Scenario: I have an internal ASP.NET site that allows me to maintain a set of rules (CRUD). To add a new rule I simply fill out a HTML form and click submit. My current issue is that I now need to add a few hundred rules and I want to use a script to automate this.
Initial plan:
Create a script that can take X number of arguments and use these to fake a form submittal of the above web page
Create a comma-separated file (or similar) with one row per rule and each column represents one of the input tags in the HTML form
Create another script that can use the comma-separated file to execute the form-submittal script once for every row
My attempts has centered around curl, and worked well against an online testing page. Unfortunately I'm not able to get it to work against the ASP.NET page and I'm guessing this has to do something with Postback and/or Viewstate.
Snippet:
curl -s -u "DOMAIN\user:password" --ntlm -d "key1=value1" -d "key2=value2" http://internal/page.aspx
(Returns the page as if using a GET, no error messages)
Question:
How can I trick the ASP page that I'm sending a Postback? (alternative scripting suggestions are welcome as well)
EDIT:
Snippet from ASP page:
<asp:LinkButton ... runat="server" OnClick="lbAddRule_Click" PostBackUrl="~/Page.aspx" />
Snippet from code behind:
protected void lbAddRule_Click(object sender, EventArgs e) {
if (Page.IsValid == true) {
AddRule(x,y,z);
Taking a completely different approach, have you considered scripting the browser itself? There are a few very powerful techniques, including Selenium/WebDriver [1] and iMacros [2], both of which allow this kind of scripting.
[1] http://seleniumhq.org/docs/03_webdriver.html
[2] http://wiki.imacros.net/Browser_Automation
If this is intended as a RESTful service (which you're accessing it as), you might want to consider rewriting the page that currently handles the form to be a Web Service. Then, you can use curl to access that all you want, and rewire your form so everything works as before.
Related
I have an aspx page on my webserver which I load through an embedded web browser on a windows form. I am able to call the Sub1 from javascript window.external procedure. This is only when using the standard VB control WebBrowser. I have the necessary permissions active with
<PermissionSet(SecurityAction.Demand, Name:="FullTrust")> _
<System.Runtime.InteropServices.ComVisibleAttribute(True)> _
This works just fine. However, I am in need of using GeckoFx as my javascript is too complex for the standard WebBrowser as well as my styling.
I have tried the same approach as is, just with the geckobrowser, but it does not work at all, is there any:
GeckoPrefereces.User("somesetting") = True
that I need to activate to get it to work or is there something else I am missing?
I would just like to call the 'form close' procedure of my windows form, from the webpage which is embedded in the GeckoBrowserControl.
Refer the following link for your answer as it is solved here.
How to call C# method in javascript by using GeckoFX as the wrapper of XULRunner
Change this process to C# as VB cannot send the message to a procedure, only store the value and this creates a difficult situation in reading the data later.
then:
private void showMessage(string s)
{
if (s == "some data")
{
//Do stuff here you need to, ie. close the form, etc
}
}
This allows you to read the message sent and do with it what you wish.
Also important:
browser.AddMessageEventListener("myFunction", ((string s) => this.showMessage(s)));
must be before you load the html or the url
myBrowser.Navigate("www.google.com");
I am having VB Script in ASPX page.I need to use that Script in codeBehind in Page _load with in a For loop,for each iteration.
My Code is :-
(.ASPX Page with VB Script. )
<script type="text/vbscript" language="vbscript" >
sub wordit()
'Opens Word application and does some process
end sub
</script>
VB Code Behind Part:-
For i As Integer = 1 To colSelRowIndex
CheckboxTemplateId = colSelRowKeys(i).ToString 'I get the ID from here
ViewState("TemplateID") = CheckboxTemplateId 'I need to send the value to the sub routines
hen()'sub
den()'sub
cs.RegisterStartupScript(cstype, csname1 & i, "wordit();", True)
Next
I need to open a word doc for an ID and another document for another ID from the loop.
Try this:
For i As Integer = 1 To 10
cs.RegisterStartupScript(cstype, csname1 & i, "wordit();", True)
Next
That second argument in that function call is looking for a unique key. This is a feature, to prevent accidentally programmatically adding the same script more than once. If you want to do it on purpose, you need a unique key each time.
But that you want to do this at all indicates a possible fundamental misunderstanding about what's going on. While your server code (including Page_Load) is running, your client page in the web browser doesn't exist. The purpose of the server code is always to generate an html response to web request. The server code can never directly manipulate a page DOM.
Obviously this is true for a first request to a page in session: the server must first generate the initial page to send the client. But even on subsequent postbacks, the browser will destroy the prior instance of a page. The server must rebuild the entire page from scratch. Every. Time. While this happens, the page you're looking at in your browser window is only a sort of after-image. The browser has already destroyed any prior DOM, and is waiting for the server to supply a whole new set of HTML.
I also wonder at your use of vbscript, rather than javascript. Using vbscript pretty much guarantees you're page will only work with Internet Explorer.
The problem here is the middle of the line (HTML).
The chain:
I have WinForm program that uses awesomium (alternative to native webBrowser) to view Html page that has a part of asp.net page in it's iframe.
The problem:
The problem is that I need to pass value to asp.net page, it is easily achieved without middle of the chain (Html iframe) by sending hashed and crypted querystring.
How it works:
WinForm do some thing, then use few-step-crypt to code all the needed values into 1 string.
Then it should send this string to asp.net page through the iframe (and that's the problem, it is easy to receive query string in asp.net page, but firstly I need to receive it in Html and send to asp.net).
