirect them where you actually want them to go.
The way to do this is to look for the request_ids in the URL ($_GET) and then do a API call to /$request_id to verify it. Then you can redirect the user to any page you want (either JavaScript redirect, or PHP header redirect).
Is it possible to rewrite URL on the fly, only when a part of the server code has already been processed for the "raw" URL and it becomes clear the parameters must not be revealed to the user? Like, I want to proccess all the GET parameters in my page code on the server and create a tracking record in the database, then serve the user the page but change URL to parameterless in the browser.
I guess all the web.config referred module techniques won't work as they offer URL rewriting before request is passed to the page code on the server. But it comes in my case that I receive an ugly URL from google adwords clicks and I do like it tracked 'as is' in my database, and I do certainly not like it show to user in her brower's bar.
At the same time I would like to keep URL unchanged without applying the URL rewrite most of the time unless some particular parameter shows up in it (like ref=adwords) so that any paramter written by hand or posted back would be displayed in the address bar.
Is it possible to do so by any means?
Have you considered writing an ActionFilter that would (if your controller or method is decorated with it) intersect your initial request, do all the necessary processiong and then redirect back to the requested page only indicating, that processing has been done?
This would be my first thought.
In asp.net (or vb) I must to call a page that only autenticates a user, returning the user data if the logon succed. This way, I would like to implement the sequence:
A blank page (mine) request the autenticator page (3rd part) automatically on load;
The user logs in the autenticator page;
My page reads the autenticator page results and do the actions.
I'm a very begginer in asp.net, and I'm using vb.net in the environment for coding the page "onload" event. I'm trying to use the "redirect('url')" method to call the autenticator's page, but in this way, obviously, I can't receive the result. How can I implement this sequence?
Problem solved. I discovered that when I call the autenticator server I must to inform a parameter with the URL for autenticator's page redirecting to (my page, in this case). This way, the autenticator's page itself will request my page after user login, then I'll be able to get the URL parameters with the user data. Thanks.