I have been working on mvc3 application and trying to localize the same. I came accross this very good site which made me use the logic of identifying the language selection by the user through cookies. What it does is:
User clicks the hyperlink of language
The clicked setting is saved in a cookie
Page is reloaded
In the BaseController class the ExecuteCore method is overloaded, here the cookie is read and the CurrentUICulture and CurrentCulture is set.
Now, this works great. But What if the user have disabled the cookie ?
So i feel this wont work.
Then I thot of using a workaround. What i tried was
I created a HiddenField
User clicks the hyperlink of language
The clicked setting is saved in a cookie
The clicked setting is also saved in HiddenField
Page is reloaded
In the BaseController class the ExecuteCore method is overloaded, here if the cookie value is present then its read and the CurrentUICulture and CurrentCulture is set.
If cookie is not found then I will try to read the hidden field value from Request object.
But I cant find the hiddenfield in the Request object in the ExecuteCore method.
So am i doing something wrong ?
PLease suggest me with some way. Also I dont want to use the route way of saving the culture.
Hidden fields values are only sent when you submit the form that contains them. If you only click on some hyperlink, the browser redirects to the href that this link is pointing to and no value will be sent, so you cannot expect to read it in your ExecureCore method. So, if you want this to work you will have to include the language as part of the querystring of the link.
Also I dont want to use the route way of saving the culture.
If you don't include the value as part of the url (query string or route), and cookies are disabled, the culture value has no way of reaching to your server.
Related
I am building an ASP.NET Core MVC app (build v2.1.0).
I want the users of the application (I don't have any authentication, so anyone can be user) to be forced to select a value from a drodownlist (as a partialview or something) and then to be somehow redirected to the "Homepage". Before this action, any other link from the app should not work until they will select something from that dropdownlist.
This way I can ensure that they will select a country for which I will show all data.
Eventually, after selection that dropdownlist should be visible in the navbar in order to change that parameter any time.
Also, I need that value to be visible all over the application as a "global" value (Session or something).
Simplest solution: use a cookie to store the country selection. Check for the cookie value in the controller; if it is not set, reroute to the dropdown page where it can be set. If it is, use it however your code needs to.
Writing Cookies
Response.Cookies.Append("country", "us");
Reading Cookies
var cookie = Request.Cookies["country"];
if (String.IsNullOrWhiteSpace(cookie))
{
return RedirectToAction("ChooseCountry"); // whatever the action name is where they choose the country
}
// rest of code...
I have a form where user selects 'fruit's from a popup form. I am using javascript to open the popup and query string to pass the text control id & hidden field id to the popup window.
How can I securely passed these parameters ? I am thinking about using Session but that would require a postback.
Edit
You should try passing parameter using query string.. but try using Encrypted Querystring values to secure your data.. http://www.codeproject.com/KB/aspnet/urlquerystring-encryption.aspx
you can use any of following methods.
Use a query string.
Get HTTP POST information from the source page.
Use session state.
Create public properties in the source page and access the property
values in the target page.
Get control information in the target page from controls in the
source page.
for more information,
http://msdn.microsoft.com/en-us/library/6c3yckfw.aspx
I have an ASP.Net(VB.Net) project which has various modules/functionality. I want to give users the freedom to set their own default startup page.
I don't know how to get a head-start implementing this feature.
Also, I am NOT using MVC
On the master page place some control to choose current page as default (i.e. button or checkbox). After user has select current page as default you can store the page address to user's profile or any storage you like.
Set the site start page like Default.aspx and in the Page_Load method of this page read user's saved default page if exists and redirect to it.
You'd want to set up a way for the User to store their preferred home page in your database (or your preferred method). Once that's done you should be able to do this in a simple fashion:
ASP.NET WebForms:
On the Master Page / Default page, check to see if they're logged in in your Page_Load event.
If they are, check to see if they have a start up page saved, if they do then use Response.Redirect and send them to their preferred location.
If they don't, or aren't logged in, then show them the default page.
ASP.NET MVC:
On the HomeController's Index method check to see if they're logged in.
If they are, check to see if they have a start up page saved, if they do then use RedirectToAction and send them to their preferred location.
If they don't, or aren't logged in, then show them the default view.
There are probably plenty of other ways to accomplish this as well, but this should be a straight forward way to get your started.
What are the different ways of communication between asp.net page and a popup page? Query strings etc. Which is most secure?
You say "communication between" the pop-up and the main ASP.NET page. First, I assume that the pop-up is an ASP.NET page as well so the communication from the main page to the pop-up is no different from the communication from one page to the next in a series of pages. That is, you can store and then use data in the session (if the data is available when the main page is loaded), via query strings, etc. Unless the data is sensitive, the simplest way by far is to include a variable in the call to the pop-up that is replaced by the appropriate arguments. Here is a sample image link:
<img style='cursor:hand;' alt="Open Note" onclick="javascript:window.open('NoteEdit.aspx?T=3&UID=<%#NoteUID%>', 'Note', 'HEIGHT=400,WIDTH=420');" src="images/Note.gif" />
Note the "NoteUID" replacement argument.
