I am integrating with a 3rd party payment platform (Stripe). Their API is posting back a bunch of parameters in the HTTP post to an aspx page. What I need to do is read one of the FORM variables to know where the post should be forwarded to (i.e. it needs to be redirected to the user specific subdomain endpoint - https://user1.mayapp.com/newstripeaccount.aspx).
My questions is how in .NET can you forward the request and preserve all the http post parameters without meticulously parsing them out and using HttpWebRequest to construct a new HTTP post to the final endpoint. Is there a simpler way to redirect and just pass the httpcontext?
Related
I'm using Asp.Net MVC. I want to know the url from which a request has been sent to my controller action.For example my controller action is(Customer/Index) and I want to get the url from which, my action is called.(I don't need the current URL).I want the source URL from which the request sent to me. Is there any solution?
You could try using url referrer e.g.
Request.UrlReferrer
Request.QueryString["Referrer"].ToString()
Have a look at this link: MDN reference
It states that "A Referer header is not sent by browsers if: The referring resource is a local "file" or "data" URI."
If you want to have that available if your page calls 'itself' i.e. another page/controller in you web application, you can try to add the header manually on a per request basis.
I am writing a code to get through authentication to a API based web site. I have the API key that the site needs during the login process. When I call the login method with the API key, it is supposed to redirect to a predefined URL whose parameter will then contain the request token.
e.g on firing the URL in the browser,
https://kite.trade/connect/login?api_key=hcwmefsivttbchla
I am redirected to
https://impacted-purposes.000webhostapp.com/?status=success&request_token=nb0vrfota9ott1r02q153pk3422joruf
(The request token will change in every run)
Notice the request token in the URL on the redirected URL. That's what I need to get from the code.
So, I use a the code that is referred here GetFinalRedirect:
Getting the Redirected URL from the Original URL
ie. I call:
GetFinalRedirect("https://kite.trade/connect/login?api_key=hcwmefsivttbchla")
However, I don't get the final redirect. I understand there could be a Javascript redirect, but checking the response, doesn't suggest so.
Any help pls to get the final URL so that I can parse the request token from it.
Well, I can't test this since i don't have an account. And I hope thats not your real-api-key...
But the function you're using is just sending a HEAD request to server. A HEAD request has no response. With the HEAD request you will only get redirects that are included in the HTTP headers. If the redirect is done with HTML-META tags or with javascript you have to send a GET (or POST) request...
If that fails too set a breakpoint inside the function and look at the received http-headers and the response text...
I am using a complex template for my new ASP.NET Core application. Now I wanted to create a new controller which receives a POST request from another external server. That didn't work. I tried a lot until I found out that there is a mechanism set up which only allows POST request to access my controller which have a certain header (X-XSRF-TOKEN). This is done to prevent a Cross-Site-Request-Forgery attack.
However one specific controller should allow such requests, because this controller is not used from the webpage visitors browser. Is there a way to annotate the controller or any other way to allow this exception?
I finally found the answer and it is indeed possible by using an annotation. Just annotate your controller or action with [IgnoreAntiforgeryTokenAttribute] and the whole XSRF mechanism won't bother your controller any more.
Note that even if you don't intend to use that controller action from a browser, if it can be accessed via http, it may easily be susceptible to CSRF. An attacker may still for example create a rogue webpage, which if visited by one of your users, makes the user send a request to that action. If session management is cookie-based or equivalent and the action changes server state, it would still be an exploitable vulnerability.
So while you can turn of CSRF protection, you need to consider consequences carefully.
I am using HelloSign api for c# and on hellosign API page they are asking me to add callback url and they will test it. I am not sure what is call back url and where and how to use it. Can any one please explain me what is call back and why its useful or how to use?
Or can you explain call back url in simple language?
in simple team, If you have made nay request that result will be posted to griven url (call back url) where api will make request and you will get result from api.
A callback URL will be invoked by the API method you're calling after it's done. So if you call
POST /api.example.com/foo?callbackURL=http://my.server.com/bar
Then when /foo is finished, it sends a request to http://my.server.com/bar. The contents and method of that request are going to vary - check the documentation for the API you're accessing.
I have an idea for an App that would really help me out in work but I'm not sure if it's possible.
I want to run a C# desktop application that will ask for a value. When a value is supplied, the application will open a browswer, go to a webpage and add the value into a form on an online website. The form is then submitted and a new page is loaded that contains a table of results. I then want to extract the table of results from the page source and write code to parse the result values.
It is not important that the user see's this happen in an actual browser. In other words if there's a way to do it by reading HTTP requests then thats great.
The biggest problem I have is getting the values into the form and then retrieving the page source after the form is submitted and the next page loads.
Any help really appreciated.
Thanks
Provided that you're only using this in a legal context:
Usually, web forms are sent via POST request to the web server, specifically some script that handles it. You can look at the HTML code for the form's page and find out the destination for the form (form's action).
You can then use a HttpWebRequest in C# to "pretend you are the form", sending a POST request with all the required parameters (adding them to the HTTP header).
As a result you will get the source code of the destination page as it would be sent to the browser. You can parse this.
This is definitely possible and you don't need to use an actual web browser for this. You can simply use a System.Net.WebClient to send your HTTP request and get an HTTP response.
I suggest to use wireshark (or you can use Firefox + Firebug) it allows you to see HTTP requests and responses. By looking at the HTTP traffic you can see exactly how you should pass your HTTP request and which parameters you should be setting.
You don't need to involve the browser with this. WebClient should do all that you require. You'll need to see what's actually being posted when you submit the form with the browser, and then you should be able to make a POST request using the WebClient and retrieve the resulting page as a string.
The docs for the WebClient constructor have a nice example.
See e.g. this question for some pointers on at least the data retrieval side. You're going to know a lot more about the http protocol before you're done with this...
Why would you do this through web pages if you don't even want the user to do anything?
Web pages are purely for interaction with users, if you simply want data transfer, use WCF.
#Brian using Wireshark will result in a very angry network manager, make sure you are actually allowed to use it.