we host catalog data and UI for our clients. we do not build entire web site for them. so for the time being client puts an iframe and points URL to our hosting site. it was working fine but now just because of iframe they are lossing SEO.so my question is how to achieve my goal without iframe.
1) how can i embed/inject/merge UI hosted by US to our client web site.
2) Get SEO benefits
I realized that IE8 does not allow links from cross domains to be displayed in IFrame.
It seems like there are only two Header options that Microsoft allows to modify.
X-FRAME-OPTIONS : "DENY" (This does not display any IFrame content )
X-FRAME-OPTIONS : "SAMEORIGIN" (Displays content from the same domain)
Is there a work around to allow content from other domains to be displayed?
Is there any way to get an iframe current URL after it had been changed when the user has clicked a linked inside the iframe. I am talking about cross-domain iframe. If not, is their any web browser control for ASP.net that can give me the URL of that the user is currently browsing?
I am building a website, within a large intranet, that wraps and adds functionality to another site within the same intranet. I do not have access to the other site's source and they do not provide any api's for the functionality they provide. I need to, somehow, have my server-side code go to that site, fill in some forms, then press a submit button. Is this possible? If so, how can I accomplish this?
Note: I am working in asp.NET if that matters at all.
I want to pull down a feed (like twitter) and place in on a page using javascript (jquery). Ultimately, the "service" just needs to hand off JSON. I created a web service that allows me to do that, sort of. I don't know if using a stream reader is all that efficient and I was a little bothered by having to use what amounts to 2 evals on the clientside.
My question is twofold: is there a better method than using a web service and two, is there a problem with my implementation?
asmx:
[WebMethod]
public string World()
{
WebRequest request = WebRequest.Create("http://twitter.com/statuses/user_timeline/username.json?count=1");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader reader = new StreamReader(response.GetResponseStream());
string tmp = reader.ReadToEnd();
response.Close();
reader.Close();
return tmp;
}
aspx
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js" type="text/javascript"></script>
<script>
$(document).ready(function() {
$.ajax({
url: "WebService1.asmx/twitter",
type: "POST",
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(obj) {
var t = eval(obj.d)[0].text;
$('div').html(t);
}
})
});
</script>
We recently discovered that our web app was vulnerable to cross site scripting (XSS) attacks. We managed to manipulate our inputs to produce the following HTML:
[Code]....
Which executes an alert window when clicked.
After HTMLEncoding using the AntiXSS the web app successfully encodes the output to look like this:
<a href="javascript:__doPostBack('ctl00$ContentPlaceHolder1$CtlSearchList1$CtlListView1$DataGrid1$ctl03$ctl00','')">'); onclick=alert('This
is an XSS vulernability. An attacker could do anything here (redirect to another website, virus etc)');('.txt</a>
but the alert window still fires! What am I doing wrong?
I need to make my site work well on a blackberry, i haven't put too much effort into getting this working yet, but i have a few questions which google is struggling with.I've read about detecting brower type and modifying the default behaviour of asp.net controls hereHow would I go about supplying a differant stylesheet to a specific browser, should i just do this?
if (Request.Browser.Browser.ToString() == "blackberry") //pseudocode
{
Response.Write("bb.css");
}
else
{
Response.Write("bb.css");
}
This will work fine, but i feel like there is a better method, i'm sure i've read about something in the past but i can't seem to recall.I'm also considering a response.redirect to a differant page for a blackberry, which at the moment i would implemenet in a similar way.
We have a lot of domains running on one IIS WebSite/AppPool.
Right now we are in the process of implementing SSO with Windows Identity Foundation.
in web.config the realm has to be set with
<wsFederation passiveRedirectEnabled="true" issuer="http://issuer.com" realm="http://realm.com" requireHttps="false" />
My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this
var module = context.HttpContext.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as WSFederationAuthenticationModule;
module.Realm = "http://" + siteInfo.DomainName;
My question is. When I set the realm like this, is it set per user instance or application instance.
Scenario.
User A loads the page and the realm get set to domain.a.com.
User B is already logged in on domain.b.com and presses login.
Since user A loaded the page before User B pressed login, user A will hit the STS with the wrong realm set.
What will happen here?
If this is not the way to set the realm per user instance, is there another way to do it?
I have an interesting issue I have racked my brain trying to find a solution to.
I have a site with a single master page. Part of that master page is a text field and button. They are not part of a content placeholder, they are simply part of the master page, itself, and are intended to allow people to search the site from any page on the site.
So, all search requests are routed to a search.aspx page, regardless. I am doing this by setting the PostBackUrl attribute of the button control to "search.aspx".
This all works great, except when I try to use this search capability from the search.aspx page, itself. I figure this is because I am using the Page.PreviousPage object and since a postback from the search.aspx page, itself will result in the Page.PreviousPage being Nothing, it is not performing the proper action.
where does following HTTP error message come from:
Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
We're using dynamically generated URLs and in this specific case the URL contains the characters '<' or '>'. We do URL encode the generated URL (so '%3C' appeary instead of '<') but it doesn't Our setup is ASP.NET MVC / IIS 7.5 / IE8. It's strange but it looks like the error appears only on some machines. So it could be that the IE internet zone settings are playing a role.
this exception is caused by entering scripts or disallowed text as "<script>", "<h1>" by the user. This exception will be thrown while processing the request.
