Add my own page extension in asp.net - asp.net

I am trying to add page with custom extension, say .asp2 with my set of html tags.
Now whenever i try to access the page on browser...it asks me "Save as". This happens because I am using an extn which the server is not able to recognise.
What should I do to so that my server, IIS 5.1 recognises this extension??
Please suggest
Also please suggest on how to associate custom events on such custom page?

In Internet Services Manager, right click on Default Web Site, select Properties, in Home Directory press the Configuration button. Click the Add button and fill the Executable field with the path to the aspnet_isapi.dll file and put asp2 in the Extension field.

Using a non-standard extension, you should also be sure to set the response's Content Type to text/html, so the browser knows how to interpret the document you're sending. Something like:
public class HttpHandler1 : IHttpHandler
{
public bool IsReusable
{
get { return true; }
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/html";
// Your code here.
}
}

Related

Sitefinity 11 adding sandbox attributes to iframe dynamically.

We have a Sitefinity 11.0.6701.0 site in which I have a page that contains a Content Block with an iframe in it. The page we are displaying in the iframe is dynamic and has a form in it - we are not concerned with clickjacking or anything like that as we host the src page as well.
We recently upgraded our site from version 8 and now the iframe's content (which we also host on a separate site) does not allow for the dynamic content to work.
I noticed that Sitefinity seems to be adding a sandbox="allow-scripts allow-same-origin" attribute to the iframe at runtime. I have attempted to change this to sandbox="allow-forms" as well as simply removing the sandbox attribute altogether, but Sitefinity dynamically adds the first attribute back in a runtime. It replace the "allow-forms" with the "allow-scripts allow-same-origin" attribute.
Does anyone know where this is controlled in Sitefinity and how we can overcome this problem? We need this page to be dynamic. For contractual reasons, I can't change actual code in our Sitefinity environment, only work within the CMS.
Thanks in advance,
Jamie
This is caused by the Html Sanitizer.
One option is to disable it under
Administration > Settings > Advanced > Security > Disable HTML sanitization
and restart the site.
Another option is to try and modify the sanitizer configuration as shown here:
https://docs.sitefinity.com/html-sanitization#modify-the-html-sanitizer-configuration
But looking at the decompiled code of v.11 it may not be that easy:
private class GanssHtmlSanitizer : HtmlSanitizer
{
private const string IframeNodeName = "iframe";
public GanssHtmlSanitizer() : base(null, null, null, null, null)
{
base.AllowedTags.Add("iframe");
base.PostProcessNode += new EventHandler<PostProcessNodeEventArgs>(this.GanssHtmlSanitizer_PostProcessNode);
}
private void GanssHtmlSanitizer_PostProcessNode(object sender, PostProcessNodeEventArgs e)
{
if (string.Compare(e.Node.NodeName, "iframe", true) == 0)
{
(e.Node as IElement).SetAttribute("sandbox", "allow-scripts allow-same-origin");
string attribute = (e.Node as IElement).GetAttribute("src");
(e.Node as IElement).SetAttribute("src", this.SanitizeUrl(attribute));
}
}
/// <inheritdoc />
public string SanitizeUrl(string url)
{
return base.SanitizeUrl(url, null);
}
}

How can I disable the view of a page for other users?

I want that a user of my application to enable or disable the viewing of a certain page for other users. For that i need , somehow an application variable, a bool to be set true or false whether the user decides to enable or disable the view for other users.
The functionality that i want is : when i click on a button to disable the view for a page(for other users that are connected to site), and when i press back to enable it .
I can achieve this with the use of a database, by changing the value of a field in a table with true or false.But this approach is ineffective and not elegant.
Can someone tell me how I can achieve this without using databases ? Is there any application variable / session variable / or cookie to achieve this ? Is there something that i should write in Global.asax ?
I use ASP.NET MVC 4..
Please help!
In you Controller declare "static variable" say
static bool disableViewPage;
Set this value on click of button in the some action.
Example :
public class SomeViewController : Controller
{
[HttpPost]
public ActionResult DisableView(bool value)// on button click
{
SecondController.DisableViewPage=value;
return View("<SomeView>")
}
}
public class SecondController : Controller
{
public static bool DisableViewPage;
// your views
}

How can prevent loading Dashboard on clicking browser's back button after login out of the application?

