I am building a website, within a large intranet, that wraps and adds functionality to another site within the same intranet. I do not have access to the other site's source and they do not provide any api's for the functionality they provide. I need to, somehow, have my server-side code go to that site, fill in some forms, then press a submit button. Is this possible? If so, how can I accomplish this?
Note: I am working in asp.NET if that matters at all.
we host catalog data and UI for our clients. we do not build entire web site for them. so for the time being client puts an iframe and points URL to our hosting site. it was working fine but now just because of iframe they are lossing SEO.so my question is how to achieve my goal without iframe.
1) how can i embed/inject/merge UI hosted by US to our client web site. 2) Get SEO benefits
I want to pull down a feed (like twitter) and place in on a page using javascript (jquery). Ultimately, the "service" just needs to hand off JSON. I created a web service that allows me to do that, sort of. I don't know if using a stream reader is all that efficient and I was a little bothered by having to use what amounts to 2 evals on the clientside.
My question is twofold: is there a better method than using a web service and two, is there a problem with my implementation?
We recently discovered that our web app was vulnerable to cross site scripting (XSS) attacks. We managed to manipulate our inputs to produce the following HTML:
[Code]....
Which executes an alert window when clicked.
After HTMLEncoding using the AntiXSS the web app successfully encodes the output to look like this: <a href="javascript:__doPostBack('ctl00$ContentPlaceHolder1$CtlSearchList1$CtlListView1$DataGrid1$ctl03$ctl00','')">'); onclick=alert('This is an XSS vulernability. An attacker could do anything here (redirect to another website, virus etc)');('.txt</a>
but the alert window still fires! What am I doing wrong?
I need to make my site work well on a blackberry, i haven't put too much effort into getting this working yet, but i have a few questions which google is struggling with.I've read about detecting brower type and modifying the default behaviour of asp.net controls hereHow would I go about supplying a differant stylesheet to a specific browser, should i just do this?
This will work fine, but i feel like there is a better method, i'm sure i've read about something in the past but i can't seem to recall.I'm also considering a response.redirect to a differant page for a blackberry, which at the moment i would implemenet in a similar way.
My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this
var module = context.HttpContext.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as WSFederationAuthenticationModule; module.Realm = "http://" + siteInfo.DomainName;
My question is. When I set the realm like this, is it set per user instance or application instance.
Scenario.
User A loads the page and the realm get set to domain.a.com.
User B is already logged in on domain.b.com and presses login.
Since user A loaded the page before User B pressed login, user A will hit the STS with the wrong realm set.
What will happen here?
If this is not the way to set the realm per user instance, is there another way to do it?
I have an interesting issue I have racked my brain trying to find a solution to.
I have a site with a single master page. Part of that master page is a text field and button. They are not part of a content placeholder, they are simply part of the master page, itself, and are intended to allow people to search the site from any page on the site.
So, all search requests are routed to a search.aspx page, regardless. I am doing this by setting the PostBackUrl attribute of the button control to "search.aspx".
This all works great, except when I try to use this search capability from the search.aspx page, itself. I figure this is because I am using the Page.PreviousPage object and since a postback from the search.aspx page, itself will result in the Page.PreviousPage being Nothing, it is not performing the proper action.
where does following HTTP error message come from:
Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
We're using dynamically generated URLs and in this specific case the URL contains the characters '<' or '>'. We do URL encode the generated URL (so '%3C' appeary instead of '<') but it doesn't Our setup is ASP.NET MVC / IIS 7.5 / IE8. It's strange but it looks like the error appears only on some machines. So it could be that the IE internet zone settings are playing a role.
this exception is caused by entering scripts or disallowed text as "<script>", "<h1>" by the user. This exception will be thrown while processing the request.
After searching and trying, most of the solutions were to:
1- disable request validation in the page header (validateRequest="false") or in the pages section in web.config.
I dont see this is a solution, the XSS problem is still there, it just does not throw the exception.
2- To encode the text and decode it using Server.HtmlEncode and Server.HtmlDecode.
This is a good one, but have to go every single textbox and call this method (Server.Encode(txtAddress.Text)), but this require alot of effort to change the whole site, and some of them may be forgotten.
I was thinking of creating a new TextBox control (MyTextBox) to inherit from System.Web.UI.WebControls.TextBox and override the Text property, then Encode base.Text in the get accessor, and Decode base.Text in the set accessor.
This will also require to change the whole site, to use MyTextBox instead of TextBox.
I am planning a SaaS system, to be written in C#, ASP.NET using WCF that has two separate components:
On a static IP web server in the cloud will be a web app, common to all clients. Inside each client's office will be another app, installed on a server with IIS.
