I have two very similar pieces of ASP.NET code that send a file in an HTTP Reponse to the client. They should cause the browser to prompt to save the file. The first one works, the second one doesn't. The HTTP responses as seen in Fiddler are below.
Working:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 228108
Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
content-disposition: attachment; filename=Report.xlsx
Date: Wed, 05 Jan 2011 12:17:48 GMT
<binary data>
Not working:
HTTP/1.1 200 OK
Server: ASP.NET Development Server/10.0.0.0
Date: Wed, 05 Jan 2011 12:19:21 GMT
X-AspNet-Version: 4.0.30319
Content-Length: 228080
content-disposition: attachment; filename=report 2.xlsx
Cache-Control: private
Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Connection: Close
<binary data>
When the first one is seen in Fiddler the browser correctly prompts to save the file. When the second one is seen in Fiddler, nothing observable happens in the browser. Same behaviour in both chrome and firefox.
EDIT: ASP.NET code that produces the second response
we're facing a weird and seemingly randomly appearing problem where the browser renders the complete, raw HTTP response (to a GET request) including all headers and the compressed content as text instead of just using the contents and rendering it. This happens for whole page loads as well as postbacks as well as page loads inside an iframe; for sure in Firefox 3.6.*, not sure about IE right now.
Our service is an ASP.NET 2.0 web app running on IIS 7.5, on our test machines we regularly have Fiddler running in the background (wondering if this might be part of the problem).
This behaviour occurs very rarely but we have started seeing this problem lately during our tests.
Has anybody encountered this problem before and knows what causes it and maybe even knows what to do about it?
I'm looking at a website using Internet Explorer and Firefox. In each browser I select view source and see the website's URL in the links. These links were concatenated together using HttpContext.Current.Request.Url.Host in the code behind. However, when I use netcat or Burp Suite v1.3.03, looking at the same links I see the servername instead of the website's URL.
My question is - Why does view source in the browser display different links in the page source than what netcat or Burp Suite outputs? Is the browser rewriting stuff?
My thought to correct is to have a web.config setting which is used to create the links.
Next question - Does anyone know of a configuration change to make to IIS to return the URL instead of the server name or a .NET function that I should be calling instead to get the URL that the website is running as.
I am using a gridview to display (open or save) files that have been uploaded into a SQL 2005 server. I have a templatefield within the gridview that contains a linkbutton that does a postback to GetUploadedFile.aspx that then fires the response.binarywrite() code. The code seems to work fine and opens/saves the files correctly. But once this has completed and I try and click on another button on the page, instead of doing the appropriate action it re-fires the getuploadedfile.aspx binarywrite code and opens up the "Open/Save/Cancel" dialog again.
I basically have a web app where the user enters some form info in Page1. This info is submitted and a SQL database is updated. The user is directed to Page2.
Page 2 contains a summary of info submitted in Page1, a PRINT button, and two UpdatePanels. Each UpdatePanel contains a ListView where the user can add, edit and remove items. Once the user is happy with the page, they click PRINT. This takes them to a printer-friendly page with NO on-page navigation.
Once printed using the browser print button, the user clicks the browser back button. In this case it is always IE8 running the pages. When you return to Page2, the content of the ListViews in the UpdatePanels looks like the first step when Page2 was entered from Page1. All work done on Page2 from that intial point is not there. Click the browser refresh button and the entire page will load.
Why does this happen? When the user clicks the browser back button in the printer friendly page, I need the screen to show Page2 with all the info from just before the PRINT button was pressed.
I can provide code, but initially thought it would confuse/clutter the post.
But when i browse the URL above in phone browse, the phone will show the image file in phone browse. But what i need to do is prompt user to download and save it.
I've a question about something I'm searching for,for too long! We've build an application from which an admin upload songs into a database. Then user can bought songs and download it individualy. The problem is that when user download MP3 songs with the code below, it works great in Firefox and Chrome but not in IE8 simply because WMP trying to open the songs and it just don't get it instead of having a "Save as" dialog? Any issue on HOW can i force to have the "Save As" diaglog? Note that I have not MP3 physicaly on server it's in database. So I can't direct link to song ...
I need to I can make the web request to a webservice which take a XML argument. And is expected to return a Binary response. I am able to make the request but while recieving the response back I am unable to get the response in binary. When I read the response using streamreader see the header and some attached "HEBRISH" words probably binary but unable to sepreate it out. Please help in seprating out the binary the response data.
I'm trying to query a database that contains information about a "ticket" using jQuery's .ajax() method.