The more interesting question is how to pass information back to the window that popped up the pop up. To do that, start with this javascript:
<script type="text/javascript">
function OpenHRAResults()
{
opener.location.href="<%#DestName%>";
window.close();
}
</script>
This is taken from code where I re-open a specific page but, as you can guess, you can do all sorts of things with the "opener" window (the window that popped-up the pop up).
Hope this helps...
If you are talking about an actual pop-up page, where you are using window.open from javascript. You have the querystring and Javascript as your only real available options for passing information between.
As for "security" of this. The users will be able to see anything via a querystring, JavaScript can move values across, but they would be existing on the other page. But you could pass something like an excrypted value to make things more secure.
We try to avoid query strings where possible in sometimes they are just too convenient. In those cases we always encrypt the querystring. There are several ways to do this - example of one approach:
http://www.codeproject.com/kb/web-security/querystringencryptionnet.aspx
A few methods
Query strings (window.open('/users/123'..)
Javascript (window.opener)
HTTP POST (open a popup via javascript, set the form target to it's name as target and post)
Sessions or other server side methods
In answer to the security consideration I'd say that query strings in combination with server side security is the way to go. Open the popup passing the information via query strings, then validate that the logged in user has permissions to access that user. Some specific requirements would call for encrypting the querystring data.
For delete operations I'd probably use a postback to avoid problems like "my indexing spider deleted all users".
You don't need to sent the real data to the popup window. Just create a GUID on the opener page.
Create a class in asp.net which represent all the data you need to sent between the popup page and the opener page. For example popupdata
Store the serialized class in the Session with the GUID as the name Session[Guid] = class object
Session[Guid] = popupdata;
Open the popup with f.i. ~/popupwindow.aspx?PageID=Guid
Retrieve the session object with calling the Session[Guid] again (Guid is coming from the PageID querystring.
so on the popup page call popupdata data = (popupdata)Session[Guid];
And then do whatever yuo like withthe data.
If data is changed on the popupwindow you can store it in the Session variable again
and send it back to the opener...
Very secure since no data is sent to the client.
First of all, thanks for reading.
I will describe my situation as explicitly as I can.
I have a page where users can leave comments.
Here's the commenting flow
A-1. 'comment' button is clicked
A-2. a modal popup with a textbox is shown using ModalPopupExtender in ajaxtoolkit.
A-3. User types a comment in the textbox, and click "ok".
However, when user is not logged in, expected behavior changes.
B-1. 'comment' button is clicked
B-2. a Login modal-popup with id & pwd textbox is shown.
B-3. User types ID & pwd, and click ok.
B-4. Comment-modal-popup is shown
B-5. user types a comment and click ok.
I have a PROBLEM handing this case.
When B-3 occurs, page is posted back, i log the user in, update session object, and I Response.Rediect() the page to itself to display correct logged-in status (i have to..).
After redirect, in Page_Load(), I need to check some values to show Comment-Modal-Popup.
But I'm not sure how..
Here's what i considered
ViewState
i just can't use it since the page was redirected not posted back.
QueryString
I could have add "showCommentPopup=1" on URL when redirecting, but that will leave unwanted QueryString in URL. I don't want users to misuse it.
Session
I actually used Session object. Before redirection, I set Session[ "ShowCommentPopup" ] to true. In Page_Load() if it is set, i remove it and show the popup.
using Session like i did doesn't work correctly when user opens same page in multiple tabs.
user opens two tabs(in Firefox) with same URL
user follows steps from B-1 to B-3 in first tab.
before the page is redirected between B-3 and B-4, user refreshes second tab.
if the timing is right, comment-popup is shown in the second tab.
I expect to hear great insights from stackoverflow..
I haven't tried this but I think if you store your ShowCommentPopup flag in the HttpContext.Items collection instead of the session and then use Server.Transfer instead of Response.Redirect you should be able to achieve the desired results.
HttpContext.Items is a dictionary that can be used to store data whose lifetime is the lifetime of the request. This means a second request from a different tab or window will have a different HttpContext.Items dictionary.
Server.Transfer is somewhat like Response.Redirect in that it allows you to load a "different" URL instead of the original. However, while Reponse.Redirect initiates a new request, Server.Transfer transfers the existing request to the new page on the server.
A better explanation of the differences between Response.Redirect and Server.Transfer can be found here.
Example
bool showCommentPopup = false;
if (HttpContext.Current.Items["ShowCommentPopup"] != null)
{
showCommentPopup = (bool)HttpContext.Current.Items["ShowCommentPopup"];
}
//...
HttpContext.Current.Items["ShowCommentPopup"] = true;
You've clearly thought your solutions through! I'm guessing the problem with the Session was that they could comment on a different page than the one they logged into. You could get around this by storing the session var, not as a bool, but as the page to show it on:
var uniqueString = this.ToString() + uniquePageID;
if (Session["ShowCommentPage"].ToString() == uniqueString)
//show modal & remove session var
Now your program only "breaks" when the user visits the same object in two different windows, logs in on Window #1, and refreshes on Window #2. And it's not really breaking since they wind up commenting on the same object either way.
The reason I used uniquePageID, is cause I'm figuring you have a template page ("showObject.aspx") with arguments on which to show ("showObject.aspx?objectID=3"). In order to make sure the comment is left on the same ID, it needs to be present in uniqueString