Legitamate Cross Site Communication?
Jul 7, 2010
I am building a website, within a large intranet, that wraps and adds functionality to another site within the same intranet. I do not have access to the other site's source and they do not provide any api's for the functionality they provide. I need to, somehow, have my server-side code go to that site, fill in some forms, then press a submit button. Is this possible? If so, how can I accomplish this?
Note: I am working in asp.NET if that matters at all.
View 4 Replies
Similar Messages:
Feb 3, 2011
we host catalog data and UI for our clients. we do not build entire web site for them. so for the time being client puts an iframe and points URL to our hosting site. it was working fine but now just because of iframe they are lossing SEO.so my question is how to achieve my goal without iframe.
1) how can i embed/inject/merge UI hosted by US to our client web site.
2) Get SEO benefits
View 1 Replies
Feb 20, 2010
I want to pull down a feed (like twitter) and place in on a page using javascript (jquery). Ultimately, the "service" just needs to hand off JSON. I created a web service that allows me to do that, sort of. I don't know if using a stream reader is all that efficient and I was a little bothered by having to use what amounts to 2 evals on the clientside.
My question is twofold: is there a better method than using a web service and two, is there a problem with my implementation?
asmx:
[WebMethod]
public string World()
{
WebRequest request = WebRequest.Create("http://twitter.com/statuses/user_timeline/username.json?count=1");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader reader = new StreamReader(response.GetResponseStream());
string tmp = reader.ReadToEnd();
response.Close();
reader.Close();
return tmp;
}
aspx
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js" type="text/javascript"></script>
<script>
$(document).ready(function() {
$.ajax({
url: "WebService1.asmx/twitter",
type: "POST",
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(obj) {
var t = eval(obj.d)[0].text;
$('div').html(t);
}
})
});
</script>
View 2 Replies
Mar 25, 2010
We recently discovered that our web app was vulnerable to cross site scripting (XSS) attacks. We managed to manipulate our inputs to produce the following HTML:
[Code]....
Which executes an alert window when clicked.
After HTMLEncoding using the AntiXSS the web app successfully encodes the output to look like this:
<a href="javascript:__doPostBack('ctl00$ContentPlaceHolder1$CtlSearchList1$CtlListView1$DataGrid1$ctl03$ctl00','')">'); onclick=alert('This
is an XSS vulernability. An attacker could do anything here (redirect to another website, virus etc)');('.txt</a>
but the alert window still fires! What am I doing wrong?
View 3 Replies
Jan 16, 2010
I need to make my site work well on a blackberry, i haven't put too much effort into getting this working yet, but i have a few questions which google is struggling with.I've read about detecting brower type and modifying the default behaviour of asp.net controls hereHow would I go about supplying a differant stylesheet to a specific browser, should i just do this?
if (Request.Browser.Browser.ToString() == "blackberry") //pseudocode
{
Response.Write("bb.css");
}
else
{
Response.Write("bb.css");
}
This will work fine, but i feel like there is a better method, i'm sure i've read about something in the past but i can't seem to recall.I'm also considering a response.redirect to a differant page for a blackberry, which at the moment i would implemenet in a similar way.
View 5 Replies
Nov 16, 2010
We have a lot of domains running on one IIS WebSite/AppPool.
Right now we are in the process of implementing SSO with Windows Identity Foundation.
in web.config the realm has to be set with
<wsFederation passiveRedirectEnabled="true" issuer="http://issuer.com" realm="http://realm.com" requireHttps="false" />
My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this
var module = context.HttpContext.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as WSFederationAuthenticationModule;
module.Realm = "http://" + siteInfo.DomainName;
My question is. When I set the realm like this, is it set per user instance or application instance.
Scenario.
User A loads the page and the realm get set to domain.a.com.
User B is already logged in on domain.b.com and presses login.
Since user A loaded the page before User B pressed login, user A will hit the STS with the wrong realm set.
What will happen here?
If this is not the way to set the realm per user instance, is there another way to do it?
View 1 Replies
Jul 30, 2010
I have an interesting issue I have racked my brain trying to find a solution to.
I have a site with a single master page. Part of that master page is a text field and button. They are not part of a content placeholder, they are simply part of the master page, itself, and are intended to allow people to search the site from any page on the site.
