Security :: Request.UrlReferrer Does Not Work In Internet Explorer?
Apr 25, 2010i have a problem in my asp application . Im trying to protect the path for my application using this code :
Uri t = Request.UrlReferrer;
i have a problem in my asp application . Im trying to protect the path for my application using this code :
Uri t = Request.UrlReferrer;
This is a input
<input type="image" src="<%=Url.Content("~/images/shopping-cart.jpg")%>" alt="shopping cart" id="btnshoppingCart" name="btnshoppingCart" value="shoppingCart" />
when i browse the page with firefox and click on the input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is statisfied.
When i browse the same page with internet explorer 8 and click on the same input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is not satisfied. When i used the watch i saw that there is no key by the name of "btnshoppingCart" in either Request.Form or Request.Params if input is clicked from internet explorer. However when it is clicked from firefox there is value "shoppingCart" inside Request.Form and Request.Params against "btnshoppingCart" key. One more strange thing that i observed was that are two keys "btnshoppingCart.x" and "btnshoppingCart.y" inside both Request.Form and Request.Params whenver clicking is done from both internet explorer and firefox. This is happening against all inputs of type image irrespective if the input is present inside a html form or not. Forms are created like this
<% using (Html.BeginForm("Action", "Controller", FormMethod.Post)){%>
The version of internet explorer is 8.0 and firefox is 3.6.6
I'm developing a pretty standard MVC application.. I've set the routing up as follows:
[Code]....
Everything works perfectly in all browsers - apart from IE. If I am on, say, Stock/Index/, it will fire the Stock/Index/ GET request, then fire the Stock/NewLines/ request afterwards..Obviously this isn't desired behaivour - as I understand it, the default route value is for when the router can't find the requested controller/action/route, and so sends the request there..Can't seem to find any info on the web about this,
I am working on an app where users are only allowed access if they click through from certain URLs. I.e. I need to authenticate by using the referral url and I am using
Request.UrlReferrer to achieve this.
I am guessing that the Request.UrlReferrer can be tampered with by malicious users to gain access...
I'm doing the following ajax call:
[code]....
jQuery ajax request response is empty in Internet Explorer?
in my web application Request.UrlReferrer is null. how can i set UrlReferrer ?
View 1 RepliesI'm trying to redirect a domain to another site, without changing the first URL (users should keep viewing http://www.myurl.org since the new URL would be https://wwws.enterprisedomain.com).
I could do this, inserting a frame in the index.htm of the first domain (I know it's not the best practice, but it worked well for now):
<frame name="main" src="https://wwws.enterprisedomain.com">
The fact is that https://wwws.enterprisedomain.com has a login mechanism in ASP.NET. It's OK on Firefox and Chrome, but when we use Internet Explorer 8, it seems that POST doesn't work!
the below works in Internet Explorer but not firefox.
protected void Page_Load(object sender, EventArgs e)
this.GridView1.Attributes.Add("bordercolor", "c3cecc");
I am using ASP.NET Memberships and I have the timeout set to 100, when the user logs into the system in Internet Explorer (6 or 8) and then closes the window and tries to open it back up... It asks the user to login again. Why is that and how can I disable that?
View 3 Repliesi am having this weird problem only when i deploy my site [localy Everything works fine] when you try loging in from IE 8, the page simple refreshes! and no authentication takes place After lot of research, i found out that Internet Explorer 8 denies session cookies and to confirm this, i unchecked Enable protected mode (can be found in, internet options, security), and then tried logging in, it worked perfectly fine just like it did in other browsers [Firefox and google chrome]. I have found one solution which is to lower the security level, but i cant tell every visitor on my site to do that since its not practical.
View 1 Replieswhen i test this page http://www.catalogues4u.com.au/ViewCategory.aspx?catID=119 im getting the above error. to replicate this issue visit the above page in ie7 and you will get the prompt.
View 3 RepliesI came upon an interesting discussion with my team around the use of HttpRequest.UrlReferrer and wanted to solicit feedback from the community. According to the W3C spec:
The Referer[sic] request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained (the"referrer", although the header field is misspelled.) The Referer request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard.as input from the user keyboard.
