I have a form where user selects 'fruit's from a popup form. I am using javascript to open the popup and query string to pass the text control id & hidden field id to the popup window.
How can I securely passed these parameters ? I am thinking about using Session but that would require a postback.
Edit
You should try passing parameter using query string.. but try using Encrypted Querystring values to secure your data.. http://www.codeproject.com/KB/aspnet/urlquerystring-encryption.aspx
you can use any of following methods.
Use a query string.
Get HTTP POST information from the source page.
Use session state.
Create public properties in the source page and access the property
values in the target page.
Get control information in the target page from controls in the
source page.
for more information,
http://msdn.microsoft.com/en-us/library/6c3yckfw.aspx
Related
I am developing a website using ASP.net.
In my home page I have 14 tree view controls. They were placed under Jquery tabs. So when a user click a tab it only appears one treeview. So in tree node changed event currently what I am doing is passing the values from query string to another page. this query string doesnt have any sensitive data. I have to pass what is the selected Tab Id and selected tree node Id.
Response.Redirect(String.Format("~/Display.aspx?tab=1&type={0}",treeview1.SelectedValue), true);
But you know URL is ugly. I dont want to use Friendly URL thing now.
So what I did was I put 2 hidden fields values in my home page and I set them when I click the tree node.
So then from the source page I used this code to acess this.
if(Page.PreviousPage!=null)
{
string tab= Page.PreviousPage.FindControl("hftab").UniqueID;
string Type= Page.PreviousPage.FindControl("hfType").UniqueID;
}
But Page.PreviousPage always return NULL. So how to solve this probelem without using sessions and query string. I just want to pass two non sensitive data behind the scenes.
IF this is about Cross page postback thing How to do this cross page post back in node change event? Is it ok to do a Cross page post back for to get only 2 values that I needed?
The method you are trying is only possible with "Cross page posting" mechanism. When you set PostbackUrl property of a server control like button, and set the PreviousPage property of Page directive on destination page; then only you will get Page.PreviousPage values.
Here are some reference:
1. http://www.codeproject.com/Tips/604553/Postback-and-Cross-Page-Posting-in-ASP-NET
2. http://www.aspdotnet-suresh.com/2010/05/cross-page-post-backing-in-net.html
I have page where users can select from one or more images. When they are done I would like them to navigate to the next page and what is displayed would be based on the selection from the previous page.
"Selecting" just means that they click the image and it has a CSS class added to it. When they click the link to navigate to the next page I'd like to collect the images that have been selected and pass that information along using either TempData or Session.
In most of the examples I have seen either inputs or the query string is used to pass information from the View to the Controller. How can I pass which elements have a particular class to my controller when a link is clicked?
If you're using a link click, I'd probably just append the selected images to the query string. I'm assuming you don't mind exposing this query string to end users.
I'm sure that's probably not the answer you were looking for. But as you stated I think you're only to legitimate options are passing the values through the query string or using hidden inputs and posting the page to your action by intercepting the link click event.
You said you do not want to post back to servers. You cannot access TempData or Session without posting back to server, so they are out of scope.
You only have client side option, so you want to collect a user's selected items in array.
Once the user clicks to Next Page, you create a query string like this ?ids=1-2-3-4 and retrieve those value at next page.
Other thoughts: Long URL likes this is a bit ugly, and URL has maximum length limit depending on browser. If I'm you, I'll post back to server to collect the selected values. Then use TempData (or some persistent storage).
I have a usercontrol with a dropdown, a textbox and a search button in the master page. I select a value in the dropdown, fill in text in the textbox and click on the button. On button click it redirects to another page but all the values are reset. How can I get the value selected in the dropdown and the text in the redirected page?
You need to post the values to the other page. You can for example pass the values in the url
redirectedUlr.aspx?value1=1&value2=2 etc...
Or you can store the value in the Session
Session["passedvalues"] = YourValues
Their is several way to handle this
You can pass information between pages in various ways, some of which depend on how the redirection occurs. The following options are available even if the source page is in a different ASP.NET Web application from the target page, or if the source page is not an ASP.NET Web page:
Use a query string.
