I have a site where we use a RadWindow as a confirm-popup.
Why does the popup not show/work on "https", when everything's works fine on "http"?
I can add more code if necessary, but this is the most important, I think. It's where my track ended..
string url = "../Controls/General/ScenarieBeregning/ScenariePopupPage.aspx";
Log.Debug("popup . url: "+url+". "+DateTime.Now);
string script = string.Format(
"radopen('" + url + "?skemaId={0}&redirect={1}','RadWindow1')",
skemaId,
redirect);
ScriptManager.RegisterStartupScript(
Page, typeof(Page), "scenarieConfirmPopUp", script, true);
I tryed adding "https" in url and google this, but with not luck.
Anyone help is much appreciated.
I can share my solution:
string protocol = Request.Url.Scheme; // HTTP eller HTTPS
string url = protocol + "://" + WebConfigConstant.HostAppsetting +"/Controls/General/ScenarieBeregning/ScenariePopupPage.aspx";
Check here
Telerik team :
The behavior that you experience is expected - if one of the pages is
using HTTP and the other - HTTPS, you cannot access objects in one
page from the other. Please note that this issue is not related to the
RadWindow control - you will experience the same behavior if you are
using a standard IFRAME instead. There is no other workaround in such
scenario than to have both pages using the same protocol, otherwise it
would be a major security hole.
Related
Does anyone know if there is a way to capture the search phrase used to get to your site? Do the search engines forward that information in any header values?
I have looked through all of the Request.ServerVariables and have not been able to find anything to do with the origin of the user (other than HTTP_REFERER).
I can see some anonymous information in Google Analytics but I am wanting to bind this information to user records upon account creation.
Any help is appreciated.
Yes - UrlReferrer is where you would have to look. But as google search (by default) runs via https it will not send any Url Referrer. So you are out of luck here - sorry (or maybe good for the users ;-) ).
If you get visited by http you could try some fancy approach like:
http://www.codeproject.com/Tips/127681/Get-search-key-word-from-the-referrer-url
If the page before loading your page was the search engine, you can use UrlReferrer to get it and then maybe parse it to get the values
Uri MyUrl = Request.UrlReferrer;
Response.Write("Referrer URL Port: " + Server.HtmlEncode(MyUrl.Port.ToString()) + "<br>");
Response.Write("Referrer URL Protocol: " + Server.HtmlEncode(MyUrl.Scheme) + "<br>");
Hope it helps
I am making a launcher for Minecraft. 1.6.2 changed a lot, so the way you login is different. If any of you have any knowledge of logging into minecraft using C#, I would appreciate it.
wClient.DownloadString("http://login.minecraft.net/?user=" + strUsername + "&password=" + strPassword + "&version=13");
I believe this used to be a valid way of doing it, but I am not quite sure anymore. Help is appreciated, thanks.
In reply to TheUnrealMegashark's comments to Rhys Towey's Answer. I have been working really hard to get it to launch, but. Its throwing me off a bit. The very next update will include a 1.6 fix. Just got to figure it out.
The proper answer to your question is that the web link that fetches the Session is still currently in use. Nothing new there.
Beware! You must know that your
"http://login.minecraft.net/?user=" + strUsername + "&password=" +
strPassword + "&version=13"
Is unsafe. It sends the password of the user through the internet in plain text. it can be subject to "Man in the Middle" attacks.
One of the proper ways to encrypt the connection is to use HTTPS with POST. Using POST, I avoid sending all of the data in the request URL and send the data through POST. Using HTTPS, I encrypt any data sent after the request URL returns. HTTPS makes POST encrypted, thus removing "Man in the Middle" attacks.
You can use GET with HTTPS and it still be secure (from what i have read). But, it is considered an unsafe practice. Although it is safe in all accounts between your computer and the connected device, anywhere else it might be seen and be subject to "Man behind you Attack". What I mean is that when you send this URL, it is possible for your computer to record the URL in some sort of history, or, display it in an address bar in plain text. Although, sense your not making a web browser and the URL is not displayed, this could possibly all be forgotten.
But, If it were me, I would still play it safe and just use the safer strategy.
To use HTTPS with POST.
