I have a website that requires some secure pages for logging in, user accounts, form submission etc. but does not need to be secure on most pages.
Certificate purchased and installed on www.mywebsite.com.
I am currently redirecting users to the https by using this C# code in the page_load:
if (!Request.IsLocal && !Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
My concern is that after visiting the secure page and the user clicks on another page, it stays secure rather than going back to http.
I have looked at a number of options including IIS rewrite (it's like a whole other language and too complicated) and coding something globally (redirects every page, not selective).
Is there a simple solution that will allow me to redirect to https on selected pages (about 10 or so pages, or all pages in a particular folder) and then back to http on all others? I'm not the greatest coder in the world, so trying to find something easy to implement and understand.
If any portion of your website requires SSL, then I would strongly recommend that you use SSL throughout. You would be unnecessarily opening yourself up to potential data loss by doing anything else. Check out OWASP Top Ten for more info.
you can use HTTP Handlers to solve this issues instead of having the code on each page load
Related
I have an app written in asp.net mvc on domain-A.com and there is an other external service on domain-B.com that will eventually redirect user to my app. But since i have some performance issues i want my app to be ready before redirection to my site and cache some data. So domain-B call one endpoint from domain-A.com and domain-A.com sets a session cookie or any other cookie for itself(not for domain-B.com this is important) and when redirection happens domain-A.com reads cookie for itself and does its staff. Is this possible and if it is what is the method for it.
You can't set cookies via AJAX on other domains.
What you can do is to render some page from "domain-a" in hidden IFrame and let it set cookies/cache whatever you want.
Note: this will likely simply double time needed for your site to render. Solving actual performance problems will likely provide better user experience.
Your question isn't very clear.
If you are trying to cache some static data for your application in the browser, then I suggest you look into using local storage:
Here are just a few pointers for the start:
http://www.w3schools.com/html/html5_webstorage.asp
https://www.smashingmagazine.com/2010/10/local-storage-and-how-to-use-it/
On the other hand, you can easily set cookies using javascript code, so I don't understand what you are struggling with.
There are a couple of words that you have used in your post, which makes me wonder... first one is 'Session cookie'. Now 'Session' is a different story. Are you referring to browser session? Application session? Are you trying to share the same session between different domains?
The second questionable phrase is "one endpoint from domain A". What exactly is this endpoint? Are you referring to a WCF endpoint? A web page?
I think you need to provide more details on your post to get proper answer :)
I want to open a new website within my website without changing the existing URL.
Suppose I have a website siteA and it have one page main.html, my question is that how I show siteB (new site) when I open the siteA/main.htm but my url still same, no change in url but site is different.
I open siteB when I want otherwise siteA still browsing.
I want to do this without changing. htaccess file. I want to do this using any programming language like C#, PHP Dynamically.
Please tell me how to do this.
Don't do this! Usually sites will do this for phishing purposes to obfuscate the site the user is on in order to collect personal information.
If you were to have this on a website, it would likely be flagged as fraudulent by the browser. I'd consider a different architectural approach to what you are trying to accomplish.
I know the question sounds too vague so let me explain exactly what I want to implement.
I have a WebApplication that many users log into to submit a request, Request in my project is a form that accepts some information from the user and when he click submit, it reflects on the administrator page. then the admin can grant or decline this request. and of course the result need to be sent to the user's 'Pending Requests' page.
this process is all about time so I need a clean and efficient way to show the admin the requests instantly and for the user to see the admin's response instantly. (kind of like facebook notification system).
I hope my problem is know clear. I understand that there are many ways to implement this and I have a very small knowledge about them. But I just want you guys to recommend an effecient way because I'm sure that the good ways to do this is limited.
Thanks in advance everybody :)
I will suggest you take a look at SignalR (https://github.com/SignalR/SignalR). It is a framework developed by a few MS developers for doing long polling/notifications from the server.
Link for webforms walkthrough - http://www.infinitelooping.com/blog/2011/10/17/using-signalr/.
You could also look into using a Timer control. It's a client side control that will cause a postback for ASP.NET AJAX applications. Here's a simple tutorial
http://ajax.net-tutorials.com/controls/timer-control/
What you're talking about is a 'push' notification, where the server would pass a notification to the client (a browser) without the client requesting anything.
This isnt something which HTTP is naturally capable of, however have a read about Comet - this will let you know the current state of what is possible.
You may opt for creating a 'heartbeat' on the client side - a polling mechanism which requests from the server every x seconds, and updates the page when new content is found.
I need a clean and efficient way to show the admin the requests instantly and for the user to see the admin's response instantly.
Instantly is a very strong term and isn't usually very scalable.
For some ideas on how you might implement this I'd recommend you take a look at Wikipedia's Comet Programming page
When a user submit requests I assume that his request is first stored in the database. So on the admin & user part you use ajax which periodically update data from database (for un-approved data), do some google search on ajax auto-update or Javascript's timeout or similar function. The same process will be involved in user part.