Get HTTP POST information from the source page.
The following options are available only when the source and target pages are in the same ASP.NET Web application.
Use session state.
Create public properties in the source page and access the property
values in the target page.
Get control information in the target page from controls in the
source page.
For more information and examples, you can read the following article :
http://msdn.microsoft.com/en-us/library/6c3yckfw(v=vs.100).aspx
On a page in a website, I am giving a link to the login page of my asp.net website.
While i click on the link, I want to capture some information which is available on the page and pass it to my website's first page. Is there any way I can do it ?
Yes you can use the Query String , if the data is small , you can get the information on query string from this Link
You can set the required values in QueryString in the Url.
Check this: HttpRequest.QueryString Property
Also, You can use LinkButton and Handle its click event. On the Click Event you can set the required information in Cookie or Session as per you need.
There are many ways to capture the State. Follow these tutorials or google it for State Management tutorial. here are some:
http://www.codeproject.com/Articles/331962/A-Beginner-s-Tutorial-on-ASP-NET-State-Management
http://www.codeproject.com/Articles/492397/State-Management-in-ASP-NET-Introduction
http://msdn.microsoft.com/en-us/library/75x4ha6s.aspx
What are the different ways of communication between asp.net page and a popup page? Query strings etc. Which is most secure?
You say "communication between" the pop-up and the main ASP.NET page. First, I assume that the pop-up is an ASP.NET page as well so the communication from the main page to the pop-up is no different from the communication from one page to the next in a series of pages. That is, you can store and then use data in the session (if the data is available when the main page is loaded), via query strings, etc. Unless the data is sensitive, the simplest way by far is to include a variable in the call to the pop-up that is replaced by the appropriate arguments. Here is a sample image link:
<img style='cursor:hand;' alt="Open Note" onclick="javascript:window.open('NoteEdit.aspx?T=3&UID=<%#NoteUID%>', 'Note', 'HEIGHT=400,WIDTH=420');" src="images/Note.gif" />
Note the "NoteUID" replacement argument.
The more interesting question is how to pass information back to the window that popped up the pop up. To do that, start with this javascript:
<script type="text/javascript">
function OpenHRAResults()
{
opener.location.href="<%#DestName%>";
window.close();
}
</script>
This is taken from code where I re-open a specific page but, as you can guess, you can do all sorts of things with the "opener" window (the window that popped-up the pop up).
Hope this helps...
If you are talking about an actual pop-up page, where you are using window.open from javascript. You have the querystring and Javascript as your only real available options for passing information between.
As for "security" of this. The users will be able to see anything via a querystring, JavaScript can move values across, but they would be existing on the other page. But you could pass something like an excrypted value to make things more secure.
We try to avoid query strings where possible in sometimes they are just too convenient. In those cases we always encrypt the querystring. There are several ways to do this - example of one approach:
http://www.codeproject.com/kb/web-security/querystringencryptionnet.aspx
A few methods
Query strings (window.open('/users/123'..)
Javascript (window.opener)
HTTP POST (open a popup via javascript, set the form target to it's name as target and post)
Sessions or other server side methods
In answer to the security consideration I'd say that query strings in combination with server side security is the way to go. Open the popup passing the information via query strings, then validate that the logged in user has permissions to access that user. Some specific requirements would call for encrypting the querystring data.
For delete operations I'd probably use a postback to avoid problems like "my indexing spider deleted all users".
You don't need to sent the real data to the popup window. Just create a GUID on the opener page.
Create a class in asp.net which represent all the data you need to sent between the popup page and the opener page. For example popupdata
Store the serialized class in the Session with the GUID as the name Session[Guid] = class object
Session[Guid] = popupdata;
Open the popup with f.i. ~/popupwindow.aspx?PageID=Guid
Retrieve the session object with calling the Session[Guid] again (Guid is coming from the PageID querystring.
so on the popup page call popupdata data = (popupdata)Session[Guid];
And then do whatever yuo like withthe data.
If data is changed on the popupwindow you can store it in the Session variable again
and send it back to the opener...
Very secure since no data is sent to the client.