Here is a sample of code i use in my "AtomLauncher." This code will send the POST data to the URL and return a string. Goto http://www.minecraftwiki.net/wiki/Minecraft.net to get more info on the string that is returned.
string mcURLData = "Error";
using (WebClient client = new WebClient()) // Get Data from Minecraft with username and password
{
// This a Text control for my Program, ignore this commented line if you wish.
// this.Invoke(new MethodInvoker(delegate { homeLabelTop.Text = "Connecting to Minecraft.net..."; }));
try
{
System.Collections.Specialized.NameValueCollection urlData = new System.Collections.Specialized.NameValueCollection();
urlData.Add("user", "UserName");
urlData.Add("password", "MYPa22w0rd");
urlData.Add("version", "13");
byte[] responsebytes = client.UploadValues("https://login.minecraft.net", "POST", urlData);
mcURLData = Encoding.UTF8.GetString(responsebytes);
}
catch
{
if (!System.Net.NetworkInformation.NetworkInterface.GetIsNetworkAvailable())
{
mcURLData = "Internet Disconnected.";
}
else
{
mcURLData = "Can't connect to login.minecraft.net.";
}
}
}
To use HTTPS with GET
just simply change the
http
in your code to
https
In other news.
I have fixed my code. Feel free (when its uploaded) to use it.
For your information, you need to know that when 1.6.X launches it creates a natives folder of which it starts using immediately. What I have done to fix this was to run 1.6.2 and copy the natives folder it created and removed the number.
Created "version/1.6.2/1.6.2-natives-###"
Copied it to "version/1.6.2/1.6.2.natives"
Point my program to "natives" folder I created.
What I'll end up doing in the future is automatically checking for the natives folder and if it doesn't exist, I'll have it download natives from the internet.
(I would love to know where minecraft is getting its current natives so i can essentially do the same thing. Unless, what it does is download it from the internet every time it launches. If true, that's kind of ugly. Seeing as I have bandwidth usage limits.)
I would like to get the exact url that user typed into the browser. Of course I could always use something like Request.Url.ToString() but this does not give me what i want in the following situation:
http://www.mysite.com/rss
With the url above what Request.Url.ToString() would give me is:
http://www.mysite.com/rss/Default.aspx
Does anyone know how to accomplish this?
I have already tried:
Request.Url
Request.RawUrl
this.Request.ServerVariables["CACHE_URL"]
this.Request.ServerVariables["HTTP_URL"]
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "CACHE_URL")
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "HTTP_URL")
Edit: You want the HttpWorkerRequest.GetServerVariable() with the key HTTP_URL or CACHE_URL. Note that the behavior differs between IIS 5 and IIS 6 (see documentation of the keys).
In order to be able to access all server variables (in case you get null), directly access the HttpWorkerRequest:
HttpWorkerRequest workerRequest =
(HttpWorkerRequest)((IServiceProvider)HttpContext.Current)
.GetService(typeof(HttpWorkerRequest));
Remember too that the "exact URL that the user entered" may never be available at the server. Each link in the chain from fingers to server can slightly modify the request.
For example if I type xheo.com into my browser window, IE will be convert to http://www.xheo.com automatically. Then when the request gets to IIS it says to the browser - you really want the default page at http://www.xheo.com/Default.aspx. So the browser responds by asking for the default page.
Same thing happens with HTTP 30x redirect requests. The server will likely only ever see the final request made by the browser.
Try using Request.Url.OriginalString
Might give you the thing you are looking for.
It is possible, you just need to combining a few of the values from the request object to rebuild the exact url entered:
Dim pageUrl As String = String.Format("{0}://{1}{2}",
Request.Url.Scheme,
Request.Url.Host,
Request.RawUrl)
Response.Write(pageUrl)
Entering the address http://yousite.com/?hello returns exactly:
http://yousite.com/?hello
Request.RawUrl
I think is the monkey you are after...
Easiest way to do this is used client-side programming to extract the exact url:
<script language="javascript" type="text/javascript">
document.write (document.location.href);
</script>
I want to open a page that required Basic authentication.
I want to pass the Basic authentication header to the browser along with the URL.
How can i do that?