$.ajax({ type: 'GET', url: 'Preview.ashx', data: 'ticketID=' + ticketID, success: function (data) { // 'data' should be a row from the database, so it should be like an // array that contains each column of the row // do stuff with this data } }); ... so that all works fine. I'm having trouble with the data variable. On the server side, I do... // get the ticket ID from the POST parameter int ticketID = context.Request["ticketID"] != null ? Convert.ToInt32(context.Request["ticketID"]) : -1; if (ticketID >= 0) { // grab the data from the database, getInfo() will retrieve the row // in the DB that corresponds to the ticket ID given, returning an // ArrayList with all of the information ArrayList theTicket = getInfo(context, ticketID); // now, I need to somehow return this information so that I could deal with it // in the 'success' callback function above return; } else { // something went wrong with the 'newTicket' POST parameter context.Response.ContentType = "text/plain"; context.Response.Write("Error with 'ticketID' POST parameter. "); return; } return;
I've debugged this enough to be sure that the ArrayList contains the correct information. Now I just need to return it. How would I do this? How would I return the data in the ArrayList? Is it possible to structure the response so that I could do data.ID, data.otherColumnName, etc... in the callback function to access the different fields?
I've had a bit of feedback from some threat and vulnerability folks relating to websites returning HTTP 500 response codes. Essentially the advice is that all possible measures must be taken to avoid the server throwing a 500 (i.e. extensive form input validation) which is fine. However, the advice also suggested that attempts to compromise security by means such as inserting a tag into a random query string causing ASP.NET request validation to fire or manipulating viewstate also should not return an HTTP 500. Obviously the native framework behaviour is to interpret the request and possibly throw to a custom error page but even this will return a 500 response code.
So I'm after some thoughts on how to approach this. Is there any way to configure the app at either the .NET level or IIS level to return an HTTP 200 when a 500 is raised? Or does this become a coding exercise at global.asax level in one of the application events? Are there other consequences to consider? BTW, the rationale from the security side is that apps which return HTTP 500 may be viewed as "low hanging fruit" by bots randomly scanning for vulnerabilities and prompt further malicious activity. attempts I'm personally not convinced that changing response codes offers any real security gains but am happy to hapy to take the advice of the pros.
On the client side I have a form: <form ... action="www.link-to-another-domaint" > <input type="hidden" id="asd" value="fgh" > .... </form> <script type="text/javascript"> document.forms[0].submit(); </script>
Then on the other domain - there is also my other application - I'm trying to get the hedaer "key" by this code:
Request.Headers["key"].ToString();
But there is no such header. Is there is a desicion? Where is my mistake?
In my application I need to set a http response header. I'd like to do this in web.config. but I dont'know if this is possible and I can't find it on Google. Solution Finally, after a long search I found the solution. Create a class with this code:
public class myHTTPHeaderModule : IHttpModule { #region IHttpModule Members public void Dispose() { } public void Init(HttpApplication context) { context.EndRequest += new EventHandler(context_EndRequest); } void context_EndRequest(object sender, EventArgs e) { HttpResponse response = HttpContext.Current.Response; response.AddHeader("Content-Language", "*"); } #endregion }
(Don't ask me why to use this event, but it works..) Now add a line in web.config in the HttpModule section:
I've just finished reading URL vs. URI vs. URN, in More Concise Terms, and it's really helped understand the distinction between the three terms. Since then I've skimmed the RFC2141 and RFC2616 specs and Microsoft's Response.Redirect Method documentation in an effort to answer the following question confidently.
Given this line of code:
Response.Redirect("~/Foo.aspx");
And this resulting HTTP response (trimmed for context):
I've developed a component which processes online payments. At a specific point the user must be redirected to the selected acquirer web site for authentication. The acquirer itself suggests that there should be a web page which does it. Something such as the following,
This page redirects the user and posts required arguments to the acquirer's web site. Prior to this page there is another page with a payment button (for example). In the click event of the payment button my component is instantiated and required calculation is done. Something such as the following,
What I'm going to do is to generate [TakeOff.aspx] page at run-time by the payment processor component instead of having static page (I mean aspx pages that are generated during development phase). The reason why is that we may have different acquirers and each acquirer requires its own arguments to be posted. So if the payment processor component generates aspx or even html pages at run-time we do not need recompile and redeploy the web application.
My problem is that I do not know how to generate aspx pages at run-time. I'm not an ASP.NET guru and all efforts that I've made using HttpResponse were in vain as the original page does not transfer the control to the generated page.
