I have this issue: Due to design concerns, the ASP.NET webpage I am currently building will have to be inside an iframe in an HTML page. I must keep a session to store some variables in case the user returns to my ASP page, but I notice that as soon as I go to the HTML, the session dies. I was thinking of using cookies to store the information, but would like to listen to somebody else's opinion first.
It should work to request the same page from an iframe if the user is the same as the iframe request is being made by the user's browser which will still have the session.
Are you sure it's not something simpler like the iframe pointing to a login pgae or something?
Is the iframe using a URL attribute or are you loading the contents of the iframe server side?
Related
I'm facing a security issue where my users can see all url from where i pull content from,
I use a third party dashboard app with 4 html pages showing system status for each company .'www.xyz.com/dashboard/x.html'
I would like to create new 'aspx' file and display the 'x.html' inside as plain text , while preventing the user to see where the x.html is downloaded from , because he should not have access to the other 'html' files under the same domain.
here, the user should not see the xhr and where they come from
In other meaning , I need to create an asynchronous server side request that brings the 'x.html' and displaying it's content inside my aspx as it was my page.
Updated answer:
If you have an ASP.NET Dashboard app with multiple pages and you want to restrict access, you need to implement ASP.NET Identity role-based authorization so that your clients who login only have access to the areas of the site you want them to access.
On the other hand if you are trying to take someone else's HTML page and display it as your own, that goes against our community guidelines and you should instead consider openly redirecting your users to the proper page and giving credit where it's due.
Original answer: You can't do this, for two reasons:
The browser must know the target URL.
Obscuring the target URL would be a violation of basic security principles.
The <iframe> element requires a src attribute. See MDN for comprehensive documentation.
I am using JSF 2.0 along with RichFaces. In my XHTML file I'm using iframe.
The session is kept in such a way that same tags of the browser holds same session. But session can be invalidated while taking in another browser. My problem is that when the session gets invalidated iframe is not redirected to login page and I'm getting ViewExpiredException.
How can I resolve the issue?
The problem was with redirection. send.redirect() method redirects to my login page, but the login page comes inside the iframe page.
So I used form.submit() which submits the page and hence the XHTML comes out of the iframe in same page.
I work on a web application in ASP.NET and HTML5. I have a simple page Default.aspx. In its Page_Load handler I call 'Response.Redirect("xxx.aspx"). I also defined a manifest file, Default.appcache as I want my application to work offline (in such case I javascript methods are used for redirection). Browser cached the page as expected but a problem occured - even though server is online, browser uses the cached page. When user enters Default.aspx no call is sent to server. How can I prevent this behavior? I would like the browser to send a normal request to IIS if it is online and use cached page only when server doesn't respond.
I would be grateful for all suggestions.
You can't, pages in the cache are always served from the cache. The only way to update them is update the manifest and force new versions to be downloaded.
If you want one page to be served when online and a different one when offline then you should investigate the FALLBACK section of the manifest. Note that the page which references the manifest is always cached, so you need to set the fallback up on a different pair of pages.
In ASP.NET which event fires when page is loaded in clients browers. Init, Load, PreRender event fires when page is not loaded in clients browser. Basically I have to some work when page is displayed in client's browser..
Instead of ASP.NET (server-side code) you might be more interested in Javascript (perhaps using jQuery's document.ready() which runs when the page has completed loading.)
Edit: The best answer I can come up with using only ASP.NET is OnLoadComplete()
There is no event like that. To understand why you have to understand how a web application works. The ASP.NET code runs on the server to build the contents of the web page, then the server sends the contents down to the browser which is running on the user's machine.
So the document being opened in the browser isn't even part of the ASP.NET page lifecycle. As far as ASP.NET is concerned, that page is now the browser's problem and it has already moved on to something else.
To make an analogy, it is like wanting to be notified when someone receives a letter that you (ASP.NET) mailed to them. Unless the recipient (the Browser) sends back some kind of communication there is no way for the sender (ASP.NET) to know what is happening somewhere else.
If you want to do something when the page is loaded in the browser, you need to write code that is run by the browser. Usually this is in the form of a script embedded in the page, usually in JavaScript.
I have a webpage which displays an IFrame. The IFrame source page is located on the other server which needs Basic Authentication. Is there a way to programatically pass the basic authentication information to the other server page so it does not throw the login box using Asp.net ?
As long as you don't mind exposing the password to everybody you can change URL to something like this:
http://user:password#www.example.com