Pass Value From One App To Another Via HTTP Header?
Jun 15, 2010
We are implementing a single sign on mechanism in an enterprise environment, where the token is shared between applications using HTTP header. Now, in order to do the integration test, I need to write an application to simulate this. Is there any way in ASP.NET where I can redirect to another web-page and pass a custom HTTP header in the process?
There are two applications "Sender", "Receiver"."Receiver" is a asp.net page, running in a serverSender" is not an asp.net page and running in some other server."Sender" is passing a string (eg. userName) through http header."Receiver" is reading the string from http header as followsRequest.Header["userName"].How to pass values through http header? Can I have some samples?
We are using the Facebook API and receive back URLs for profile image thumbnails. Unfortunately the protocol is restricted to just HTTP and it doesn't support HTTPS. The page on our site that hosts the thumbnails is always delivered via HTTPS, and if we use HTTP for the thumbnails the user will receive security warnings from their browser.
Solution:
Build an HTTP Handler that "passes through" the image from the Facebook URL, but allow the handler to be called via HTTPS. Before I started coding I thought I could something like this:
but I ended up having to save the image to an object in memory than write the image to the Response.OutputStream using the image save function.
Current Code:
[Code]....
This seems inefficient but I can't find a way of using the HTTP Handler as I orginally intended. Is there way of accomplishing the goal without creating the image memory and just "passing through" the call?
On the client side I have a form: <form ... action="www.link-to-another-domaint" > <input type="hidden" id="asd" value="fgh" > .... </form> <script type="text/javascript"> document.forms[0].submit(); </script>
Then on the other domain - there is also my other application - I'm trying to get the hedaer "key" by this code:
Request.Headers["key"].ToString();
But there is no such header. Is there is a desicion? Where is my mistake?
Is it at all possible to use IIS7's rewrite capability in web.config to strip a particular HTTP header from a client request?We have an application that makes an HTTP POST to our website, and apparently the request contains the HTTP Expect header. Previously this was not a problem, but we've switched hosts and now the site is returning HTTP error 417 Expectation failed. So the real solution is to fix the software so it doesn't send the Expect header, but that can't happen soon enough for the folks in charge, who'd like to come up with an immediate web-based fix.I've used ISAPI_Rewrite before and I've read that it can strip a header, and the new host claimed they had ISAPI installed... but that seems to have been a lie, as I cannot get it to work, and support's only response on the subject is "use IIS7 Rewrite instead."
I have one ajax call web service, and want to add some http headers using javascript, can we do that use setrequestheader in ms ajax?This is my javascript
I am getting the following warnings on the Event Log for a Asp.Net WebSite running on IIS 7.
Exception information: Exception type: HttpException Exception message: Server cannot append header after HTTP headers have been sent. at System.Web.Hosting.ISAPIWorkerRequest.SendUnknownResponseHeader(String name, String value) [code]....
I tried to debug the WebSite but it just does not show in debugger. The web page which has got this issue contains the following.
Its a content page with a Master page.
It has a grid inside an UpdatePanel which is Triggered by a Timer.
On the specified time grid data is refreshed.
Everytime this happens we see a new warning in the EventLog.
I've tried to write my own HttpModule (IHttpModule) that adds a Header like that:
public class MyModule: IHttpModule { public void Init(HttpApplication c) { c.BeginRequest += delegate{c.Response.AddHeader("MyHeader", "MyValue");}; } public void Dispose(){} }
I have a very simple query. I have added custom header to my website. Now I want to read the custom header. I am using IIS 6.0 on windows XP. I have already tried using using the Request.ServerVariables and and Request.header method. But none of them give me the custom header added to website.
First, a little background. I have written a custom HTTP compression module for ASP.NET. My development machine has Windows 7 Ultimate, which comes with IIS7. My production environment uses IIS6.
The problem I'm having is, Resource Expert Droid (redbot.org) tells me that I need to add a header to my response to properly support compression: "Vary: Accept-Encoding"
On IIS7 in integrated mode, it works properly. However, in classic mode, which is how my application ultimately runs, I cannot get my code to output this header using any of Response.AppendHeader(), Response.Cache.SetVaryByCustom(), or Response.Cache.VaryByHeaders.
I am attempting to set the content-type of an asp.net .ashx file to text/plain.
When I run this through the ASP.NET Development Server, the content-type is properly set. When I serve it through IIS7, however, the content-type (and any other header values I set) don't come through (it came through as text/html).
The only value set in the HTTP Response Headers section of IIS Manager is the X-Powered-By attribute. I tried setting the content-type here, but that didn't work. But if I removed the X-Powered-By attribute, it was removed from the header.
---- Server did not recognize the value of HTTP Header SOAPAction: http://tempuri.org/GetBestBidOfferData.