Acceptable answers:
1) Probably the most easily one - using JavaScript. I have heard it is possible to be done in that way.
How I imagine this - I send query string from WinForm to Html page as http:\\HtmlPage.html?AspNet.aspx?CryptedString
Then Html receive it with JavaScript and put querystring "AspNet.aspx?CryptedString" into iframe's "src=http:\\" resulting in "src=http:\\AspNet.aspx?CryptedString"
And then I easily get it in asp.net page.
2) Somehow create >>>VIRTUAL<<<(NOTE: Virtual, I don't want querystring to be saved on the HDD, even don't suggest) asp.net or html page with iframe source taken directly from WinForm string.
Probably that is possible with awesomium, but I'm new to it and don't know how to (if it is possible ofc).
3) Some web service with which I can communicate between asp.net and WinForm through the existing HTML iframe.
4) Another way that replace one of 3 previous, that doesn't save "values" in querystring/else on HDD nor is visible for the user, doesn't use asp.net page's server to create iframe-page on it. On HTML page's server HTML is only allowed, PhP isn't.
5) If you don't know any of 4 above - suggest free PhP hosting without ads (if such exists, what I highly doubt).
Priority:
The best one would be #3, then #2, then #1, then #5 (#4 is excluded as it is unknown).
And in the end:
Thanks in advance for your help.
P.S.Currently at work, so I'll check/try all answers later on and will report tomorrow if any suits my needs. Thanks again.
Answering my own question. I have found 2 ways that can do what I did want.
The first one:
Creating a RAM file System.IO.MemoryStream or another method (google c# create a file in ram).
The second one:
Creating a hidden+encrypted+system+custom-readable-only-by-program-crypt file somewhere in the far away folder via File.SetAttributes Method and System.IO.StreamWriter/Reader or System.IO.FileStream or System.IO.TextWriter, etc. depending on what it should be.
Once this file was used for needs delete it + delete on exit + delete on start using
if (File.Exists(path)
{
File.Delete(path);
}
(Need more reputation to post few links -_-, and I don't want to post only part of them, either all or no at all, so use google if you'll need anything from here).
If you'll need to store "Small temp file" and not for a long time use first one, if "Heavy" use second one, unless you badly need to use RAM for it.
I am a PHP developer trying to solve a problem in ASP/ASP.net (.aspx). We have a very old application that is having many security issues (on multiple pages, everywhere, big mess).
To solve this problem, I was thinking on adding some code to the top of every page to escape any POST/GET request before getting it processed by the application.
If it was PHP, I would prepend a PHP file (using .htaccess - auto_preppend) and basically do:
foreach($_POST as $myval => $anything)
{
$_POST[$myval] = htmlspecialchars($_POST[$myval]);
.. other escaping ..
}
Is there such a thing in ASP? Just want to escape any user input before passing to that mess of code that nobody wants to touch :(
Is this ASP or ASP.NET? Different beasts entirely. If you're using .NET you could use something like:
in VB
For Each item In Request.Form.Keys
newVal = Server.HtmlEncode(Request.Form(item))
Next
or C#
foreach (var item in Request.Form.Keys) {
var newVal = Server.HtmlEncode(Request.Form(item));
}
From an individual control perspective, this might help: Prevent special characters in a TextBox
If you are wanting to protect your entire form from script-injection attacks then take a look at RequestValidation: http://www.asp.net/learn/whitepapers/request-validation
I have an ASP.NET (.NET v4) web application running on IIS 7.5. I have a 3rd party which wants to pass information to my system. They support passing this information using HTTP POST, the information they provide is:
"This method simply calls a script on your server and passes each
field as a CGI variable. When you have received the data your server
should return a '1' on a line by itself to indicate success. Anything
else will generate an error on our server which will be investigated.
To set up this delivery method we need a URL to post to. We can use
HTTP or HTTPS."
My web application currently implements many WCF services but as I don't know what the variables passed in will be I cannot define a specific contract. Can I create a normal aspx page which they can post to and then read each of the parameters passed and do the appropriate processing.
If I do this how do I send back a line containing '1'?
Do I need to do anything else to make this HTTP POST compatible.
The last time I had to tackle a similar situation, i did it using a standard ASPX page, and it all worked quite well.
In my case the output was XML, so I had to make sure that I changed the output mime type to match "text/xml" in my case.. "text/plain" I would guess in yours..
Anyway, C# sharp code below, and make sure that your ASPX file has ONLY the very top line in, that is:
<%# Page Language="C#" AutoEventWireup="true" CodeBehind="register.aspx.cs" Inherits="myservices.register" ContentType="text/xml" %>
and nothing else, no carriage returns or anything.
Then do all your work in the code behind:
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
Response.ContentType = "text/plain";
//Get your CGI variables here... you will have to get them to tell you what to expect
string myparam = (string)Request.QueryString["myparam"];
//do what ever you need here with your variables
Response.Write("1");
Response.End();
}// End page load handler
If you need to follow the one with a carriage return, then i believe you can use the carriage return property in the system.environment object, but I've not got doc's to hand to look it up. That should however get you started.
The MOST important thing to remember is to make sure NOTHING is output from the aspx, not even a carriage return.
I've previously written an article on my Blog about how to use this method for producing phone directories for Cisco-IP phones if you want to read it. You can find it here: http://shawtyds.wordpress.com/2009/09/26/cisco-ip-phone-directories-using-c/