C# 3.0
ASP.Net 2.0
IIS6
I have a regular [non-https] page. There is the standard one ASP.Net form on the page.
There are two "areas" of functionality on the page though. Login and "Get Quote". The login page needs to POST to HTTPS while the rest of the page [including the "other area"] form can't be HTTPS. In Java [JSP] and regular Html, we would just have two forms. One that posts to HTTPS and one that doesn't.
What is the way to handle this in ASP.Net [from one page]. I know that I could link to an HTTPS login.aspx page, but the business really would like the context together.
Any ideas?
Thanks,
The solution is to use asp.net to specify a "cross page postback", that is, you user the PostBackUrl property of any button control (LinkButton, Button, ImageButton etc.). This property allows you to post back to any page you like. Just set your PostBackUrl to the https version of your page and you're good to go (also make sure there are no url redirects active which force http on your page).
// ensure we send credentials over a secure connection
if (!HttpContext.Current.Request.IsSecureConnection)
{
string postbackUrl = HttpContext.Current.Request.Url.AbsoluteUri.Replace("http", "https");
LinkButton_Login.PostBackUrl = postbackUrl;
}
In your specific case you should set one of your buttons to post back to the https version, and the other to the http version (if you don't specify the PostBackUrl the default is to post back to the page itself as is).
You can have two forms on an aspx page. You just can't nest them.
On a page I built, I have one form that posts back to the page, and one that posts back to Google Checkout.
If you have to mix the contents of the page, put the https form at the bottom of the page (after the main form tag) and fill it with hidden fields. When the user clicks a button, use Javascript to assign values to the hidden fields and then post the https form.
You could do a manual post through code using the HttpWebRequest object for the login event and then write the returned response back to the user's stream.
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(webRequest.URL);
request.UserAgent = UserAgent;
request.ContentType = ContentType;
request.Method = "POST";
// Write your bytes of the login section here
Stream oStream = request.GetRequestStream();
oStream.Write(webRequest.BytesToWrite, 0, webRequest.BytesToWrite.Length);
oStream.Close();
// Send the request and get a response
HttpWebResponse resp = (HttpWebResponse)request.GetResponse();
// Read the response
StreamReader sr = new StreamReader(resp.GetResponseStream());
// return the response to the screen
string returnedValue = sr.ReadToEnd();
sr.Close();
resp.Close();
Response.Write(returnedValue);
I'm assuming from your context, that you are doing one thing or the other, not both at the same time.
Look at the PostbackURL of the button objects.
the login button can postback to "https://secure.login.com"
The other button can just postback to the page itself.
The problem here is that you'll still be posting back the login fields to the insecure page, which means they're not encrypted, and could be sniffed.
The quick and dirty workaround would be to have javascript clear the login fields before posting if the "Get Quote" button is pressed.
Are the HTTP and HTTPS pages on the same server / part of the same application?
If so you maybe able to use the Server.Transfer() method to keep the form intact but also have the HTTPS.
In ASP.Net 3.5 (maybe SP1--forget if it was in the base library or the SP) you can now set the "action" attribute. But that would make it post to HTTPS for both 'forms'.
If you want to have both forms on the same page, and determine which to post to at 'runtime', you'll have to do it with client-side code. Have client handlers on all objects that trigger post backs or hook into the _dopostback (or whatever it's called--to lazy to look it up) function, and have it check which button was pressed. If the non-secure page, then clear out any data in the login fields first. Then manually trigger the postback yourself to the correct page.
Couldn't you just do a Response.Redirect("https://.../Login.aspx"); in the Login button click event.
Related
I log in to the site and navigate to one page X where I post data and then I log out. It takes to log out page and after that if I click back button it takes me back to page X but shows message page is expired I try to resend same page or click refresh and resubmit same page.. I have fiddler running and now I see the data is posted ... I was able to see this in proxy tool fiddler.
Now due to security issue when I try to resubmit expired page I don't want to see my form data in fiddler.
How do I do this.
I already tried all the on page load event for above page X. Page x is user control.
Response.Cache.SetNoStore();
Response.Cache.AppendCacheExtension("no-cache");
Response.Expires = 0;
Response.Expires = -1; case"
Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
Response.Cache.SetNoServerCaching();
Response.Cache.SetMaxAge(TimeSpan.FromSeconds(0));
You can't prevent this behavior (other than trying to clear the browser history which is not simple). This is a function of the browser / client. It will try to re-post the data, which is normal. Your system should handle it accordingly by ignoring the data if the user isn't authenticated or logged in.
I have a button click event set up to retrieve a byte array object from my DB and it is then going to show the file in a new browser window. Right now I have this much:
Response.ContentType = "image/jpeg";
Response.AddHeader("content-length", fileBytes.Length.ToString());
Response.BinaryWrite(fileBytes);
where fileByes is my byte array. This is working perfectly, but I need to force this to open in a new window. I have tried adding the javascript to the response with response.write but that doesn't seem to work.
Writing your response is handled server side. Displaying your response is handled client side. You would have to tell your client to open a new window given the response from the server, e.g.
Get Image
Where getImage.aspx is the ASP.NET page responsible for serving the image/page.
You can't open a new window from server-side code. You'll need to call window.open() from JavaScript and pass in a URL to a page that returns the file.
You'd want to have your button click open the new browser window, which then makes the call to your code you have posted in your question. You're trying to do it sort of backwards.
Use a hyperlink with a URL to a blank .aspx,
pass a parameters in the URL as ?param=4¶m2 ... etc.
In the load event for the page place your response code there.
How do I redirect from one ASP.NET page to another ("Webform2.aspx") by means of a button?