I am thinking about working with remote data and receive or send data actually in external web sites. exists a large amount of examples in World Wide Web are working. For example: free online web tools like web stats OR Google's AdSense .... .you know in such web services some code will generate for publishers and the publisher put generated code in her BODY of web page document(HTML file) and the system after that will work. we can have count of visits for home pages, count of clicks on advertisements and so on.now this is my question: How such systems Work? and how can I investigate and search about them to find out how to program them? can you suggest me some keywords? Which Titles should I looking for? and which Technologies is relevant to this kind of programming? Exactly I want to find some relevant references to learn and start some experiences on these systems. if my Q is not Clear I will Explain it more if you want...Help me I am confused.
Consider that I am an Programmer want to program such a systems not to use them.
There are a few different ways to track clicks.
Redirection Tracking
One is to link the advertisement (or any link) to a redirection script. You would normally pass it some sort of ID so it knows which URL it should forward to. But before redirecting the user to that page it can first record that click in a database where it can store the users IP, timestamp, browser information, etc. It will then forward the user (without them really knowing) to the specified URL.
Advertisement ---> Redirection Script (records click) ---> Landing Page
Pixel Tracking
Another way to do it is to use pixel tracking. This is where you put a "pixel" or a piece of Javascript code onto the body of a webpage. The pixel is just an image (or a script posing as an image) which will then be requested by the user visiting the page. The tracker which hosts the pixel can record the relevant information by that image request. Some systems will use Javascript instead of an image (or they use both) to track clicks. This may allow them to gain slightly more information using Javascript's functions.
Advertisement ---> Landing Page ---> User requests pixel (records click)
Here is an example of a pixel: <img src="http://tracker.mydomain.com?id=55&type=png" />
I threw in the png at the end because some systems might require a valid image filetype.
Hidden Tracking
If you do not want the user to know what the tracker is you can put code on your landing page to pass data to your tracker. This would be done on the backend (server side) so it is invisible to the user. Essentially you can just "request" the tracker URL while passing relevant data via the GET parameters. The tracker would then record that data with very limited server load on the landing page's server.
Advertisement ---> Landing Page requests tracker URL and concurrently renders page
Your question really isn't clear I'm afraid.
Are you trying to find out information on who uses your site, how many click you get and so one? Something like Google Analytics might be what you are after - take a look here http://www.google.com/analytics/
EDIT: Adding more info in response to comment.
Ah, OK, so you want to know how Google tracks clicks on sites when those sites use Google ads? Well, a full discussion on how Google AdSense works is well beyond me I'm afraid - you'll probably find some useful info on Google itself and on Wikipedia.
In a nutshell, and at a very basic level, Google Ads work by actually directing the click to Google first - if you look at the URL for a Google ad (on this site for example) you will see the URL starts with "http://googleads.g.doubleclick.net..." (Google own doubleclick), the URL also contains a lot of other information which allows Google to detect where the click came from and where to redirect you to see the actual web site being advertised.
Google analytics is slightly different in that it is a small chunk of JavaScript you run in your page, but that too basically reports back to Google that the page was clicked on, when you landed there and how long you spend on a page.
Like I said a full discussion of this is beyond me I'm afraid, sorry.
I'm trying to build a C# console application to automate grabbing certain files from our website, mostly to save myself clicks and - frankly - just to have done it. But I've hit a snag that for which I've been unable to find a working solution.
The website I'm trying to which I'm trying to connect uses ASP.Net forms authorization, and I cannot figure out how to authenticate myself with it. This application is a complete hack so I can hard code my username and password or any other needed auth info, and the solution itself doesn't need to be something that is viable enough to release to general users. In other words, if the only possible solution is a hack, I'm fine with that.
Basically, I'm trying to use HttpWebRequest to pull the site that has the list of files, iterating through that list and then downloading what I need. So the actual work on the site is fairly trivial once I can get the website to consider me authorized.
I have dealt with something similar, and the hardest part is figuring out exactly what you needed to "fake" to get authorized. In my case it was authorizing into some Lotus Notes webservice, but the details are unimportant, the method is the same.
Essentially, we need to record a regular user session. I would recommend Fiddler http://www.fiddler2.com but if you're on linux or something, then you'll need to use wireshark to figure some of the things out. Not sure if there is a firefox plugin that could be used.
Anyway, start up IE, then start up Fiddler. Complete the login process.
Stop what you're doing. Switch to the fiddler pane, and examine the recorded sessions in detail. It should give you exactly what you need to fake using WebRequests.
This page should get you started. You need to first make a request to the page, and then saving the cookie to a container that you include in all later request. That should keep you logged in, and able to retrieve the files.