The site app will obviously be able to connect to the web services published on the web site. But here's the rub - I also want the web app to be able to initiate a connection to the site app... and the on-site server may not necessarily have a static IP. I can't control this, because we may have hundreds of clients at some point in the future, and we cannot limit our saleability by insisting that the customer has a server with fixed IP.
So, how to do this?
I could have the site apps "checking in" with the web every minute or so, to give the web app the possibility of responding with a "while you're here, do x,y,z..." but that seems very inelegant. Also, if we're talking about hundreds of clients, I don't want to be bombarding my web server with all these "hi there!" messages if they're not actually required.
Currently I am functioning on a project (Winfroms). Where I can able to communicate with the USB device and send/read data from it using the WINUSB custom driver. This will work only in windows. Now currently the client want this in web whereas independent of OS (Linux, Mac, Windows). Accessing a driver from a client side to send/read data that too for different OS.
I have a managed DLL which communicates with the devices attached on COM/Serial ports. The desktop Winforms application sends requests on ports and receives/stores data in memory. In Winforms app I have added a reference to DLL and I am using the methods. This works well. Now, there is a situation where I need to show this data from serial/com port on a web-page. And also users should be able to send requests to the ports using this DLL. I have made a web app in ASP.NET (2.0). Added a reference to the DLL. I am able to use this DLL, the DLL communicates on the COM upon button click on web-page and also the response is shown on web page. However I am not happy with the approach and strongly feel that this is a bad approach. Also the development server crashes after 3 -4 requests. What is the best approach in this scenario. If I use a windows service then how would my ASP.net app will communicate with the Weindows service.Or can this be easily done using WCF. I have not used WCF any time nor any of .net remoting technique.
So I am working on a project in ASP.NET MVC 2 with C#.I have a View with a file upload but this is a flash component (.swf).The result of the file upload (the storing of the file and processing of data in the database) is done in a HTTPHandler.I would like the HTTPHandler to send information to my active controller.
Is there a way to get the controller that was used to load the view? I'm having problems finding information about it online.
I'm running an ASP.NET WebService on IIS 6.0 that shows a lot of HTTP 500 (probably just exceptions from the WebService) inside the log at %systemroot%System32LogFilesW3SVC1 on a customers site.
Is it possible to log the content of those HTTP responses and there requests without modifying the WebService using IIS or a plug-in for IIS?
I thought of using Wireshark or Fiddler to sniff on the HTTP traffic but I would prefer to just turn on an option inside IIS to make him log the communication (this should not be to hard since it is logging the requested URLs anyway)
I have an ASP.NET app running on a webserver. A third party is created another app in PHP which needs to send data to my app for processing. Initially it was assumed that the PHP app would be deployed elsewhere so we agreed that the communication would occur over the internet via HTTP (over SSL). My app would simply use a generic handler (ashx) file to recieve the data and send confirmation back.
Now it seems that the PHP app might be deployed on the same machine as my app. I like the fact that using HTTP (as opposed to say direct database access), the PHP app needs to know nothing at all about how my app works. But using the public internet seems silly for communication between two apps on the same machine. If the PHP app simply used a localhost address, would this ensure that all the data stays within the machine? Is there a better way to do this?
I have two web parts WebPart1 has a tree control1)WebPart2 gets displayed when a node in a tree is clicked.2)User can enter a text in web part 2 and click ok button then Web part1 has to be refreshed and the new node should get displayed In step 1 WebPart1 is Provider and WebPart2 is consumer.In Step2 its vice versa. Is it possible to swap this using the provider consumer?
I am create an iPhone app that needs to talk to a Windows C# app. The app will run as either a Service or Form Application.
What would be the best way to accomplish this? Ideally exposing a service-type architecture would be best as I don't need a stateful connection (stateless is fine in this case).
Can a WCF service hosted by my app using a form of TCP binding be consumed by my iPhone? Or can an app host using httpBinding without the aid of IIS or some other web server?
To guarantee optimal performance, aspnet_isapi uses asynchronous named pipes to forward requests to the worker process and to get responses. On the other hand, the worker process exploits synchronous pipes when it needs to query for information about the IIS environment (that is, server variables).
Does the worker process always uses "synchronous" named pipes? (Response to aspnet_isapi.dll would be asynchronous too, right?) Can the worker process talk directly to IIS or does it have to send a synchronous request to aspnet_isapi.dll to inquire about IIS environment etc.?
I've a project in C which acts as a server and accepts socket communication. The server project has multiple C files is an exe which accepts messages from the client program and responds accordingly. I've to write a Client program in C# which should open a socket communication and send a series of messages depending on the result of previous message sent.
Is it possible to send a message in such a way that it will call a function in one of the C file in the server project?