I've a wcf ajax enabled hosted in a web site (it's a web chat).
For some reason, when I need to execute a postback, my wcf service works in unexpectedly way (such as big delay in a call, work off, and so on..).
The oddity occurs when I try to call some wcf function through javascript from protected page too (Many page are protected by web config with authentication mode=form).
Are the above issue caused from the same reason? But which can it be the reason?
EDIT:
I notice that the above problems occurs only when my web site contains global asax file with sessionStart and SessionEnd event handlers (it's true even when those event handlers are empty, namely without any instrunction).
#EDIT:
Ok, issue about postback is due to devExpress control (captcha). If I use a simple button for doing some postabck all works fine. Maybe that component injects some bad script in my page, I've not idea.
So, remain questione about access to protected page by login only. It's important to know that login issue occurs only on production site where login page is placed on internal (nested) application, while on test site where login mechanism is on the same application all works fine.
However, in this moment I solved by changing login logic for chat access. I've removed the protection in web config for that chat admin page and I check user credential on its init event. If it's not logged, then I execute a simple redirect to login page and all works correctly.
##EDIT
Well, I found the exact cause and solved it. Please, take a look here: http://blogs.msdn.com/b/silverlightws/archive/2009/09/30/having-a-pollingduplex-service-and-any-other-wcf-service-in-the-same-website-causes-silverlight-calls-to-be-slow.aspx
Related
So, I have a website (lets called it MySite). And we have implemented it primarily using .NET. Recently angular JS was introduced and we have created aspx pages that consumes the angular JS libraries.
Recently there was a requirement wherein we had to develop a login module on a virtual directory (lets call this MyVirtualDirectory) within the web site. Please note that the website already uses a login method (which is handled via button click event handler in .NET). The idea was, upon entering the username and password on the MyVirtualDirectory login module, to call the existing authenticate login method (that is currently consumed by the website). So, for this, we wrote a web method and we are calling the login method from within this web method. And this web method is invoked from the angular code. Everything works as expected and the login web method returns a true or false
Although functionally things work as expected, I am not too happy about the security aspects. One of the security constraints was, the web method that we wrote should be invoked only from within the web site. We thought about couple of options
One was to have a cookie on the load of the virtual directory home page. And when the web method is invoked, check for this cookie. Obviously, this has its own set of issues because the cookie could be set by anyone
The next was to have a session variable on the page load of the virtual directory home page. And check for this session variable when the web method is invoked. This was more secure than the first option, but still i felt it was slightly vulnerable
Any other thoughts/ consideration - To summarize, my question is, how to securely invoke a web method and ensure that the call is made only from within the website?
Thanks in advance
I am getting a weird error on my asp.net web form page. I have a legacy page built up with full functionality. It has got several data controls on the page. After performing required operations when I click on submit button, internet explorer goes blank. It says page can't be displayed.
My code is old enough, so it actually works on few production sites. But recently I have deployed on a new production site. If I browse the same page using internal URL and perform same operation, it does not show any error message and everything works smoothly.
To give a background for the issue, when I click on submit button it calls web service on backend and comes back with web services result. Once it gets results back, it uses response.redirect() to same page (by creating url - Request.Url.AbsolutePath)with some additional parameters in querystring. If I refresh page then it shows same page correctly.
Page in IE -
Page in chrome -
Issue was not in code, but as I expected in production setup configuration. In production configuration a public URL something like www.test.com was redirected to www.test.com:7500. So when user was request website URL, it was being redirected to 7500 port on which application was hosted. It worked great until, response.redirect performed in asp.net code. When response.redirect performed in ASP.NET, in Request.Url.AbsolutePath server got URL as www.test.com:7500. So it tried to redirect it to 7500. But this redirection was set at public URL. When internally it tried to do the same it was not working.
I went with quick fix approach to fix this issue. I removed request redirection on public URL and set my site on port 80. This fixed my issue.
With out seeing the code it could be a number of things.
But as a guess I think that there maybe some url rewriting going on and then when the page posts back to its self it is not posting back to the rewritten page but to the underlining page.
You can try setting the form action to the rewritten page in the code behind.
form.action = "myrewrittenurl.com/path";
You can also try setting the form action to
<form action='#'
Which can work with some rewriters.
We have an ASP.NET MVC application, and when it encounters an error you are not redirected to an erro rpage, instead the content of that page is replaced with the content of the error page. You go fix your code and press refresh and you're done.
We have another application that's written in WebForms and I'd like to get the same behavior out of it. Right now the current behavior is that when an error occurs you get redirected to ~/Error.aspx. Is it possible to make webforms behave this way? Perhaps override the page render event somehow?
This is just for development right? Displaying the error.aspx on production is much better both from a security and user experience perspective.
In order to turn off custom errors, you need to know how to turn them on. Yes? There are several places custom errors can be configured.
in IIS Create a Custom HTTP Error Response (IIS 7)
an error handler on the page, in global.asax, or in a class defined elsewhere (app_code folder perhaps)
in web.config Web.config customErrors mode
Web.config is probably the most common place. Start there.
I have just started working on ASP.NET Identity. I created a web forms project in VS2013 using the Web Forms template.
Then I added BotDetect CAPTCHA in Register.aspx. I Registered the first user so that the Identity schema is created. so far so good.
Now, I observe a very strange thing - I start debugging my application - it shows me the home page. I click on "Log In" menu and the login page is shown. I enter the credential and click on Login. The user successfully logs-in (signinManager.PasswordSignIn returns SignInStatus.Success); however the LoginView does not switch to LoggedInTemplate.
Now, I just go to Register page and then go to Login page, then Login and this time the LoginView switches to LoggedInTemplate properly.
This has happened consistently - unless I go to the Register page the LoginView won't switch to LoggedInView.
Further, I commented the CAPTCHA code (but not the configuration done in the web.config). Now, even if I go to Register and then try to Login nothing happens (LoginView remains in AnonymousTemplate).
Is there any connection between LoginView and BotDetect CAPTCHA?
Please let me know if any more info is needed.
Thank you.
UPDATE:
I removed the BotCAPTCHA entirely from the project and now the LoginView correctly switches to LoggedInTemplate! My guess is that BotCAPTCHA does URL Rewriting and this is affecting it. I have posted this to BotCAPTCHA support and will Update here once they reply me.
In ASP.NET which event fires when page is loaded in clients browers. Init, Load, PreRender event fires when page is not loaded in clients browser. Basically I have to some work when page is displayed in client's browser..
Instead of ASP.NET (server-side code) you might be more interested in Javascript (perhaps using jQuery's document.ready() which runs when the page has completed loading.)
Edit: The best answer I can come up with using only ASP.NET is OnLoadComplete()
There is no event like that. To understand why you have to understand how a web application works. The ASP.NET code runs on the server to build the contents of the web page, then the server sends the contents down to the browser which is running on the user's machine.
So the document being opened in the browser isn't even part of the ASP.NET page lifecycle. As far as ASP.NET is concerned, that page is now the browser's problem and it has already moved on to something else.
To make an analogy, it is like wanting to be notified when someone receives a letter that you (ASP.NET) mailed to them. Unless the recipient (the Browser) sends back some kind of communication there is no way for the sender (ASP.NET) to know what is happening somewhere else.
If you want to do something when the page is loaded in the browser, you need to write code that is run by the browser. Usually this is in the form of a script embedded in the page, usually in JavaScript.