I am using an SMS Gateway to make my application receive SMSs. For this, the SMS Gateway sends a request to one of the pages in my application with the message as a querystring parameter. eg.[URL]. Now after my page gets invoked, I need to send an OK response to the SMS Gateway so that it doesn't keep retrying to send the same message to my application again and again. I cannot figure out how to send the OK response.
How can I unit test an action which alters the Http Response object? I haven't been able to solve this. I can mock the object but can't see how I can check the value after the action runs. I set the Response.StatusCode when errors occur in ajax requests and need to check it has been set in the unit test. The only alternative I can see is to change all my actions to return json objects with a IsSuccessful flag or similar.
I am trying to the following to return xml response from an http request
Code: Try Dim id As String = Request.QueryString("id") Dim xmlOut As String = "" cn.ConnectionString = "Data Source=192.168.1.2;Initial Catalog=db;Persist Security Info=True;User ID=sa;Password=pass" dad = New SqlDataAdapter("select * from tbl where id = '" & id & "'", cn) ds.Clear()
[Code] ...
Is there some other way to do this without having to resort to writing the xml to a temp file on C drive and reading it again to display the output ?
I'm using .net 3.5 and am currently creating a web application used to generate a report through Aspose.CellsActually, the page is composed in a form where I get the configuration of the report I have to generate. The "generation" button is in an update panel. When I click on it, the "generation" button is hidden and a progress bar appears. When the excel file is generated, I save it in a memory stream and I send it back to the aspx page where I change the headers to allow the file's download.
The objective of this component is to be able to forward whatever HTTP requests it receives to forward to a different server based on the parameters but keeping the URL and POST data intact. For example:
If the component receives
[URL]
It will return the response from either
[URL]
where XYZ can be valid name of the page. I think I can probably individually create each page to do a Response.Redirect but i am wondering if there is a more generic way to do this? In addition, is this something I have to configure on the IIS level rather than code level?
im working with a 3rd party on a project, we are going to pass them up to 3 values via a querystring and they are going to return 2 values that i need within a http response.
I found a few example here and just using google but they all varied of course due to the individual requirements in those examples..
what im looking for is a example that can get me started on how to send them the values during a button click on my page, wait for a response from them, then read the 2 values returned and continue with my button event which will involve passing the values to our stored procedure.
I found this link [URL] but not sure how i would call that within my page or if this would even work for what i need.
they should have the page ready sometime today so i can see how the data is being returned and so on.. figured i would see if i can get something setup so i can just plug in values when they are ready.
my current question is tightly related to this one, but is far more specific. We have to plan a design strategy for the objective described in that question. We want to do this by rewriting HTML on ASP.NET web forms. My question is: which strategy is the best according to parameters of feasibility, performance impact and implementation effort on legacy applications.
what I have to do is to basically get the HTML output of a Web Form, parse it, and replace certain URLs according to user-defined rules. In that example, I would rewrite all static content to CDN URLs, but it can be easily extended to URL rewriting techniques. I found lots (and I really mean lots) of articles about URL rewriting from the perspective of having URLs like [URL]interpreted as [URL] but I found none showing me how to smartly format old-style URLs to shorter format right from inside HTML (so the page will render the short-form URL directly) [edit] without deep code intervention.
Strategy 1
Like suggested in an answer of the above question, write an HTTP Module that intercepts the HTML and rewrites it. Actually, I looked around and saw I can set a Response.Filter stream object that performs the HTML filtering.
Pros: I can inject the HTTP Module on a legacy application, configure rewriting rules via XML and have the oldest CRM/ecommerce application load static content from a CDN without touching its code at all.
Cons: I suspected that (and a comment here confirms my suspects) having to reimplement a Stream's Write method, which operates on a partial buffer in the general case, can result in bad replacements. Suppose the Write method is first called with a chunk like [URL] (where I assume <img src="h was already written before) and later ge.png" /> (so guess the final URL :-P) with a rewrite rule that regexes [URL][^"]* into [URL] the substitution is not done. To workaround that, I could use a MemoryStream or something like that to buffer the complete set of data and then perform the substitutions, but it could cause troubles on highly loaded servers
Strategy 2
Overriding Page's Render method in a way such as described here
Pros: doesn't suffer the chunking problem
Cons: requires defining a base class for all pages. Feasible on new applications, not sure for maintaining legacy applications. Seems has a problem as you cannot instantiate HttpTextWriter directly Obviously, for the new webapps we'll have to develop, I would adopt strategy 2, but I really like using dynamic components a lot, as they can be plugged with ease when application requires them (so if our new app will be installed without a CDN the feature is turned off).
Briefly, my questions are How would you fix both strategies' cons (particularly 1st)? And, of course, do you have other strategies to suggest to achieve this objective?