Let's say I have a website www.mysite.com and I want it to be a multilingual site. Following are the things I wanna achieve :-
1. When a user visits my website, I want to fetch the user's country's ISO code. Let's say the ISO is "FR".
Now I want the user to be redirected to www.mysite.fr
In case the ISO address can't be fetched, the user will be redirected to www.mysite.com
Now I have used the dll from this site http://ipaddressextensions.codeplex.com/ and used their method which is something like
iso3066code(). BUT I am not able to fetch ISO code based on a user's IP address. What is the best method to fetch the ISO code anyway??
2. I have a differenet master page for different countries. Like for France there is France.master, for Germany there is Germany.master, etc.
What I want is that firstly the ISO Code of the user should be fetched, then the user should be redirected to the site corresponding to the ISO
AND want the corresponding master to load.
Here's a scenario:-
A user from France opens my website by typing "www.mysite.com". Now I want to show the user my site's contents in French so I want him to be redirected to
"www.mysite.fr" AND want the France.master to load for all the pages. What I am doing is check the "Top level domain name" entered by user which is "com" in this case, then I fetch the ISO code
then if ISO exists, user is redirected to "www.mysite.fr"
IN CASE, ISO cant be fetched , "www.mysite.com" will only be opened for the user.
3. How do I redirect the user?? Response.Redirect("http://www.mysite.fr") is failing and giving errors like :-
"Page is not redirecting properly" I tried changing it to Response.Redirect("http://www.mysite.fr", false)
and Response.Redirect("http://www.mysite.fr", true). This didn't work.
4. www.mysite.com and www.mysite.fr aren't two different websites.Just that when is it www.mysite.com, English content will be shown on the website.
When it is "www.mysite.fr", French content can be seen inside the website.
What I did was :-
In the Global.asax file :-
I tried fetching ISO code using that dll above from the site ipaddressextensions. Then I created this Application("UserISO") variable in Global.asax file.((Is this a good approach?))
I needed to make it because I wanted to use this global variable within my Global file itself..In some user defined method.
Then I am setting master page name in a cookie and using this cookie to change master page dynamically for every content page in the Page_PreInit() event.
and lastly I am redirecting the user with " Response.Redirect("http://www.mysite.fr", false)". This response.redirect doesnt work!
Now, AM I on the right path?? I am super confused over how to actually make it work! :(
How do multilingual site redirect their users? Where can I learn about all this ? I have tried and tried and tried but this just won't work!
Lastly, there are not really any domain names set for the site as of now. Running it using the IP address set in the IIS.
So how do I test my site. How do I really go about it. Am I following the correct approach at all??
Please direct me to the right path. ANY help will be greatly appreciated. Thanks!
Belgium has 3 official languages, you can't find my language by just looking at the ip address or the domain.
The best way to find the language of a visitor is to check the language of his browser. You can find it in Request.Userlanguages.
Don't do this. It's really frustrating when you try to assume what language the user speaks. You're bound to get it wrong for someone eventually. Put some small flag icons or the language name choices on your main page in a highly visible place, and let your visitors chose what site/language they want to browse in.
Facebook's main sign in page is a great example of this.
Edit: The best you could probably do is to use the HTTP1.1 Header Accept-Language as a hint, but even then I think you should push back on this requirement of your project.
You get redirect error because the .fr site is probably the same site as .com, but session cookies are only valid for a certain domain which means that Session_OnStart() is invoked on the redirect as well. One way to circumvent this is to override the redirect/ip-lookup somehow, maybe send in a querystring or a specific landing page that you can identify:
www.site.fr/?overrideredirect=true
www.site.fr/redirected.aspx -> which then redirects back to / after Session_OnStart
In order to choose the right master page, you could probably identify which host that was requested and from that override master page in your global.asax, perhaps in the BeginRequest event.
Related
We have a homebrewed advertising system on our website. Part of this includes code that when an ad is clicked, we first go to a intermediary page that records the click data, which then redirects them along to the desired advertiser's website.
Unfortunately, our current solution requires that a URL parameter be passed to the intermediary page that is the destination URL. Some savvy advertisers have discovered that they can use this for their own nefarious purposes and "launder" their traffic through our site. In other words, on their site, they have a link along the lines of www.oursite.com/redirect?URL=www.theirtargetsite.com, making it seem like that traffic is coming from our site.
I'm working on a solution that will only redirect to a whitelist of URLs, but my first problem is more just knowing what this is called. Finding alternative and probably better solutions is difficult when I don't even know what to call it. With so much spoofing, laundering, and hijacking going on, it's hard to find help for the right topic.
What is it called when website A redirects to website C through website B without the permission of B?
The word you're looking for is open redirect. The MITRE article on this class of vulnerability has some examples of ways that this can be mitigated, e.g:
Whitelist the URLs that you will redirect to
Displaying a warning page before redirecting (probably not viable in your situation)
Use numbers to identify the URLs to redirect to (i.e, look them up in a table) instead of putting the target in a query parameter
Use a HMAC construction to "sign" URLs to redirect to, and reject redirects that don't have a valid signature
I'm trying to achieve FormAuthentication with multiple login pages by following this solution:
FormsAuthentication with multiple login pages
Basically the concept is to have a "middle page" that redirect you to the respective Login page of respective folder.