I am working in ASP.Net with MVC5. Once when i sign out of the application and click the Back button of browser i am redirecting back to the page where i was sighned in.
I tried to clear the session but still the problem exists
anyone is there who can help me with MVC 5 caching....plss
I am thinking about using Redis for caching but no idea how to implement
You will need to disable output (browser) caching so that the browser doesn't store a copy of your "secured" page after the user logs out. Currently the browser stores a cached copy of the page locally, since the browser has no concept of "logged in" or not, it just displays the page - the request never hits your MVC Controller because the browser says "hey, i have that page already, here it is!"
You can disable it on every "Authorize" action/controller using the following attribute
[OutputCacheAttribute(VaryByParam = "*", Duration = 0, NoStore = true)] // will be applied to all actions in MyController, unless those actions override with their own decoration
public class MyController : Controller
{
// ...
}
or you can disable it globally by using the following in your FilterConfig.cs class.
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new OutputCacheAttribute
{
VaryByParam = "*",
Duration = 0,
NoStore = true,
});
// the rest of your global filters here
}

Full text search in the Attached documents in Kentico CMS 7

Is there any way in which I can search the attachments and show the attached documents in the search result? My search result should show only the attachments in which the search text is contained. Right now I can search the attachments and the page in which the attachment contains search text is shown.
Say, I have a Page Home and attachment myattachment.docx as its attachment. While searching Background as search text in the Site search, which is contained only in the myattachment.docx (not contained in Home page) , the search result show Home page as a search result. What I am intending is to return something like Home/ myattachment.docx as a result instead of Home page. My page may any number of attachments.
Thanks In Advance!
The info on this is a little bit sketch. See below for the documentation I used.
Create a custom global event handler in AppCode (or Old_App_Code), make sure it is a partial class of CMSModule Loader.
Add your custom event handler in the overriden Init() The one you want is DocumentEvents.GetContent.Execute.
The sender object should be the current TreeNode being indexed for search. You can then use that node to access the relevant attachments and modify the event args e.content to add your document text to the search.
[CustomDocumentEvents]
public partial class CMSModuleLoader
{
private class CustomDocumentEventsAttribute : CMSLoaderAttribute
{
public override void Init()
{
// Assigns custom handlers to the appropriate events
DocumentEvents.GetContent.Execute += Document_GetContent;
}
private void Document_GetContent(object sender, DocumentEventArgs e)
{
TreeNode node = sender as TreeNode;
if (node != null)
{
//Note, this is psuedo code, this isnt the way to iterate over TreeNode.Attachments
foreach( attachment in node.Attachments ) {
e.Content += attachment.content;
}
}
}
}
}
More info
See http://devnet.kentico.com/docs/devguide/index.html?event_handlers_overview.htm for implementing custom events in general in version 7.
See this for custom search in version 5
http://devnet.kentico.com/Knowledge-Base/Search/How-to-search-for-documents-using-assigned-categor.aspx
See http://devnet.kentico.com/Knowledge-Base/API-and-Internals/Custom-Handler-Library-compatibility.aspx for the updated event name for version 7 referred to in the version 5 custom search example.

