I have set arabic as as client's machine language.But in C# program while am using
var test = Thread.CurrentThread.CurrentCulture;
It shows the language as En-US.?
How i get the selected language of the machine?.
This will depend on how the client browser is configured. If the client browser's default language is configured to be en-US you will never be able to get the actual language on the server. For example in Google Chrome there's a setting where you could specify the preferred languages sent to the server:
So once you have configured the preferred language of your web browser to be something else, the browser will send this language as Accept-Language HTTP request header and you will be able to retrieve it on the server. In this case ASP.NET will automatically assign it to the current thread's culture assuming in your web.config you have not changed it in the <globalization> element but left the default value.
Request.UserLanguages is the property you're looking for.
Just keep in mind that this array may contain arbitrary (even non-exsitent) languages as set by request headers.
Example:
var lobUserLanguages = Request.UserLanguages;
CultureInfo ci;
if (lobUserLanguages.Count > 0)
{
try
{
ci = new CultureInfo(lobUserLanguages[0]);
}
catch(CultureNotFoundException)
{
ci = CultureInfo.InvariantCulture;
}
}
else
{
ci = CultureInfo.InvariantCulture;
}
Related
I was able to successfully use external authentication with datazen via HTTPWEBREQUEST from code-behind with VB.NET, but I am unclear how to use this with an iframe or even a div. I'm thinking maybe the authorization cookies/token isn't following the iframe around? The datazen starts to load correctly, but then it redirects back to the login page as if it's not being authenticated. Not sure how to do that part, this stuff is pretty new to me and any help would be greatly appreciated!!
Web page errors include:
-OPTIONS url send # jquery.min.js:19b.extend.ajax # jquery.min.js:19Viewer.Controls.List.ajax # Scripts?page=list:35Viewer.Controls.List.load # Scripts?page=list:35h.callback # Scripts?page=list:35
VM11664 about:srcdoc:1
XMLHttpRequest cannot load http://datazenserver.com/viewer/jsondata. Response for preflight has invalid HTTP status code 405Scripts?page=list:35
load(): Failed to load JSON data. V…r.C…s.List {version: "2.0", description: "KPI & dashboard list loader & controller", url: "/viewer/jsondata", index: "/viewer/", json: null…}(anonymous function) # Scripts?page=list:35c # jquery.min.js:4p.fireWith # jquery.min.js:4k # jquery.min.js:19r # jquery.min.js:19
Scripts?page=list:35
GET http://datazenserver.com/viewer/login 403 (Forbidden)(anonymous function) # Scripts?page=list:35c # jquery.min.js:4p.fireWith # jquery.min.js:4k # jquery.min.js:19r # jquery.min.js:19
' ''//////////////////////////////////
Dim myHttpWebRequest As HttpWebRequest = CType(WebRequest.Create("http://datazenserver.com/"), HttpWebRequest)
myHttpWebRequest.CookieContainer = New System.Net.CookieContainer()
Dim authInfo As String = Session("Email")
myHttpWebRequest.AllowAutoRedirect = False
myHttpWebRequest.Headers.Add("headerkey", authInfo)
myHttpWebRequest.Headers.Add("Access-Control-Allow-Origin", "*")
myHttpWebRequest.Headers.Add("Access-Control-Allow-Headers", "Accept, Content-Type, Origin")
myHttpWebRequest.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
Dim myHttpWebResponse As HttpWebResponse = CType(myHttpWebRequest.GetResponse(), HttpWebResponse)
Response.AppendHeader("Access-Control-Allow-Origin", "*")
' Create a new 'HttpWebRequest' Object to the mentioned URL.
' Assign the response object of 'HttpWebRequest' to a 'HttpWebResponse' variable.
Dim streamResponse As Stream = myHttpWebResponse.GetResponseStream()
Dim streamRead As New StreamReader(streamResponse)
frame1.Page.Response.AppendHeader("Access-Control-Allow-Origin", "*")
frame1.Page.Response.AppendHeader("headerkey", authInfo)
frame1.Attributes("srcdoc") = "<head><base href='http://datazenserver.com/viewer/' target='_blank'/></head>" & streamRead.ReadToEnd()
You might have to do more of this client-side, and I don't know whether you'll be able to because of security concerns.