So, all search requests are routed to a search.aspx page, regardless. I am doing this by setting the PostBackUrl attribute of the button control to "search.aspx".
This all works great, except when I try to use this search capability from the search.aspx page, itself. I figure this is because I am using the Page.PreviousPage object and since a postback from the search.aspx page, itself will result in the Page.PreviousPage being Nothing, it is not performing the proper action.
View 1 Replies
Mar 9, 2011
where does following HTTP error message come from:
Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
We're using dynamically generated URLs and in this specific case the URL contains the characters '<' or '>'. We do URL encode the generated URL (so '%3C' appeary instead of '<') but it doesn't Our setup is ASP.NET MVC / IIS 7.5 / IE8. It's strange but it looks like the error appears only on some machines. So it could be that the IE internet zone settings are playing a role.
View 1 Replies
Oct 25, 2010
this exception is caused by entering scripts or disallowed text as "<script>", "<h1>" by the user. This exception will be thrown while processing the request.
After searching and trying, most of the solutions were to:
1- disable request validation in the page header (validateRequest="false") or in the pages section in web.config.
I dont see this is a solution, the XSS problem is still there, it just does not throw the exception.
2- To encode the text and decode it using Server.HtmlEncode and Server.HtmlDecode.
This is a good one, but have to go every single textbox and call this method (Server.Encode(txtAddress.Text)), but this require alot of effort to change the whole site, and some of them may be forgotten.
I was thinking of creating a new TextBox control (MyTextBox) to inherit from System.Web.UI.WebControls.TextBox and override the Text property, then Encode base.Text in the get accessor, and Decode base.Text in the set accessor.
This will also require to change the whole site, to use MyTextBox instead of TextBox.
View 3 Replies
Oct 15, 2010
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
View 5 Replies
Jan 21, 2010
To have a better secure application, we have to prevent cross site scripting.
I have application that use a bll.
All inputs have to pass bll before they were pass to database.
To prevent cross site scripting, is bll the correct place to validate the input?
To be exact, are all the properties of object should be validated?
View 9 Replies
Jun 15, 2010
I am using asp.net 3.5 and have validateRequest="true" in the machine.config.
Do I need to do something special to stop CSRF and Cross Site scripting or asp.net will handle all these?
View 1 Replies
May 14, 2010
I am aware of a tool which MS has provided which tells you about coss site scripting attack etc.
The tool is [
But are there tools which you have used for ASP .NET applications which do similar to this and which one is widely used in ASP .Net applications ?
View 2 Replies
Dec 16, 2010
I am planning a SaaS system, to be written in C#, ASP.NET using WCF that has two separate components:
On a static IP web server in the cloud will be a web app, common to all clients. Inside each client's office will be another app, installed on a server with IIS.
The site app will obviously be able to connect to the web services published on the web site. But here's the rub - I also want the web app to be able to initiate a connection to the site app... and the on-site server may not necessarily have a static IP. I can't control this, because we may have hundreds of clients at some point in the future, and we cannot limit our saleability by insisting that the customer has a server with fixed IP.
So, how to do this?
I could have the site apps "checking in" with the web every minute or so, to give the web app the possibility of responding with a "while you're here, do x,y,z..." but that seems very inelegant. Also, if we're talking about hundreds of clients, I don't want to be bombarding my web server with all these "hi there!" messages if they're not actually required.
View 6 Replies
Jan 6, 2010
Currently I am functioning on a project (Winfroms). Where I can able to communicate with the USB device and send/read data from it using the WINUSB custom driver. This will work only in windows. Now currently the client want this in web whereas independent of OS (Linux, Mac, Windows). Accessing a driver from a client side to send/read data that too for different OS.