You can redirect from one page to another using Response.Redirect()
set PostBackUrl property of button, like this :
button1.PostBackUrl= "Webform2.aspx";
You can redirect to another ASP.NET page using the code below :
Response.Redirect("Webform.aspx");
This is the simplest way
Personally, if all you're wanting to do is load a new page when a button is clicked, I would do this with client-side script.
You could use a JS library for this (eg: jQuery), like so:
jQuery
$(function() {
$('#<%= button1.ClientID %>').click(function() {
window.location.href = "Webform2.aspx";
});
});
ASP.NET
<asp:Button id="button1" runat="server"/>
Or, for a specifically ASP.NETesque way to do it, you can use Button.PostBackUrl as Antonio suggests, which still uses client-side script but means you don't have to write it yourself. The HTML for the button renders as:
<input type="submit" name="button1" value="Button" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("button1", "", true, "", "webform2.aspx", false, false))" id="button1" />
If you've got other processing to do server-side and you need to redirect afterwards, use
Response.Redirect("Webform2.aspx"); in your click handler.
If that's not working for you, please add some more detail to your question to explain what's happening.
Well there are lot of ways. Response.Redirect, Server.Transfer, Javascript call to the page.
Javascript call is required when u have no server side actions for the button.
onclick="javascript:window.location.href = Webform2.aspx?id='<%=Request.QueryString["id"]%>'"
Server.Transfer will do a re-direct at server side. i.e, The browser will still show after the response from webform2. Webform1.aspx will re-direct the request to webform2 and webform2 will give the req. (Req = 1, Res = 1)
Response.Redirect: webform1 will send a response asking the browser to make a new request to webform2. In this case, the browser will change the url as it is making a new req to webform2.(Req = 1 + 1, Res = 1+1)
There is one more way, form.submit() if you are interested. The traditional html form submit.
Forgot to mention the best of all, the cross-page postback with PostBack url..
http://aspdotnetcode.source-of-humor.com/TipsAndTricks/General/CrossPagePostbackAspNetCrossPagePostback.aspx
You can use below code :
protected void Button1_Click(object sender, EventArgs e) {
Response.Redirect("default2.aspx");
}
Notice that default2.aspx is your second web page name and you
Response.Redirect(string url) issues a 302 HTTP status code instructing the client to redirect to url. The browser will issue a new request for url and the URL will change in the address bar.
Server.Transfer(string path) terminates execution of the current page and starts execution of a new page on the specified path i.e. internally within IIS. Therefore the URL in the browser address bar will not be changed. The page you transfer to must be an aspx page in the same web site.
The differences are subtle but important. A simple way to think about this is to ask yourself "should the user bookmark/favorite this URL?". Use Response.Redirect if the URL has changed and future visits to the content should be on the new URL. Use Server.Transfer if the URL is correct and current but you need to display different content this one time - maybe you are displaying an error message or you need the user to enter their credentials to continue or there is some other reason why the content should change but the URL should not.
Either of the above can be used within the Click event handler of an ASP.NET Button control in your code-behind:
protected void Button1_Click(object sender, EventArgs e)
{
Response.Redirect("Webform2.aspx");
// OR
Server.Transfer("Webform2.aspx");
}
Both Response.Redirect and Server.Transfer methods are used to transfer a user from one web page to another web page. Both methods are used for the same purpose but still there are some differences as follows.
The Response.Redirect method redirects a request to a new URL and specifies the new URL while the Server.Transfer method for the current request, terminates execution of the current page and starts execution of a new page using the specified URL path of the page.
Both Response.Redirect and Server.Transfer has same syntax like:
Response.Redirect("UserDetail.aspx");
Server.Transfer("UserDetail.aspx");
Before touching on more points I want to explain some HTTP status codes, these are important for the understanding of the basic differences between these two. The HTTP status codes are the codes that the Web server uses to communicate with the Web browser or user agent.
Response.Redirect sends an HTTP request to the browser, then the browser sends that request to the web server, then the web server delivers a response to the web browser. For example, suppose you are on the web page "UserRegister.aspx" page and it has a button that redirects you to the "UserDetail.aspx" web page.
I have set up the SDK on my FB application but for the life of me cannot work out why the redirection happens.
The app is an IFrame so, for testing I have two pages, on page one a link to page two, when I click the link the whole page is redirecting as opposed to the IFrame src redirecting.
Both pages are checking to see if the user is logged in with the following code..
protected string requiredAppPermissions = "user_about_me,email";
protected FacebookApp fbApp;
protected CanvasAuthorizer authorizer;
protected void Page_Load(object sender, EventArgs e)
{
fbApp = new FacebookApp();
authorizer = new CanvasAuthorizer(fbApp);
authorizer.Perms = requiredAppPermissions;
if (authorizer.Authorize())
{
}
}
I have had a look in source and can see this in the FacebookAppRedirectHttpHandler, I just can't understand why you would want to keep redirecting the full page for every navigation link?
The most important reason is that Facebook passes the authentication to the signed_request to the source on every request. It either does this with a POST in the body or with a GET in the querystring. The reason we do this is because cookies aren't 100% reliable. If we redirected inside the iframe we would have to store the user's session in a cookie. Some browsers, including safari, don't let iframe apps create cookies. There are ways around this, but for most people the way we have it works best. If you want to have a redirect inside the iframe without changing the top url you will have to save the session in some way and pass it to the second page. You could do this by adding it to the querystring (complicated) or storing it in the Session (not very scalable) or using cookies (not reliable).
I am using webrequest and webresponse in my application. I want to click on a button same as webbrowser control and fill a textbox field. How can I do this from webrequest and webresponse?
You cant do that, they just return you the response stream..
I did a blog post on how to programmatically log into a website(I used Twitter in my example). This is basically what you want(filling in textboxes and submitting the information), if I understand your question correctly.
http://eclipsed4utoo.com/blog/log-website-programmatically/