The Request.UrlReferrer object does the work of converting referral strings that contain well formed URIs to an object with properties on every request. According to our logs there are requests that come in that contain invalid data in the referral such as:
localhost
app:/BeamBackTest.swf
app:/multtiple.swf
app:/AFriendFeed.swf
ALToolBar
app:/index.html
mhtml:file://C:Documents+and+SettingsUserDesktoporacleWhat+is+a+View+in+Oracle+-+Stack+Overflow.mht
Using Request.UrlReferrer would mean the above cases would be NULL. Is it better to discard the invalid data based on the W3C spec by using Request.UrlReferrer or preserve it by using Request.ServerVariables["HTTP_REFERER"] even though the data may be interesting, but potentially useless.
What I am trying to solve here is to check for what is previous page's url and compare it. If it is login.aspx then I want to display an WelcomeNote() message. Any help would be deeply appreciated. Here's the codes.
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Request.UrlReferrer IsNot Nothing Then
I have the following code in 'main.cs' file where I am checking for a condition
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Form.Get("task") != null && Request.Form.Get("postToURL") != null &&
Request.UrlReferrer.ToString().Substring(0, 31).Equals("http://cs.astra.co.in:4040"))
{
ASCIIEncoding encoding = new ASCIIEncoding();
<SO ON>
Instead of checking for the URL [URL] in 'main.cs', Can I check for the same condition in the 'web.config' file ? If so, How can I do that ?? Is there any way to transfer the part -- Request.UrlReferrer.ToString().Substring(0, 31).Equals[URL] -- into the 'web.config' !!
[Code]....
Both returns the incoming url, Just to know When to use Request.UrlReferrer and when Request.ServerVariables["HTTP_REFERER"] and why?Currently, in one of my application Urlreferrer is working in my local machine but its not working when went live?Additionally, its most appreciable if anyone can guide any alternative of both Urlreferrer and HTTP_REFERRER?
View 1 Repliesi have one application that is deployed in IIS at Remote Desktop. if i access that application from local system i am getting "Internet explorer cannot display the webpage" and it is running fine in Remote Desktop but not in Local system.
View 2 Replies i want to close internet explorer on if a button is closed which i can do with this code
Page.ClientScript.RegisterClientScriptBlock(Me.GetType, "jcrCallerID", "window.close();", True)
this code is working fine for me but it is also coming up with warning which i dont want.
The warning is saying the webpage is trying to close do you want to continue closing the webpage yes /no
I want to avoide this warning and just close the browser windows.
How can I add an URL to the trusted site? It seems that there are stored in the registry, but where exactly?
The .net programm will run locally on each client.
Edit clarification: I want to do this programmaticly running C# code.
I am developing an ASP.NET 4.0 web application in which I am trying to use an iframe to load a third party website:
<iframe id="ifr1" src="http://newdomain.com?id=test&password=123"
width="100%" height="600px">
</iframe>
The newdomain.com is trying to place cookies in the browser and IE dosent like that. I have no control over the application hosted on the newdomain.com. I have read a lot of articles which talk about having a P3P information added to the header of the page which hosts the iframe. So in my application's Global.asax I have the following code:
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("p3p", "CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"");
}
But this doesn't work and I am really confused now.
I'm just trying to sent a .wav file to Internet Explorer with an ASP.net Handler:
public void ProcessRequest(HttpContext context){ HttpResponse response = context.Response; response.ContentType = "audio/x-wav"; response.WriteFile("MyWav.wav"); response.AddHeader("Content-Length", "304578"); response.Flush();}
This works for Firefox and Chrome but I'm just presented with a blank screen in Internet Explorer. Why? (I've tried setting the "Content-Disposition" header. If I set it to "attachment" I am presented with the download dialog. If I set it to "inline", I just get a blank page like before. I want the wav file to play inline like here: [URL]
I am trying to write an app in asp for users that will run in the browser but not look like a browser so I want it to open without all the toolbars. So it should be just the Title bar then the page. We will create a shortcut to the page on the users desktops. Is there a way to do this?
View 3 Repliesi want to install firebug on IE.can you give me the links for free download of firebug
View 4 RepliesI am currently write an ASP.NET WebApplication in Visual Studio 2010. My default browser is Firefox. If I start an WebApplication, the WebApplication starts up in the same instance of Firefox. How is it possible to avoid it? How do I configure Visual Studio that the WebApplicaton starts in an new instance of Internet Explorer?
View 2 RepliesI am currently building a web project in which I would like to allow the user to navigate using either the back/forward button I created or the back and forward buttons in Internet Explorer to navigate my project.
View 1 Repliesi have created kiosk application in asp.net and i just want to hide address bar and internet explorer menus.
View 2 Replies