External authentication in Datazen looks something like this:
User-Agent | Proxy | Server
-------------------|----------------------|------------------------------------
1. /viewer/home --> 2. Append header --> 3. Check cookie (not present)
<-- 5. Forward <-- 4. Redirect to /viewer/login
6. /viewer/login --> 7. Append header --> 8. Append cookie
<-- 10. Forward <-- 9. Redirect to /viewer/home
11. /viewer/home --> 12. Append header --> 13. Check cookie (valid)
<-- 15. Forward <-- 14. Give content
16. .................. Whatever the user wanted ..........................
So even though you're working off a proxy with a header, you're still getting a cookie back that it uses.
Now, that's just context.
My guess, from your description of the symptoms, is that myHttpWebResponse should have a cookie set (DATAZEN_AUTH_TOKEN, I believe), but it's essentially getting thrown out--you aren't using it anywhere.
You would need to tell your browser client to append that cookie to any subsequent (iframe-based) requests to the domain of your Datazen server, but I don't believe that's possible due to security restrictions. I don't know a whole lot about CORS, though, so there might be a way to permit it.
I don't know whether there's any good way to do what you're looking to do here. At best, I can maybe think of a start to a hack that would work, but I can't even find a good way to make that work, and you really wouldn't want to go there.
Essentially, if you're looking to embed Datazen in an iframe, I would shy away from external authentication. I'd shy away from it regardless, but especially there.
But, if you're absolutely sure you need it over something like ADFS, you'll need some way to get that cookie into your iframe requests.
The only way I can think to make this work would be to put everything on the same domain:
www.example.com
datazen.example.com (which is probably your proxy)
You could then set a cookie from your response that stores some encrypted (and likely expiring) form of Session("Email"), and passes it back down in your html.
That makes your iframe relatively simple, because you can just tell it to load the viewer home. Something to the effect of:
<iframe src="//datazen.example.com/viewer/home"></iframe>
In your proxy, you'll detect the cookie set by your web server, decrypt the email token, ensure it isn't expired, then set a header on the subsequent request onto the Datazen server.
This could be simplified at a couple places, but this should hold as true as possible to your original implementation, as long as you can mess with DNS settings.
I suppose another version of this could involve passing a parameter to your proxy, and sharing some common encryption key. That would get you past having to be on the same domain.
So if you had something like:
var emailEncrypted = encrypt(Session("Email") + ":somesalt:" + DateTime.UtcNow.ToString("O"));
Then used whatever templating language you want to set your iframe up with:
<iframe src="//{{ customDomain }}/viewer/home?emailkey={{ emailEncrypted }}"></iframe>
Then your proxy detected that emailkey parameter, decrypted it, and checked for expiration, that could work.
Now you'd have a choice to make on how to handle this, because Datazen will give you a 302 to /viewer/login to get a cookie, and you need to make sure to pass the correct emailkey on through that.
What I would do, you could accept that emailkey parameter in your proxy, set a completely new cookie yourself, then watch for that cookie on subsequent requests.
Although at that point, it would probably be reasonable to switch your external authentication mode to just use cookies. That's probably a better version of this anyway, assuming this is the only place you use Datazen, and you'd be safe to change something so fundamental. That would substantially reduce your business logic.
But, you wouldn't have to. If you didn't want to change that, you could just check for the cookie, and turn it into a header.
You should do (1), but just for good measure, one thing I'm not sure on, is whether you can pass users directly to /viewer/login to get a cookie from Datazen. Normally you wouldn't, but it seems like you should be able to.
Assuming it works as expected, you could just swap that URL out for that. As far as I know (although I'd have to double-check this), the header is actually only necessary once, to set up the cookie. So if you did that, you should get the cookie, then not need the URL parameter anymore, so the forced navigation would be no concern.
