How to check using C# if "redirect" to "default document" happened?
For example, in browser I type URL: mysite.com/. When on server I check HttpContext.Current.Request.Url.AbsoluteUri, i receive mysite.com/default.aspx...
How I can get the exact URL that user has in his browser?
Thanks
EDIT: After some questions about the needs, I will give more details.
I have page with default.aspx with iframe inside of it. The iframe src is not the same origin (default.aspx is http and iframe content is https). On server side, i need to set the query string param to the src of iframe to include the exact URL that user has in browser. I need it in order to be able to set parent.location = parentURL + '#myparam' on iframe client side.
Currently everithing works fine, except when the request made to domain name without providing file name.
Try HttpContext.Current.Request.RawUrl
You typed
mysite.com/.
and you get
mysite.com/default.aspx...
Because you have set default.aspx as the default / Start up page in your site. The browser always redirect to the default page. I think when we type mysite.com the asp.net automatically appends the default page in the URL, so when we use Request.Url we get the mysite.com/default.aspx
Reading your intention of the IFrame, perhaps you are looking for Framset Script to determine the redirection ?
if (parent.location.href==window.location.href)
{
// you re-direction codes...
}
EDIT :
Giving a different HTTP and HTTPS, it's likely the Same Origin Policy kicked in. There is a workaround you could use PostMessage interface for cross sites.
Other option would be managed by Server(IIS) so that both http/https url request setting to default document , so that you don't need to alter client-side scripting for such complication handling.
You should delete 'Default.aspx' page from your IIS Default document list. then you get exact URL that user entered.
Related
How to get the full referring exact page URL from subdomain (abc.example.com) to www.example.com using HTTP context in C#?
Example:
First I am going to visit – https://abc.example.com/page1/category1
Then navigate and lading to this --> www.example.com/page
In this case, I need to get this URL (referrer) https://abc.example.com/page1/category1 from HTTP context or any other way in C#.
Reviewing the documentation for Referrer-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) it seems my only option is to set it to unsafe-url (HTTP).
I need the ability to track the full referring page when navigates from abc.example.com to www.example.com. Is that possible?
I am trying to redirect to a page from the server without referrer. Right now I am doing redirect like this:
I haven't found any overloads for Redirect method or any other ways to redirect without referrer so it's present on the page:
So is there any solution to redirect without referrer in ASP.NET?
You can't handle the referrer from the Redirect method, but you can do one of the following:
Launch the new page on a new window.
Using a meta tag on the content page as follows:
<meta name="referrer" content="no-referrer" />
Or you can add the tag following this answer: How to add meta tag to ASP.Net content page
Move the redirect logic to the front and use rel(attribute specifies the relationship between the current document and the linked document) use:
link
I think you're asking "after my C# server code sends a redirect to the client browser, telling it to go somewhere else, I want the browser to NOT put my site URL into the Referer header when it goes to that somewhere else"
You can't, if it's direct, unless you're redirecting from a secure page (yours) to an insecure page (theirs)
You'll probably have to create an interim page that you redirect to, that has some client side scripting that performs the actual transition (like those "thanks for searching your flight with expedia, please wait while we transfer you to the airline to complete your booking" type pages) because then you can take control of what their browser sends; if you straight refer them, you can't
currently we have our website running like this: websitename.com. But we've added multiple languages to it so now all the English content will be available at websitename.com/en and the Russian content will be available at websitename.com/ru. Google has already indexed the URLs at websitename.com. Now, I want to redirect these URLs to default en.
i.e. websitename.com/page1 to websitename.com/en/page1
How do I acheive this?
Redirection is one way to make sure that users always receive the Web
page that they want. Redirection refers to the process of configuring
the Web server to issue a redirect message to the client, such as HTTP
302, which instructs the client to resubmit the request for a new
location. You can redirect users to another file, directory, or site.
You can check MSDN article about IIS Redicrection. Check the links in Procedures section.
If I have a domain which is:
(1) http://www.myownsite.com
And I have another domain that has a link to it:
(2) http://www.pointingtomyownsite.com
Is there a way to find out whether (1) is opened through a redirect from (2) in ASP.NET MVC?
It depends on what you mean by "redirect". If you mean a CNAME DNS entry (where one hostname appears in the browser even though the page is served from another host, and which many people incorrectly call a DNS redirect), then Senad's answer is correct, Request.Url.Host will work. (This is not a redirect BTW).
A real redirect will change the hostname shown in the browser window, and you can get the URL of the previous page using HttpRequest.UrlReferrer. This works for both redirects and links. Although the Referer HTTP header this property exposes is not technically required and may be NULL, in practice it will be sent by all the browsers you should care about except for possibly if the URL was entered directly on a new tab.
Yes,
var hostname = requestContext.HttpContext.Request.Url.Host
I am developing an iframe for use on a number of our partners websites.
Is there any way I can make sure it can only be used on those websites and not by anyone else
I was intending to add a compulsory querystring to the URL for the website.
Each partner would have a different value in the quesrystring dnd use that to look up an allowed domain
However, is there anyway to know the top level domain of the site hosting the iframe?
Presumably this is not sent in the http request for the iFrame? Or is it, I couldn’t see it?
Or do you need to send the domain from javascript?
Any advice?
However, is there anyway to know the top level domain of the site hosting the iframe?
Nothing reliable.
Presumably this is not sent in the http request for the iFrame? Or is it, I couldn’t see it?
It might be sent in the referer
Or do you need to send the domain from javascript?
If you want to fetch it from the framed page, you will be blocked by the same origin policy.
If you want to sent it from the framing page, you will be putting it in the query string and you can't trust it because it can be set to whatever the person writing the framing page likes.
There is also the X-Frame-Options header (but that has limited browser support).
The most reliable solution I can think of is:
Require the origin to be specified in the query string used to load the frame
Check the referer. If it doesn't match your white-list and is not blank, redirect to a page that is blank except for a link to your site with target="_top" and some JavaScript that top.location = "your site"
Check that the origin specified in the query string is on your whitelist, if it isn't act in the same way as a rejected step 2
Output an X-Frame-Options header that limits the framing to the specified origin
That is likely to catch enough browsers to discourage the framing site from framing your site.
You can try to check referrer which normal browser will send for IFrame requests on the page.
You also can use "x-frame-options" header covered in (How to Block Iframe call and MDN ) but not every browser will respect that (on other hand it is more reliable if browser supports it).
iframe's sanbox attribute might be helpful in controlling the various security aspects in an iframe including origins
http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
The Architecture Journal of 2007 has a nice article about this: Secure Cross-Domain Communication in the Browser
Basically what the article suggests is:
If you have page A on domain 1 with an iframe with page B on domain 2 as its source , then having an iframe on page B to page C on domain 1, would allow you to pass information across domains
I haven't tested it, but this sounds like it could work.
Another possibility is create a file with a special filename (for instance a hash of the URL of page B on domain 2) and basic extension (like .htm) and place it in the root of domain 1. Checking whether the file exists on domain 1 cannot be done by javascript however, so it should be done with server side code.