ASP.NET MVC URL auto-resolution in CSS files

In normal WebForms scenario, any root-relative URLs (e.g. ~/folder/file.txt) inside CSS files such as:
.form { background-image: url(~/Content/Images/form_bg.gif); }
will automatically get resolved during runtime if I specify
<head runat="server">
In the referencing page.
However, that is no longer happening on an ASP.NET MVC Beta1 website.
Is there a way I could enable this functionality without resorting to hacks or CSS-loader file? Like maybe HttpModules or something?
Or am I not desigining my website correctly? What is supposed to be a good design?
Since original ASP.NET WebForms already has this feature, I'd prefer to utilize any existing functionality if possible. But I don't have much clue.
This web application will be deployed in several environments where the ~ root folder might not be obvious.
EDIT: I mean the url in the file's CONTENT not the file's url itself.
I would not bother with the auto-root-finding ~ character. I understand that you want the same solution to work where the root directory differs between deployments, but within the CSS document you shouldn't have any problems using relative paths. The paths in the CSS document (to the image URL in your example) will always be relative to the location of the CSS file regardless of the path of any page that loads that CSS file. So if your images are in ~/Content/Images and your stylesheets are in ~/Content/Stylesheets, you'll always be able to use background-image: url(../Images/form_bg.gif); and it will work regardless of the location of the page that loads the stylesheet.
Is there a reason this wouldn't work?
One trick I have used in the past, was to actually make my CSS file have a .ASPX extension, and set the ContentType property in the page signature:
<%# Page Language="C#" ContentType="text/css" %>
body {
margin: 0;
padding: 0;
background: #C32605 url(<%= ResolveUrl("~/Content/themes/base/images/BodyBackground.png") %>) repeat-x;
font-family: Verdana, Arial, sans-serif;
font-size: small;
color: #d7f9ff;
}
This will ensure that the CSS file goes through the ASP.NET framework, and replaces the server side code with your relative path.
Here are some resources on implementing IHttpModule to intercept web requests to your app...
Write/adapt one to check for filetype (e.g. pseudocode: if (request ends with ".css") ...)
then use a regular expression to replace all instances of "~/" with System.Web.VirtualPathUtility.ToAbsolute("~/")
I don't know what this will do to performance, running every request through this kind of a filter, but you can probably fiddle with your web.config file and/or your MVC URL routes to funnel all .css requests through this kind of a filter while skipping past it for other files.
Come to think of it, you can probably achieve the same effect inside an ASP.NET MVC app by pointing all your CSS refrences at a special controller.action that performs this kind of preprocessing for you. i doubt that would be as performant as an IHttpModule though.
If you're trying to parse the ~/ out of any file, including text files, javascript, etc, you can write a handler that assigns a filter to it and you can use that to search for those paths... for example...
public class StringParsingFilter : MemoryStream {
public Stream OriginalStream {
get { return this.m_OriginalStream; }
set { this.m_OriginalStream = value; }
}
private System.IO.Stream m_OriginalStream;
public StringParsingFilter() : base() {
this.m_OriginalStream = null;
}
public override void Flush() {
this.m_OriginalStream.Flush();
}
public override void Write(byte[] buffer, int offset, int count) {
//otherwise, parse for the correct content
string value = System.Text.Encoding.Default.GetString(buffer);
string contentType = HttpContext.Current.Response.ContentType;
//Do any parsing here
...
//write the new bytes to the stream
byte[] bytes = System.Text.Encoding.Default.GetBytes(value);
this.m_OriginalStream.Write(bytes, offset, count + (bytes.Length - buffer.Length));
}
}
And you'll write a custom handler to know when to assign this filter... like the following...
public class FilterControlModule : IHttpModule {
public void Init(HttpApplication context) {
HttpApplication oAppContext = context;
oAppContext.BeginRequest += new EventHandler(_HandleSettingFilter);
}
private void _HandleSettingFilter(object sender, EventArgs e) {
//You might check the file at this part to make sure
//it is a file type you want to parse
//if (!CurrentFile.isStyleSheet()) { return; }
...
//assign the new filter
StringParsingFilter filter = new StringParsingFilter();
filter.OriginalStream = HttpContext.Current.Response.Filter;
HttpContext.Current.Response.Filter = (Stream)filter;
}
}
It may have actually been easier just to say "look up IHttpModules" but this is some code that I've used to parse files for paths other than ASP.net files.
You'll also have to change some things in your IIS settings to allow the files to be parsed by setting the ASP.net ISAPI to be a wildcard for all of the files that get handled. You can see more at this website, if you're using IIS6 that is...
You can also use this to modify any file types so you could assign some filters for images, some for javascript or stylesheets or ... really anything...
You could use an URL Rewriter to fix the URL as the request comes in, though I am not so sure it is so much elegant as a hack in this case.
I created a PathHelper util class that gives me all the paths I need.
For example
<link href="<%=PathHelper.CssUrl("FormulaIndex.css")%>" rel="Stylesheet" type="text/css"/>
Gives me the correct full url with the help of System.Web.VirtualPathUtility.ToAbsolute() and my own convention (content/css/yourFile.css).
I did the same for js, xml, t9n, pics...
Its central, reusable and now I only had to change one line to catch the move of the scripts folder from content/js to Scripts in all my websites and pages.
A moronic move if you ask me, but it's reality in the current beta :(

Resources