But I can't get this to work if I have friendly URL enabled in my application, I simply get a Redirection Loop error.
Please advise what should I do to achieve FormAuthentication with multiple login page.
P/S: I know FormAuthentication limit to have only one Login page, this is just how it being designed, a work around like the "middle page" is not a really good solution.
I been thinking to implement login myself without using FormAuthentication, but I do not have any idea how should I do it.
In one of the application I wrote previously, I store UserId in Session and use Session["LoggedIn"] = 1 to indicate the user are good to go, but I always have Session expiry issues. I know I should use Cookies but I not sure how.
if possible, just use one log-in form and use different web.config files in different directories, or one web.config with special s.
if not possible, web.config files might still help.
ex: https://support.microsoft.com/en-us/kb/316871
I had finally figure out a solution for this (perhaps a work around)
Instead of putting the Login Form inside each folder, put each Login Form in the root, then use the same concept of "middle page" and redirect them respectively.
In the Login page OnLoad function, just check if User is authenticated and have specific roles, then redirect them to the respective folder, so they wont need to signin again if they already signed in.
I am building a ASP.NET web application, the requirements are as following
when the user first lands on the website - dafult.aspx page , it should recognise the culture setting, if it is english it should retireve en\default.aspx
once the user lands on en\dafault.aspx page, the page has dropdown list to choose language, if the user chooses UK - English , it should redirect them to gb\default.aspx
my web site file structure is as follows
default.aspx
en/
default.aspx
gb/
default.aspx
fr/
default.aspx
es/
default.aspx
it/
default.aspx
nl/
default.aspx
Can you advise me how to achieve this with code samples?
I am pretty successful building localized website based on resource files, but we have specific requirement to build website in the above mentioned format.
You could use a global.asax hook. You would also need a flag for the current language selected by user. This could be the current culture's locale selected by the user or a flag stored on a cookie, or something else...
For example, you could use a hook function there, for example Application_BeginRequest where you could decide where to redirect the current request. If your current locale is it then you could parse the requested URL and redirect to the specific folder.
Just to be clear, I would not suggest following this approach overall. I would strongly suggest following the suggested by microsoft localization process. The approach I describe above is not very clean and I believe it is not as fast as the embedded solution proposed by microsoft.
Hope I helped!
I have a website that has seperate domains but runs on the same the server. They have seperate logins and are basically seperate entities even though they use the same pages with varying artwork controlled by javascript.
What I am basically looking for now is a way to control "Domain Jumping". Thus I want to have a way to check the current url and the previous url and then compare domains. If the domains differ then the person would be redirected to the previous page or login page of the previous url.
I tried to do this with the "SESSION" variable but I can't seem to get the logic right.
Has anyone got an example they could show me?
Ok the brain is finally waking up. What i've done is created 2 session variables, 1 for the current domain and 1 for the previous domain. Then on each page I compare the current and previous domains. If they don't match I redirect the user back to the previous domains logon page and if they do match I set the previous domain equal the current domain.
Does this seem like a robust solution or is there a better way to do this?
Thanks!!
I would implement this using the HTTP referrer ("referer") header field. Check the URL in the header and if it differs from your current domain, redirect back to where the user came from (alternatively to your login page).
In an aspx C#.NET page (I am running framework v3.5), I need to know where the user came from since they cannot view pages without logging in. If I have page A (the page the user wants to view) redirect to page B (the login page), the Request.UrlReferrer object is null.
Background: If a user isn't logged in, I redirect to the Login page (B in this scenario). After login, I would like to return them to the page they were requesting before they were forced to log in.
UPDATE:
A nice quick solution seems to be:
//if user not logged in
Response.Redirect("..MyLoginPage.aspx?returnUrl=" + Request.ServerVariables["SCRIPT_NAME"]);
Then, just look at QueryString on login page you forced them to and put the user where they were after successful login.
UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it's variable.
I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.
Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.
UPDATE: As mentioned in the comments, it is probably a good idea to restrict the redirect from the GET parameter to only work for domain-less relative links, refuse directory patterns (../), etc. So still sanity check the redirect; if you follow the standard "don't use any user-supplied input blindly" rule you should be safe.
If you use the standard Membership provider, and set the Authorization for the directory/page, the code will automatically set a query parameter of ReturnUrl and redirect after a successfull login.If you don't want to use the Membership provider pattern, I would suggest manually doing the query string parameter thing as well. HTTP referrers are not very reliable.
The problem could be related on how you redirect the user to some other page. Anyways, the referer url is nothing you should take as absolute rule - a client can fake it easily.
What you're looking for is best done with a query string variable (e.g. returnURL or originURL). Referrer is best used for data mining operations as it's very unreliable.
See the way ASP.Net does redirection with logins for an example.