After searching and trying, most of the solutions were to:
1- disable request validation in the page header (validateRequest="false") or in the pages section in web.config.
I dont see this is a solution, the XSS problem is still there, it just does not throw the exception.
2- To encode the text and decode it using Server.HtmlEncode and Server.HtmlDecode.
This is a good one, but have to go every single textbox and call this method (Server.Encode(txtAddress.Text)), but this require alot of effort to change the whole site, and some of them may be forgotten.
I was thinking of creating a new TextBox control (MyTextBox) to inherit from System.Web.UI.WebControls.TextBox and override the Text property, then Encode base.Text in the get accessor, and Decode base.Text in the set accessor.
This will also require to change the whole site, to use MyTextBox instead of TextBox.
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
To have a better secure application, we have to prevent cross site scripting.
I have application that use a bll.
All inputs have to pass bll before they were pass to database.
To prevent cross site scripting, is bll the correct place to validate the input?
To be exact, are all the properties of object should be validated?
I have an ASP.Net 4.0 web application which very frequently loads data from the database and does heavy calculations on it. I want to cache this loaded and prepared data in a central cache that can be accessed by every user and computer who uses the application.
Simple use-case:
User 1 accesses webpage, cache is empty, data is loaded/calculated, data is cached
User 2 accesses webpage, cache contains data, data loaded from cache
User 3 accesses webpage, cache contains data, data loaded from cache
User 1 reloads webpage, cache contains data, data loaded from cache
Cache expires
User 3 refreshes webpage, cache is empty, data is loaded/calculated, data is cached
I know that ASP.Net has a built-in cache mechanism. What I don't know is whether it can be shared between different users accessing the site on different computer at the same time. I would also like to know how the system behaves in a web farm environment.
I am using asp.net 3.5 and have validateRequest="true" in the machine.config.
Do I need to do something special to stop CSRF and Cross Site scripting or asp.net will handle all these?
I am aware of a tool which MS has provided which tells you about coss site scripting attack etc.
The tool is [
But are there tools which you have used for ASP .NET applications which do similar to this and which one is widely used in ASP .Net applications ?
I see on the bottom of blog pages a sharing buttons (Twitter and Facebook), where if clicked the link behind (which is normally the blog page url) the fshare button takes the clicker to the blog site facebook page respectively.
How does one do this in asp.net 2 , does one one use the <%# %> in the url part of these share buttons, are there any examples of how this is done?
i have two web aplications running on different sites.
1. site gets user information and show another website (2. site) in an i frame. but when i do this 2. site session starts again on every page.postback . if i connect to 2. site without 1. site everything works well.
i am trying to load a dynamic iframe but it cannot visualize the page.
this is my html code:
[Code]....
and this is my codebehind:
[Code]....
i am using a content update panel on the page but the div of the iframe is out of the content panel.
in my application iam using an iframe, all pages are loaded on that iframe according to menu selection.My problem is that while timeout the login page is loaded inside the iframe.under the menu sectionHow can i overcome this?
View 1 RepliesI have created a web application that docks other web applications into it.When an application is docked the app creates a link button in its "tool box" on the left hand side of the page, users can easily click on any link button to navigate to the desired docked app.
I have a web app that uses iframes to display other web applications inside it. In effect it is a docking application where users can easily access many web applications from within one main app, while staying within the main app. I am having challenges dynamically resizing the iframe based on the size of the application the user is accessing.I have searched the web and tried many ideas but have yet to discover the code that will do the trick.
First, for a docking web application is the iframe the best approach? I have see some posts on ajax but am uncertain how that will help.
Second, if an iframe is the way to do it does anyone have code that will completely liminate the need for iframe scroll bars?
Note:The applications docked in the main we app may be of any size and can change size as users interact with them.
Our website application needs to open other web sites Iframe.(Our application is web based tool to help high school children to analyze the websites. It has to show news websites to in one iframe and in rest of the page there will be questions related to the news website)
But since many websites use framekiller code, these sites take control of entire page. Is there any ternative way / solution to this problem?It is necessary to be able to open other sites in our website (in iframe or any alternate way), otherwise whole concept of our application will become void.
i open a iframe in a page, from that page opend in iframe, i want the page url.means one page mainpage.aspx have a iframe, that iframe open open a iframepage.aspx page.from the iframepage.aspx page's button click event i want to referesh the mainpage.aspx page.how can i do.
I have 2 asp.net mvc2 projects in a solution. One is normal site for visitors use and the other one is admin back-end which is going to be separated by sub-domains like [URL] and [URL] The scenario is like admin will add a new item(e.g product) with image and [URL] will use that image to display product. Both application are sharing one db. so there is no problem to get the item details that is coming from the db. but for item image that has been uploaded in admin directory([URL]- any idea how to get it from general domain [URL]to display? Also what is the best way of separating the resources like image files or even css or js files across sites and how to access them?
View 1 RepliesAny Simple and Short Example asp.net Assembly (Creating ,using ,Sharing ) assembly
View 3 Replies