You'll, of course, want to make sure you've got a good form of encryption there, and the expiration pattern is important. But you should be able to secure that if you do it right.
I ended up just grabbing the username and password fields and entering them in with javascript. But this piece helped me a ton. You have to make sure you set the
document.domain ='basedomain.com';
in javascript on both sites in order to access the iframe contents else you'll run into the cross-domain issues.
I have a ASP.NET MVC 5 website, and I'm implementing an email confirmation process based on the template from Microsoft.
While I'm composing the email body text, first I construct the URL a user will use to "click to verify your address".
To generate the security token I call:
UserManager.GenerateEmailConfirmationTokenAsync(user.Id)
This produces a code such as:
pporPNj6KzdZ3BYG8vQsKJu3dPJMwGgh+ZEGhCNnf9X6F0AS0f6qCowOQwQNfpYkl14bgEsmyPTKya5H6N4n2na2n5PgO+wpoihXxQTA7G8pK/lUYskX3jy2iA/ZM8m4Vm0prTyUuhMgfDlV+wkbR336FBRIAbKJDwOWvHHbJBDQ21gW93hyzca0li66aI1H
Obviously, this wouldn't be valid in a URL, but even URL encoding won't solve IIS's hate of such a URL.
HTTP Error 404.11 - Not Found
The request filtering module is configured to deny a request that contains a double escape sequence.
In my UserManager implementation, I'm using the tutorial boilerplate code for a TokenProvider.
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
manager.UserTokenProvider = new DataProtectorTokenProvider<SiteUser>(dataProtectionProvider.Create("ASP.NET Identity"));
}
How can I make these generated tokens a bit more URL friendly? What did potentially change that would prevent the ASP.NET's tutorial code not work?
It turns out that this token will get mangled by the built in class "UrlHelper" in a MVC controller, or Url in a WebAPI controller IF the target route lists these variables as part of the path, rather than the GET vars of the URL.
Eg: this call, creates a relative URL for the site route called "ConfirmEmail" and fills in the blanks
Url.Route("ConfirmEmail", new { userId = user.Id, code = code });
Before my route was:
[Route("register-email/{code}/{userId}", Name = "ConfirmEmail")]
Changing this to:
[Route("register-email", Name = "ConfirmEmail")]
Generates valid URLS that IIS can chew through. When these are not specified, they get appended after a ? mark as normal GET vars. No idea why IIS is picky like that, but there's the solution.
IE works fine, but FireFox does not.
I am setting a cookie on my default.aspx page:
HttpCookie hc = new HttpCookie("guid", guid.ToString());
hc.Expires = DateTime.Parse("12/12/2010");
Response.Cookies.Add(hc);
My upload control (I'm using SWFUpload) submits to upload.aspx.
On upload.aspx I call:
if (Request.Cookies["guid"] != null)
{
// Do something.
}
...my cookie only contains my ASP.NET session variable. Any ideas?
I have had the same issue when trying to upload files in Firefox through my Flex application. If you're also using Flash, you may want to do what I did; if you're using the HTML controls, this may or may not apply.
What I did to work around the Firefox issue is issue a one-time use token on the server, then post that token when doing the upload (for example, it could be a hidden field in the form). If the token is recognized upon upload, the upload is processed, then the token is expired. So it's basically what you're doing, only without using a cookie.