The odd thing is that I have several methods in this webservice, and only two of them got me the error message. It used to work, but then gave me the error message after i added some other methods to the asmx file.
The namespace should be the same for all the methods. One more thing to note is: these two methods had return data type DataTable before, and I changed it to DataSet. It should not affect anything, I assume.
I am having issue with cache-control. I have one IIS website with multiple host headers. When you browse site number 1 then cache will be set for this site, when you open browser again and go to 2nd site you will see content from first site. How can I determine cache content based on the site user visits? Everything working fine when you have 1 site and host header related to SAME site.
//Set Cacheability if (!Context.User.Identity.IsAuthenticated && _activeNode.CacheDuration > 0) { var eTag = GetETag(_activeNode); HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.Public);
I am developing a web page that needs to display, in an iframe, a report served by another company's SharePoint server. They are fine with this. The page we're trying to render in the iframe is giving us X-Frame-Options: SAMEORIGIN which causes the browser (at least IE8) to refuse to render the content in a frame. First, is this something they can control or is it something SharePoint just does by default? If I ask them to turn this off, could they even do it? Second, can I do something to tell the browser to ignore this http header and just render the frame?
Our system is designed to deploy to regions with unreliable and/or insufficient network connections. We build our own fault tolerating data replication services that uses BITS.
Due to some security and maintenance requirements, we implemented our own ASP.NET file download service on the server side, instead of just letting IIS serving up the files. When BITS client makes an HTTP download request with the specified range of the file, our ASP.NET page pulls the demanded file segment into memory and serve that up as the HTTP response. That is the theory. ;) This theory fails in artificial lab scenarios but I would not let the system deploy in real life scenarios unless we can overcome that.
Lab scenario: I have BITS client and the IIS on the same developer machine, so practically I have enormous network "bandwidth" and BITS is intelligent enough to detect that. As BITS client discovers the unlimited bandwidth, it gets more and more "greedy". At each HTTP request, BITS wants to grasp greater and greater file ranges (we are talking about downloading CD iso files, videos), demanding 20-40MB inside a single HTTP request, a size that I am not comfortable to pull into memory on the server side as one go. I can overcome that simply by giving less than demanded. It is OK.
However, BITS gets really "confident" and "arrogant" demanding files WITHOUT specifying the download range, i.e., it wants the entire file in a single request, and this is where things go wrong. I do not know how to answer that response in the case of a 600MB file. If I just provide the starting 1MB range of the file, BITS client keeps sending HTTP requests for the same file without download range to continue, it hammers its point that it wants the entire file in one go. Since I am reluctant to provide the entire file, BITS gives up after several trials and reports error.
Out of the whole site, there are some pages that require the "no cache" setting to be removed for them to work properly. This was done manually by our IIS Administrator until recently. Now we were told that we need to do it programmatically on our end. The following were the code snippets (VB.NET) we have used with no luck in success.
I am trying to call a webservice that requires me to authenticate and then pass the session id returned from the authenticate method to subsequent web service calls. The session id has to be passed as HTTP request header. So I tried using the following code to add the session id to a HTTP request header:
System.Collections.Specialized.NameValueCollection headers = HttpContext.Current.Request.Headers; Type t = headers.GetType(); //get the property System.Reflection.PropertyInfo p = t.GetProperty("IsReadOnly",System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.IgnoreCase | System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.FlattenHierarchy); //unset readonly p.SetValue(headers, false, null); //add a header headers.Add("Cookie", "SID=" + sessionId );
The header is supposed to be called "Cookie" and the SID contains the session id. The problem is the last line in the code above gives an exception saying "Operation is not supported on this platform". I am running this code on my dev machine with with Windows XP Professional Service Pack 3 and IIS 5.1. I haven't been able to find any solution to this problem after days of searching. I also tried to deploy my web app on IIS directly but had the same error.
HTTP 502 Proxy Error - The size of the response header is too large. Contact your ISA server administrator. (12216) Internet Security and Acceleration Server
I am guessing it has to do with the size of hidden "__ViewState" tag in my ASP.NET pages.
I also realize that this is restriction imposed to by IT on the users end and I have no contol over it.
I disabled ViewState on all the controls in my ASP.NET pages. However, __ViewState is still generated very large (as always) to persist control-state (e.g. checkbox, radiobutton, etc.)
While using Ajax in web applications we use XML to transfer the data between server and client. However XSS validation comes into picture, So questions are,1. Is passing XML like this is correct?2. Are we exposed to security issues if we turn off XSS validation?3. Can passing Ajax request with header (content-type = application/xml) solve this problem ?JSON is also good approach to transfer the data but that to invoke XSS.