To begin, I should mention that I'm quite new to C# and ASP.NET 4.0. The solution to this problem may be elementary so don't hesitate to ask fundamental questions.
I've inherited an ASP.NET 4.0 application that failed our automated security test because of <page enableViewStateMac="false"> (not my fault). Of course, I turned it on. At that point a very specific pattern of behavior emerged:
1) I can navigate to the application landing page
2) attempting to click on any link leaving the landing page results in a "Validation of viewstate MAC failed..." error.
2a) the exception to this is that clicking on the link that takes me to the landing page (the page I'm already on) works just fine
I should mention that navigation to other ASPs occurs by way of Response.Redirect(...). I can successfully navigate to a page if I enter the url directly into the nav bar (http://dummyhost.com:12345/Enroll.aspx as opposed to http://dummyhost.com:12345/LandingPage.aspx and then clicking on enroll).
In the Page_Init() method of the master page, I'm setting:
Page.ViewStateUserKey = Session.SessionID;
If I comment out this line, I can turn on MAC and the application is perfectly happy. Can anyone illuminate what's going on?
The most likely cause is that some landing-page-specific data is being submitted to the server and persisting through the call to Response.Redirect, so the enrollment page tries to read the landing-page-specific data and fails the request since the data cannot be interpreted correctly.
Instead of using Response.Redirect, consider using ... directly in your markup when you want to generate a simple link. This will cause the browser to make a vanilla HTTP GET request to the specified resource, free of any current-page-specific date.
Related
Is there a way to redirect my application to a webpage after checking the browser version first?
I'm using C# to run my angular app and the index.html is loaded by default, but is there a way to control that ?
E.g : if my browser is IE load wrongBrowser.html otherwise load index.html (the default one)
Note that i dont want to redirect my page because i want to keep the orignal url : ex localhost/api/search=text. If i do a redirect, it will overide my url. So i just want to load the html content
Im using C# with visual Studio for the server side
The first page of your app will have to load as it needs to be able to determine the browser specs. Only then can you then redirect to another page based on that knowledge.
I have never used Angular JS neither Angular with C#, but from personal knowledge I know you can "redirect" without changing the url, using a XML request in vanilla javascript (maybe you can place this somewhere):
var request = new XMLHttpRequest();
request.addEventListener("load", function(evt){
document.write(evt.target.response);
}, false);
request.open('GET', 'a.html', true),
request.send();
Now what this does is simple, we set variable request which is a XMLHttpRequest object, then we set an event listener for when it loads, after it loads we replace the code in the page with the targets code, we then set the url and send the request.
I have only used this for testing, so there might be issues that I don't know of, but it does import the html code in.
In C# you can do the following using Request.Browser:
if(Request.Browser.Browser.IndexOf("InternetExplorer")){
return View("wrongBrowser");
}
You have to use IndexOf due to the fact that most, if not all browsers return their version in their name too.
Here's a list of possible browser strings:
IE <= 11: InternetExplorer <numeric version>
Edge: Edge <version>
Safari: Safari <version>
Chrome: Chrome <version>
Opera: Chrome <version>
There are more, most of them will come under Chrome though. I will not go into much detail as you specified IE11 which is listed above. The above method is not really reliable for other, less popular browsers so keep that in mind.
I have a subdomain that is http://trade.businessbazaar.in . I am dynamically creating urls from database something in this manner http://trade.businessbazaar.in/mycompany. To display details, I have an index.aspx file there,thinking that on every request the index.aspx page will load and display data accodingly. Also, There is a masterpage on the index.aspx page from where i am capturing the text mycompany and query it in database to fetch result. But nothing seems to work.
A genuine link is http://trade.businessbazaar.in/Symparlife. But its unable to load index.aspx. I need a clean approach without any third party dll or rewriters. Directly to push some lines in config and start working. That is url will be the same but index page will get loaded...
In short, i want to say
I need the StackOverflow type clean url mechanism to fetch pages
Thanks in Advance
You can handle the Begin_Request event in Global.asax and add custom code to redirect to index.aspx and convert the parts of the URL into query string arguments. You should use Server.Transfer to keep the URL in the browser.
I'd recommend upgrading to 4.0 and using the Routing enine though. You should check if the standard routing is available as a download for ASP.NET 3.5. I am sure your code will get messy very soon. Been there, done that.