View 2 Replies
Feb 20, 2010
ASP.NET 2.0 and COM Port Communication
I have a managed DLL which communicates with the devices attached on COM/Serial ports. The desktop Winforms application sends requests on ports and receives/stores data in memory. In Winforms app I have added a reference to DLL and I am using the methods. This works well. Now, there is a situation where I need to show this data from serial/com port on a web-page. And also users should be able to send requests to the ports using this DLL. I have made a web app in ASP.NET (2.0). Added a reference to the DLL. I am able to use this DLL, the DLL communicates on the COM upon button click on web-page and also the response is shown on web page. However I am not happy with the approach and strongly feel that this is a bad approach. Also the development server crashes after 3 -4 requests. What is the best approach in this scenario. If I use a windows service then how would my ASP.net app will communicate with the Weindows service.Or can this be easily done using WCF. I have not used WCF any time nor any of .net remoting technique.
View 1 Replies
Oct 26, 2010
Is it possible to build a windows application to send articles to a blog I have developed?
View 1 Replies
Jan 15, 2011
So I am working on a project in ASP.NET MVC 2 with C#.I have a View with a file upload but this is a flash component (.swf).The result of the file upload (the storing of the file and processing of data in the database) is done in a HTTPHandler.I would like the HTTPHandler to send information to my active controller.
Is there a way to get the controller that was used to load the view? I'm having problems finding information about it online.
View 1 Replies
Apr 13, 2010
I'm running an ASP.NET WebService on IIS 6.0 that shows a lot of HTTP 500 (probably just exceptions from the WebService) inside the log at %systemroot%System32LogFilesW3SVC1 on a customers site.
Is it possible to log the content of those HTTP responses and there requests without modifying the WebService using IIS or a plug-in for IIS?
I thought of using Wireshark or Fiddler to sniff on the HTTP traffic but I would prefer to just turn on an option inside IIS to make him log the communication (this should not be to hard since it is logging the requested URLs anyway)
View 2 Replies
Oct 15, 2010
I have an ASP.NET app running on a webserver. A third party is created another app in PHP which needs to send data to my app for processing. Initially it was assumed that the PHP app would be deployed elsewhere so we agreed that the communication would occur over the internet via HTTP (over SSL). My app would simply use a generic handler (ashx) file to recieve the data and send confirmation back.
Now it seems that the PHP app might be deployed on the same machine as my app. I like the fact that using HTTP (as opposed to say direct database access), the PHP app needs to know nothing at all about how my app works. But using the public internet seems silly for communication between two apps on the same machine. If the PHP app simply used a localhost address, would this ensure that all the data stays within the machine? Is there a better way to do this?
View 4 Replies
Jan 20, 2010
I have two web parts WebPart1 has a tree control1)WebPart2 gets displayed when a node in a tree is clicked.2)User can enter a text in web part 2 and click ok button then Web part1 has to be refreshed and the new node should get displayed In step 1 WebPart1 is Provider and WebPart2 is consumer.In Step2 its vice versa. Is it possible to swap this using the provider consumer?
View 1 Replies
Oct 28, 2010
I am create an iPhone app that needs to talk to a Windows C# app. The app will run as either a Service or Form Application.
What would be the best way to accomplish this? Ideally exposing a service-type architecture would be best as I don't need a stateful connection (stateless is fine in this case).
Can a WCF service hosted by my app using a form of TCP binding be consumed by my iPhone? Or can an app host using httpBinding without the aid of IIS or some other web server?
View 3 Replies
Sep 21, 2010
To guarantee optimal performance, aspnet_isapi uses asynchronous named pipes to forward requests to the worker process and to get responses. On the other hand, the worker process exploits synchronous pipes when it needs to query for information about the IIS environment (that is, server variables).
Does the worker process always uses "synchronous" named pipes? (Response to aspnet_isapi.dll would be asynchronous too, right?) Can the worker process talk directly to IIS or does it have to send a synchronous request to aspnet_isapi.dll to inquire about IIS environment etc.?
View 1 Replies
Dec 7, 2010
i built a web based task manager / scheduler using vb.net
i need to add a small communication part to it to allow users to send messages to each other.
below is my concept design. the question is: is this the correct way of building a simple communicator or do you have better ideas?
View 2 Replies
Mar 22, 2011
I've a project in C which acts as a server and accepts socket communication. The server project has multiple C files is an exe which accepts messages from the client program and responds accordingly. I've to write a Client program in C# which should open a socket communication and send a series of messages depending on the result of previous message sent.
Is it possible to send a message in such a way that it will call a function in one of the C file in the server project?
View 1 Replies