This is what I used to add/get cookie values. Works for me in both IE and FF
addCookie:
HttpCookie c = new HttpCookie("myCookie");
c.Expires = new DateTime(2050, 1, 1);
c.Values.Add("key", "value");
getCookie:
string value = Request.Cookies["myCookie"]["key"];
Behind the scenes, you are probably setting the same cookie twice. Firefox and IE probably differ on which one they choose to keep. ASP.NET likes to set a "guid" cookie automatically in a lot of web applications. By choosing that name, you are bound to create tension between the automatic logic and your own. The best way to see what is happening is to load the Live HTTP Headers add-on to Firefox. It will allow you to see exactly what cookie commands are being sent over to the end-user. You can also force a similar problem to see it recreated:
HttpCookie hc = new HttpCookie("testcookie", "xyz");
hc.Expires = DateTime.Parse("12/12/2010");
Response.Cookies.Add(hc);
hc = new HttpCookie("testcookie", "abc");
Response.Cookies.Add(hc);
This results in an HTTP header with two Set-Cookie calls:
Set-Cookie: testcookie=xyz; expires=Sun, 12-Dec-2010 07:00:00 GMT; path=/
Set-Cookie: testcookie=abc; expires=Sun, 12-Dec-2010 07:00:00 GMT; path=/
From there, it is up to the browser to decide whether first or last is the final value. If two browsers do it differently, you end up with the situation you describe. Install the Live HTTP Headers add-on and look for something similar. At the very least, you should probably consider "guid" to be a cookie name that you should use in an ASP.NET forms app.
If you absolutely need to have multiple places set the same cookie, try to find it first (create a new one if it doesn't exist). This will ensure you are overriding the value of the existing cookie rather than creating another cookie with the same name.
HttpCookie hc = Response.Cookies["testcookie"];
if (null == hc) {
hc = new HttpCookie("testcookie");
Response.Cookies.Add(hc);
}
hc.Value = "xyz";
First off, there's a type-safe constructor for DateTime, which is new DateTime(2010, 12, 12).
Second, you're using different names for your cookie: guid vs applicationGuid. Use either, not both.
I am getting the css files for minifying and compressing from QueryString["path"] everything works correctly for my own css files like main.css. But when I try to acess the webresource files I receive a 500 error. The parameter which comes after the webresource.axd is case sensitive and I receive it from QueryString["path"] lowercase.
This is what I get from QueryString["path"] :
http://localhost/test/webresource.axd?d=-phgrn6r6zgehvbi697-bxvkl_gidnplxpdeukz5kncgr9hvnfvttpgykwyw05cda-nymtz9od_bbww3ynzxha2&t=633789305460522066
The above link generate error : CryptographicException: Padding is invalid and cannot be removed.
This is what the correct link look like :
http://localhost/test/WebResource.axd?d=-pHGRn6r6ZGehvBI697-BxVKl_GIdNPlxPdEUKZ5KNcGR9hvnfVtTpgyKwYw05cDa-NymTz9OD_bBwW3ynZXhA2&t=633789305460522066
The only difference is in the case. CryptographicException seem to be common but even setting machineKey didn't fixed the problem. Any hint on how could I get the the webresource.axd in the original case?
EDIT
Code was requested :
public void ProcessRequest(HttpContext context) {
Control c = new Control();
string root = context.Request.Url.GetLeftPart(UriPartial.Authority);
string path = context.Request.QueryString["path"];
string content = string.Empty;
if (!string.IsNullOrEmpty(path)) {
if (context.Cache[path] == null) {
List<string> dependencies = new List<string>();
string[] styles = path.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
foreach (string style in styles) {
content += RetrieveStyle(root + c.ResolveUrl(style)) + Environment.NewLine;
dependencies.Add(context.Server.MapPath(style));
}
content = StripWhitespace(content);
context.Cache.Insert(path, content, new CacheDependency(dependencies.ToArray()), Cache.NoAbsoluteExpiration, new TimeSpan(DAYS_IN_CACHE, 0, 0, 0));
}
}
}
It crashes in RetreiveStyle when I call :
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
The culprit looks like the code that is generating the “path” querystring csv or some hardware or filter between that source and your handler.
If the source of handler request is a browser what does the handler url look like through view source or firebug? Is it lowercase already?
Working forward from that, do you have any modules etc registered in you IIS pipeline?
I do not have an answer but we have experienced a similar problem and I have a few things to add, which could help identifying the issue.
So, here it goes:
We have an iHTTPHandler (lets call it Login.ashx) that accepts a GET request, which contains a token in base64 format.
The token is then decrypted using Rijndael algorithm.
This process is working most of the time, however, in the last month we had several requests that failed due to System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. error. This error is raised in our case when a token (base64 string) is in lowercase and cannot be decrypted.
