Facebook app with asp.net - asp.net

I am trying to get my first hello world application on facebook using asp.net with facebook toolkit.
I am hosting my files on www.aspspider.info/jasminm89/ using it as a canvasurl
and link to my facebook app is http://apps.facebook.com/mytesterapp/
At that location i have: default.html page with the h1 tag with plain text.
When I visit my app on facbook I get message:
The page cannot be displayed
The page you are looking for cannot be displayed because an invalid
method (HTTP verb) was used to attempt access. Please try the
following:
Contact the Web site administrator if you believe that this request
should be allowed. Make sure that the Web site address displayed in
the address bar of your browser is spelled and formatted correctly.
HTTP Error 405 - The HTTP verb used to access this page is not
allowed. Internet Information Services (IIS)
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search
for the words HTTP and 405. Open IIS Help, which is accessible in IIS
Manager (inetmgr), and search for topics titled Setting Application
Mappings, Securing Your Site with Web Site Permissions, and About
Custom Error Messages.
here source code from facebook, where it loads my page:
<form action="http://aspspider.info/jasminm89/"
method="post" target="iframe_canvas"
id="canvas_iframe_post_4e513da6b75410144827584"
onsubmit="return Event.__inlineSubmit(this,event)"><input
type="hidden" autocomplete="off" name="signed_request"
value="xxx....."></form>
One point here.
I setup my account on 000webhost.com and by default there is default.php created,
I copy the link to my facebook and it loads the page, it worked as well with plain index.html.
final
This error is because with IIS we can't use static html pages to be called in this way
I now upload plain .aspx page with some text and it worked.

First this sounds like an error with your server configuration, not with accessing the Facebook API/SDK.
Secondly, don't you need to add the call to the facebook SDK and include the <div id="fb-root"></div> ?
Or are you using the C# Facebook SDK?

I iis you can not handle post method coming from facebook including signed_request.
So firstly reconfigure IIS allowing handle post method. Or for simple start make index.html as the default document, put inside "hello world", then process the second step.

Related

Website does not automatically redirect to adfs log in

I am trying to set up a company website to use an adfs log in system, using the instructions found on https://www.linkedin.com/pulse/how-implement-sso-aspnet-mvc-application-adfs-tuomas-kesti, but my site does not redirect to the adfs page, and instead loads the home page of the site as if nothing happened. Looking at the network page in inspect element shows that the site never calls or redirects to the adfs page.
In my web.config file, the realm and reply values are set up to the main site, with the issuer value being the adfs site and follows the same format of "https://sts.domain.com/adfs/ls/". The adfs site is up and running with and the thumbprint from its certificate is added in the tag. passiveRedirectEnabled is set to true in the tag.
Im not sure what the problem is, and looking it up online doesn't find me any results. If anyone has an idea on why my site isn't autocratically redirecting, that would be appreciated.
Yes, it seems that the code in your tutorial doesn't redirect automatically when no JWT is available. I.e. the last code sample should contain an 'else' that responds with a redirect to the ADFS login page.
Have a look at these samples for Azure AD:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-code-samples
I found them very helpful and they can (mostly) be used with a standalone ADFS as well. Most of all, they cover all sorts of solution architectures and framework versions.

IIS show message before serving page

I have an IIS website that is soon to be taken down. The website is just to serve files from a file share over HTTP. There are some HTML files etc on the share so it was created to let users share links which are all derived from this website.
However, it is now time for this website to go away. I'm looking to either display an alert, or a static <div> or a "Message... You'll be redirected shortly" for all requests that come to this website.
Implement your own IIS module. That will let you add HTML to all the served pages.
IIS module and C#: how to modify the page content before sending it to client

asp.net pulling external web page while preventing client from seeing requests

I'm facing a security issue where my users can see all url from where i pull content from,
I use a third party dashboard app with 4 html pages showing system status for each company .'www.xyz.com/dashboard/x.html'
I would like to create new 'aspx' file and display the 'x.html' inside as plain text , while preventing the user to see where the x.html is downloaded from , because he should not have access to the other 'html' files under the same domain.
here, the user should not see the xhr and where they come from
In other meaning , I need to create an asynchronous server side request that brings the 'x.html' and displaying it's content inside my aspx as it was my page.
Updated answer:
If you have an ASP.NET Dashboard app with multiple pages and you want to restrict access, you need to implement ASP.NET Identity role-based authorization so that your clients who login only have access to the areas of the site you want them to access.
On the other hand if you are trying to take someone else's HTML page and display it as your own, that goes against our community guidelines and you should instead consider openly redirecting your users to the proper page and giving credit where it's due.
Original answer: You can't do this, for two reasons:
The browser must know the target URL.
Obscuring the target URL would be a violation of basic security principles.
The <iframe> element requires a src attribute. See MDN for comprehensive documentation.

Google identity toolkit configuration page broken. How to configure now?

Tried to enter the configuration page of Google Identity Toolkit (from gear icon on Google Developers Console), but it directs to a page with only the server and client json templates, but no textBoxes to configure the toolkit.
Some days ago, same gear icon redirected to old google api's console toolkit configuration page.
How can i configure now the toolkit (or change a currently configured one)?
This display issue is caused by incomplete OAuth2 client information. Make sure you have set the "Authorized redirect URIs" in ALL your OAuth2 web clients under "Credentials" settings and try again. You can change the URI at any time so if you don't have a redirect URI now, just enter any valid url for testing purpose.
Let me know if it works for you.

Recaptcha works locally, but not in production

I followed the instructions on how to add Recaptcha to my website (asp.net 4.0, Visual Studio / VB. When I run the page locally, which is just a simple contact form page that sends an email, the recaptcha thing shows up fine. I am NOT a programmer, though.
When I move it to production -- and I move the website (and the dll and pdb to the app_code folder and the bin folder, which Visual Studio created on its own), the page won't just refreshes and never sends an email -- and it doesn't matter if you type the right or wrong thing in the recaptcha textbox. Without the recaptcha code, the contact.aspx page functions normally and sends the email instantly.
But the recaptcha box is there. I've read things about handler mappings in IIS and my web.config, but I'm not intelligent enough to understand if I have to do anything or not, and what to do. I also have IIS 7.0 on here.
UPDATE:
When you enter the recaptcha information in the text box properly, the page displays the confirmation I encoded, and sends an email. When you do NOT enter the recaptcha info correctly, instead of sending a "Please try again" message, it just refreshes the page and makes them start all over again. It does not say "Please Try again" and doesn't leave the client with knowledge that they mistyped the code
Are you using the reCAPTCHA ASP.NET control with the Recaptcha.dll?
You need to have signed up for the service with a domain name. The public and private keys you receive are checked against this domain:
reCAPTCHA will only work on this domain and subdomains.
Notice it the admin page screenshot below:
But this rule does not apply on the localhost domain, which is what you use when developing with Visual Studio. So it may be that you are not using the keys that you received when registering your domain. When you select the control and switch from design view to code view in Visual Studio the control code should look like this, with the keys:
<recaptcha:RecaptchaControl ID="recaptcha" runat="server"
PublicKey="6Lexn8wSAAAAAIfH1c3-6K3FbSjcKdMj3uiMImI7"
PrivateKey="6Lexn8wSAAAAAKRFTJXTudJN1owrIQMDahwYv0hg" />
If not, you have to enter your keys. This is just an example, don't use these keys, use the keys displayed in your own account for your own domain.

Resources