As #Mike Miller mentions in the comments the Routing engine ships with ASP.NET 3.5. You can check the documentation here - http://msdn.microsoft.com/en-us/library/system.web.routing(v=vs.90).aspx
Here is a tutorial on how to use it with Web Forms - http://weblogs.asp.net/scottgu/archive/2009/10/13/url-routing-with-asp-net-4-web-forms-vs-2010-and-net-4-0-series.aspx
For your case the code would be something like:
routes.MapPageRoute("company-index", "/{company}", "~/index.aspx")
And in index.aspx you can access the route value for company like this:
string company = (string)Page.RouteData.Values["company"];
Keep in mind that you'd better add something in the URL before your actual argument (the company name). If you don't you will have problems later on when because you may want to add a URL like "/Login" but then you will have to validate that users can't create a company named "Login". Not how Stack Overflow has "/questions/" before the actual question info in the URL.
Alright, I'm using form.target to open content in a new window. However, when I do this and then hit the back button on my browser, I find any entry resulting from a GET is doing another round trip to the server. This is a problem because session variables may have been changed in the interim, so the new GET no longer matches the old one.
I'm using C# and javascript for this web application, if it helps any.
This behavior occurs on IE8, but not on Firefox 10. Is there any way to prevent it in IE?
I solved this problem by adding a semi-random ID as a querystring on the URL.
I also added this to my OnInit event. For some reason explicitly setting the cache settings helps.
Response.AppendHeader("Cache-Control", "private, max-age=600");
Combined, this gave the page uniqueness and enforced the browser caching. This prevented the browser from always retrieving the most recent version of the page when encountering a GET operation in the browsing history.
I have created a custom wizard control that dynamically loads usercontrols as you progress though it. The wizard is behaving as expected in all environments (PC/MAC) and browsers I have tested however a client is reporting that she is unable to complete the wizard. What I know about the issue:
It always fails on the same wizard step for this user (not the first step)
When the user clicks on the 'next' button in the step, the controller reports that the request was not a postback request (ie. IsPostBack() == false) and displays the first page of the wizard
The client is using a Mac and is accessing the site using the latest version of Safari
If the client switches to Firefox, or even just switches the user agent in Safari to something other than Safari the problem goes away.
So the problem is that when the client reaches a certain step in the wizard and clicks 'next', instead of re-loading that step to initiate the save event, the controller is merely displaying the first step of the wizard.
The step that fails contains many different form controls including textboxes, dropdowns, checkboxes and a fileupload control. We thought that it might have something to do with invalid characters getting pasted in from Word or something similar but that seems strange seeing as the problem only appears to be happening in Safari.
No exceptions are thrown and the windows event log is not displaying any related errors/warnings.
What I am looking for is ways to diagnose this error. At the moment I've been unable to reproduce the behavior that the client is experiencing but after going on site and seeing it for myself I can verify that it is definitely a valid issue.
Update 26/10/2010:
We installed a proxy on the clients NIC in order to retrieve the requests and responses. Problem is that when running the proxy the client appears to not have to problem any more. Does this behavior make sense to anyone?
Update 27/10/2010:
After investigating the traffic on the clients machine we noticed that the response headers were including some entries related to a client side proxy and we confirmed that they are in fact running the squid proxy in their office. To rule out that it had anything to do with the problem we got them to turn if off and then try the wizard again. This time no problems were encountered! So the proxy seems to be interfering with the requests causing .NET to somehow record the POST request as a non-postback. The following lines were found in the response header of a failed request. Can anyone comment on how squid could cause the behavior we are experiencing and what we can do about it?
Via:1.0 squid-12 (squid/3.1.0.13), 1.0 ClientSiteProxy:3128 (squid/2.7.STABLE4)
X-Cache:MISS from squid-12, MISS from ClientSiteProxy
X-Cache-Lookup:MISS from ClientSiteProxy:3128
If I have to troubleshoot this, I would first take a fiddler trace (www.fiddlertool.com) on the client and see what the requests are up to. I am not sure if Fiddler works on Mac, but any HTTP Watch, Network Monitor tool should be good. The reason that I am not doubting the code is that it works very well on all the other browsers, so the code shouldn't be bad.