Via a header you can:
string user = "uuuuuuu";
string pass = "ppppppp";
string authHdr = "Authorization: Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(user + ":" + pass)) + "\r\n";
webBrowserCtl.Navigate("http://example.com", null, null, authHdr);
given that this needs to be done on a per-request basis, an easier option for basic auth is to just;
webBrowserCtl.Navigate("http://uuuuuuu:ppppppp#example.com", null, null, authHdr);
You could try the old "in URL" format which allowed this but it is insecure:
http(s)://username:password#server/resource.ext
This exposes credentials and IE has disabled it, but it may still work in other browsers. When this format is used the credentials are available to the browser and it makes the decision to send the basic authentication header depending on how the web server responds.
Try to use something like Watin
Here you can find good blog-posts about Watin.
The code looks like:
public void SearchForWatiNOnGoogle()
{
using (var browser = new IE("http://www.google.com"))
{
browser.TextField(Find.ByName("q")).TypeText("WatiN");
browser.Button(Find.ByName("btnG")).Click();
}
}
First check this code:
Dim result As String
Using wClnt As New Net.WebClient
wClnt.Credentials = New System.Net.NetworkCredential("username", "password")
Using strR As New IO.StreamReader(wClnt.OpenRead("http://ADDRESS_To_READ"))
result = strR.ReadToEnd
End Using
End Using
If it was not what your where looking for, Check this post, it may help:
How do I log into a site with WebClient?
Update:
This way you are not opening any browser. Just requesting the address you want and passing Credential.
The WebBrowser control in .Net uses Internet Explorer as it's browser, so if you don't mind using IE, this is the code I wrote. h5url is the url you want to open in a window. My program doesn't even show a browser control, this is spawns an instance of Internet Explorer with the web page logged in.
using (WebBrowser WebBrowser1 = new WebBrowser())
{
String auth =
System.Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(_User + ":" + _Password));
string headers = "Authorization: Basic " + auth + "\r\n";
WebBrowser1.Navigate(h5URL, "_blank", null, headers);
}
This opens a new browser with any headers you need for authentication, basic or otherwise.
I would like to get the exact url that user typed into the browser. Of course I could always use something like Request.Url.ToString() but this does not give me what i want in the following situation:
http://www.mysite.com/rss
With the url above what Request.Url.ToString() would give me is:
http://www.mysite.com/rss/Default.aspx
Does anyone know how to accomplish this?
I have already tried:
Request.Url
Request.RawUrl
this.Request.ServerVariables["CACHE_URL"]
this.Request.ServerVariables["HTTP_URL"]
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "CACHE_URL")
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "HTTP_URL")
Edit: You want the HttpWorkerRequest.GetServerVariable() with the key HTTP_URL or CACHE_URL. Note that the behavior differs between IIS 5 and IIS 6 (see documentation of the keys).
In order to be able to access all server variables (in case you get null), directly access the HttpWorkerRequest:
HttpWorkerRequest workerRequest =
(HttpWorkerRequest)((IServiceProvider)HttpContext.Current)
.GetService(typeof(HttpWorkerRequest));
Remember too that the "exact URL that the user entered" may never be available at the server. Each link in the chain from fingers to server can slightly modify the request.
For example if I type xheo.com into my browser window, IE will be convert to http://www.xheo.com automatically. Then when the request gets to IIS it says to the browser - you really want the default page at http://www.xheo.com/Default.aspx. So the browser responds by asking for the default page.
Same thing happens with HTTP 30x redirect requests. The server will likely only ever see the final request made by the browser.
Try using Request.Url.OriginalString
Might give you the thing you are looking for.
It is possible, you just need to combining a few of the values from the request object to rebuild the exact url entered:
Dim pageUrl As String = String.Format("{0}://{1}{2}",
Request.Url.Scheme,
Request.Url.Host,
Request.RawUrl)
Response.Write(pageUrl)
Entering the address http://yousite.com/?hello returns exactly:
http://yousite.com/?hello
Request.RawUrl
I think is the monkey you are after...
Easiest way to do this is used client-side programming to extract the exact url:
<script language="javascript" type="text/javascript">
document.write (document.location.href);
</script>