After going through logs and activity records I can see that a particular user would attempt to come to our side via Login.ashx and the request would fail due to the error in question. The whole querystring of the request (there is more than just token) including names and values is in lowercase. Then the same user would attempt a login a few minutes later and is able to get in because the querystring was not transformed to lower case.
So, I have a feeling that the issue could be browser related. I am not sure if proxy could affect this.
Additional info:
There is no browser information captured in the server variables.
ALL_HTTP and ALL_RAW variables have almost no data:
ALL_HTTP HTTP_CACHE_CONTROL: no-cache HTTP_HOST:our server name
ALL_RAW Cache-Control: no-cache Host: our server name
There is also no HTTP_REFFERER.
I have tried to replicate this issue with different browsers (Safari3, Chrome1, Opera9.2, IE6,7,8, Firefox3) with no luck.
We have a web farm with 10 servers configured identically (at least I hope they are)
I will add more info if I get any progress.
I'm building an ASP.NET web application, and all of my strings are stored in a resource file. I'd like to add a second language to my application, and ideally, I'd like to auto-detect the user's browser language (or windows language) and default to that, instead of making them choose something besides English. Currently, I'm handling all the resource population manually, so adding a second resource file and language is trivial from my point of view, if I had an easy way to automatically figure out what language to display.
Has anybody done this, or do you have any thoughts about how I might retrieve that value? Since ASP.NET is server-based, I don't seem to have any access to specific browser settings.
RESOLUTION: Here's what I ended up doing. I used a "For Each" to go through "HttpContext.Current.Request.UserLanguages" and search for one I support. I'm actually just checking the left two characters, since we don't support any dialects yet - just English and Spanish. Thanks for all the help!
Try this in the web.config:
<globalization culture="auto" uiCulture="auto" />
This will cause ASP.NET to auto-detect the client's culture from the request header. You can also set this on a per-page basis via the Page attribute.
This article (linked to archive.org as original link is now dead) might be helpful with auto detecting the browser's language setting.
[EDIT] Yes. The quoted article does not use ASP.NET. This article does.
Request.UserLanguages in ASP.NET 4 parses this as a string array.
Good info: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
This is a great question, as localization in ASP.NET is overlooked by many developers.
ASP.NET should automatically pick up on the user's browser settings and force the CultureInfo.CurrentCulture to the user's browser language. You can force the issue with a line in Page_OnInit() like:
Thread.CurrentThread.CurrentCulture = new CultureInfo(HttpContext.Current.Request.UserLanguages[0]);
How can you test this? Enter the languages panel on our browser and change settings.
The client generally sets Accept-Language in the HTTP request header with a quantitatively scored list of preferred language, conventionally (but not necessarily) in order of most favored to least favored. You can parse that, but as Maxam has noted, ASP.NET does have a mechanism for doing that on your behalf.
/// <summary>
/// Sets a user's Locale based on the browser's Locale setting. If no setting
/// is provided the default Locale is used.
/// </summary>
public static void SetUserLocale(string CurrencySymbol, bool SetUiCulture)
{
HttpRequest Request = HttpContext.Current.Request;
if (Request.UserLanguages == null)
return;
string Lang = Request.UserLanguages[0];
if (Lang != null)
{
// *** Problems with Turkish Locale and upper/lower case
// *** DataRow/DataTable indexes
if (Lang.StartsWith("tr"))
return;
if (Lang.Length < 3)
Lang = Lang + "-" + Lang.ToUpper();
try
{
System.Globalization.CultureInfo Culture = new System.Globalization.CultureInfo(Lang);
if (CurrencySymbol != null && CurrencySymbol != "")
Culture.NumberFormat.CurrencySymbol = CurrencySymbol;
System.Threading.Thread.CurrentThread.CurrentCulture = Culture;
if (SetUiCulture)
System.Threading.Thread.CurrentThread.CurrentUICulture = Culture;
}
catch
{ ;}
}
}
The source of this article is here:
How to detect browser language