May be there is something in the code [like adding cookies, etc] that is messing with the specific Client's browser.
HTH,
Rahul
For Mac There's a HTTPScoop which lets you to debug http post data's....it is similar to fiddler
The problem is not solved as such but we ended up just adding an exception to the clients squid proxy to bypass our website. The problem seems proxy/IIS/Safari related but we haven't been able to track the problem down any further and the client is happy with this solution as long as the problem doesn't resurface somewhere else. I'll re-post if more information surfaces.
I am working on a site which is programmed in C# .net. It uses a CMS called ADX Studio (a decision which predates my time there) which provides a shonky form of URL Rewriting (as far as I can tell it works by assigning an aspx page as the default 404 handler in IIS).
I have an web form which lives at a rewritten URL. I edited it so that the html form's action points back to the rewritten URL:
var u = new Uri(Request.RawUrl.Split(new char[1] { ';' }).Last());
userAdminForm.Action = u.PathAndQuery;
(kind of ugly but works based on what Request.RawUrl is on these rewritten URLs).
The "pretty" URL is something like this:
http://www.site.com/admin/user/edit/
On my development box (Windows XP/ IIS 5) when I initially tried POSTing back to URLs like this I got a HTTP 405 error. I worked around this by adding a script mapping so Aspnet_isapi.dll handles all (*) requests. And everything works fine on my development machine.
I just pushed my changes to the live server (Windows Server 2003 R2 and IIS 6) and the post fails silently. The page refreshes but all of my logic (from within an IsPostBack path in the code) doesn't get hit. No errors are displayed, it just doesn't work.
If I remove my code setting the .Action of the form then the postback works but it is posting to the ugly URL corresponding to the physical location of the aspx file rather than my page.
Am I missing a simple way to make this work? I don't want to be switching URL rewriting method or anything as this is a large legacy site and is unfortunately pretty dependent on ADX Studio so I don't want to do anything that will break that.
[edited because somehow the code above lost its code highlighting]
The issue is that the page's <form> tag is referencing the "ugly" url as the action. You can resolve that by completely removing the action tag from the form. Browsers will, by default, postback to the same page, ie. the "pretty" url.
This article explains how to accomplish an "actionless" form (~ two thirds of the way down) http://msdn.microsoft.com/en-us/library/ms972974.aspx
It seems like the problem is the same as it was on IIS 5. I can get it to work by doing the following in the IIS Manager:
Right click on the relevant website and select "Properties"
Choose the "Home Directory" tab
Click "Configuration" down in the "Application settings"
Click "Insert" next to the "Wildcard application maps"
Browse to the location of aspnet_isapi.dll (in my case: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll )
Untick "Check that file exists"
Click "OK" back through the Russian doll of dialogs.
This is basically the same as the approach that I linked to in the question for IIS5. However, it's not optimal because IIS is running every request through asp (even static files). Which seems like it can only slow things down. I'd like to be able to specify that asp only needs invoking for HTTP POST requests at least.
The weird thing is that IIS5 gave a HTTP 405 error when POSTing to an extension without a registered ISAPI extension but IIS6 just fails silently. And the page is being run through IIS (I can debug with a breakpoint in the Page_Load function) but IsPostBack (and IsCrossPagePostBack) don't get correctly set. Could it be related to the view state? Is there any alternative to my solution described above?
I've come to what I think is an optimal solution for this problem. It turns out that ADXStudio CMS does use the default 404 rule to do some form of URL rewriting. This has a problem with http POST:
when IIS initially executes a custom
URL on a 404 error, it changes POST to
GET, even if the client does a POST
request.
(thanks to elite brains' blog post about setting up IIS6 and ASP.NET MVC).
Rather than creating my own HttpModule I decided instead to use Ionics Isapi Rewrite Filter to rewrite my URLs. I then set the 404 error handler in IIS to the default. And I created this IIRF.ini file to redirect all requests to the same format as the 404 handler produced:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /Default.aspx?404;http://%{HTTP_HOST}$1 [U,L]
And everything seems to work great. The advantage over my previous answer is that the rewrite code is low level and runs fast and the -f and -d switches mean that if a file actually exists it isn't re-written and so static files don't have the overhead of running through .net.