Is it possible to determine - server-side - whether a page has been loaded within an IFrame?
When certain errors happen in my application the user gets redirected to Default.aspx and an error message is shown. The text of that error message gets set in session by exception handling code. The error message gets cleared from session once it has been shown.
However, part of my application has to use an IFrame (it's doing a 3D Secure card payment check, which mandates an IFrame in order to display the card provider's authentication UI). If an error takes place during this process my redirect takes effect within the IFrame. I am using JavaScript to detect this and reload Default.aspx correctly, but this means that I get two Page_Loads in rapid succession, and the error message only gets shown on the first one (and then cleared).
You can do it in client side: How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
The workaround i found is put some identifier into querystring of a url opened inside iframe.
I don't think you can detect in the sense of having some sort of Page.IsInIFrame() kind of functionality, but you could consider having different base classes for those pages that are loaded in an IFrame and those that aren't so that you can know the error is from a request that was for an IFrame page that may help to some extent.
There's no way from the server-side. The only way is via javascript. When you do the redirect, can you pass the error message or code via a querystring?
Won't it work to redirect using Javascript with window.location? Forcing a full page redirect?
This is impossible because client can open iframe with javascript disabled. http://caniuse.com/#feat=iframe-sandbox
simply, check the url of current page..
if it's the same with the IFrame page then redirect to Default.aspx or whatever.
Dim urlpath1 As String = HttpContext.Current.Request.Url.AbsoluteUri
If Right(urlpath1, 13) = "WebForm1.aspx" Then
Response.Redirect("~/")
Else
Response.Write("It's OK!")
End If
Related
Is there a trusted way to disable the direct access to an special web page? I mean I want to open it only by clicking on a Button for example. I know I can access to the webpage by using this code but It can not prevent accessing to the web page directly (Pasting the url or typing it):
Response.Redirect("~/Code.aspx")
Thanks
This is a long shot because I don't have the time to test this now (I can see some downvotes coming already!), but...
In the "Code.aspx" page, check for Session["allowed"]. If the value is not there, end the response.
Next, make another page (from where Code.aspx can be accessed). In this page, set Session["allowed"] and then do a Server.Transfer() to Code.aspx, which will then run OK.
Finally, at the end of processing Code.aspx., remember to clear the Session["allowed"] variable again.
Hope this makes even vague sense :)
You may be able to write a piece of code on page load that checks the contents of HttpContext.Current.Request.ServerVariables("HTTP_REFERER") - if it's blank, a user has navigated to the page directly and you can handle it that way.
On the source page create a token into a hiddenfield. To your button add PostBackUrl property and let it point to your destination page.
On the destination page you can validate that the request was made from your allowed source page. And you dont need to use session and all its drawback.
Check this Link for detailed information about how to use the mentioned property.
Some users who navigate to my page do so via an url like this : http://domain/ProductDetail.aspx?Productid=123#Pricing
In this section is a asp:button to make a purchase. This button cause a postback, and when the page rerendering in the broswer the FragmentIdentifier #Pricing is still in the address window.
This is causing problems because there is new content rendered on the page which isn't visible if the browser navigates to the #Pricing section.
How do I prevent the FragmentIdentifier on postback?
Clarification:
It appears that this problem happens in Chrome but does not happen in IE8 or FireFox. Chrome holds on to the #FragmentIdentifier after postback even those there is no reference to it in the action attribute.
You can't, browser doesn't send it:
When a URI reference is used to perform a retrieval action on the
identified resource, the optional fragment identifier, separated from
the URI by a crosshatch ("#") character, consists of additional
reference information to be interpreted by the user agent after the
retrieval action has been successfully completed. As such, it is not
part of a URI, but is often used in conjunction with a URI.
How to get Url Hash (#) from server side
Browsers don't send URL fragments on the server side. You can't modify them the only option you can try is URL rewrite, if that helps. good luck...
The ASP.NET engine will cause a simple submit without any given URL, so the browser is forced to take the URL of the current page.
You can get rid of the hash after the postback by hooking a self executing javascript into the HTML that will replace the hash to an empty string.
Here is an example:
if(this.Page.IsPostback)
{
this.Page.ClientScript.RegisterStartupScript(this.GetType(), "RemoveHash", "window.location.hash=''", true);
}
You can force the browser to get rid of the # tag by redirecting to the same page.
i've been asked this question and id not know the answer.
Thanks for any help!
Postback is a term used often in ASP.NET when a WebForm POSTs the single form back to the server and invokes some event in the code behind (like a click on a button for example). You could still use normal GET requests though to redirect to a given web page. For example you could use an anchor:
Go to page 2
When the user clicks on the anchor there is no postback occuring but a GET request to the target web page.
Another possibility is the user typing directly the address of the web page in his browser address bar.
Yet another possibility is to use javascript to perform an AJAX request which allows to invoke a web page without redirecting away from the current page. You could use any HTTP verb with AJAX.
We can use javascript code to do some function without postback. This will save the time for the request and response to the server. But this client side. you can't reach the server without posting back.But my mean you can do functionality by javascript which does not postback the page.
Hope it may help.
If you like to categories the call to the server you can say that there are two types.
The GET and the POST
The POST is the post back and are the parameters that you send using a form
and the GET that are the parameters that you can send from the url.
More about:
http://www.cs.tut.fi/~jkorpela/forms/methods.html
http://thinkvitamin.com/code/the-definitive-guide-to-get-vs-post/
http://catcode.com/formguide/getpost.html
but I think the interview question was about the Ajax call, and this is probably what they try to see if you know, how to use Ajax to reach the server with javascript and not make postback. But you need to know that Ajax can make POST back, but this is done with out leave the page, with out make a full page post back.
I am redirecting users to a page based on the value I picked from the dropdown.
Response.Redirect("showdetails.aspx?id="+ id);
It is working absolutely fine.
Everytime the user selects an iD it is opening a new tab or page instead of opening in one page.
How can I make sure that it opens in same page instead of opening multiple pages?
Thanks
[Edited due to rethinking]
What you are describing doesn't seem like normal behaviour.
Does the same thing happen on more than one client PC?
If not it's probably a local config issue.
...or...
is the ASP page called via a server-side control with the following attribute:
OnClientClick=”aspnetForm.target =’_blank’
If so, that's why.
I have an asp.net application that runs exclusively on IE7 (internal web site).
When a user needs to enter data, I pop up a child window with a form. When the form closes, it calls javascript:window.opener.location.reload(true) so that the new data will display on the main page.
The problem is that the browser complains that it must repost the page. Is there any way to turn this feature off?
No, but there is a solution. Its generally considered good design to use a 302 redirect immediately after someone posts data to a page. This prevents that popup from ever occuring. Allow me to elaborate.
1) The user fills in a form and submits data via POST.
2) The backend receives the data and acts upon it.
3) Instead of returning the content to the user, the backend issues a 302 redirect as soon as its done processing the page (possibly redirecting the user back to the exact same url, if need be)
4) The page that the user will see is the page you told their browser to redirect to. They will load up the redirected page with a standard GET request. If they try to refresh the page, it will not repost the data. Problem solved.
This is a problem with the usual "postback" way of ASP.NET. If you need to reload a page without this warning, this page must come from a GET, not a POST. You could do a Response.Redirect("...") yourself. But this will destroy the use of viewstate.
asp.net mvc fixes this issue, not an ie7 only problem but a security feature of most browsers. No fix that I know of except you could just update the content in the main form with js rather than reloading the whole page
It's because the page in window.opener comes from a POST Request
Maybe you can use
javascript:window.opener.location = window.opener.location; to do just a GET request if the data can be fetched without a POST.
I do not believe that there is a way to do that. Instead, why not direct the parent window to a page without a reload.
javascript:window.opener.location='your url'
AFAIK, not via your scripts.
You might try:
window.opener.location = '#';
It should circumvent the browser reposting. And, you can adjust the hash name as needed.
If you move from page1 to page2, and want to disable the browser from going back to page 1,then add the following at the top of page1.
<script>
if(window.history.forward(1) != null)
window.history.forward(1);
</script>