WIF Cross-domain On One IIS Site/ Dynamically Setting Of Realm?
Nov 16, 2010
We have a lot of domains running on one IIS WebSite/AppPool.
Right now we are in the process of implementing SSO with Windows Identity Foundation.
in web.config the realm has to be set with
<wsFederation passiveRedirectEnabled="true" issuer="http://issuer.com" realm="http://realm.com" requireHttps="false" />
My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this
var module = context.HttpContext.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as WSFederationAuthenticationModule;
module.Realm = "http://" + siteInfo.DomainName;
My question is. When I set the realm like this, is it set per user instance or application instance.
Scenario.
User A loads the page and the realm get set to domain.a.com.
User B is already logged in on domain.b.com and presses login.
Since user A loaded the page before User B pressed login, user A will hit the STS with the wrong realm set.
What will happen here?
If this is not the way to set the realm per user instance, is there another way to do it?
View 1 Replies
Similar Messages:
Apr 28, 2010
EDIT: At first I thought it wasn't working cross domain at all, now I realize it only works in IE. I'm using jQuery to call a web service (ASP.NET .axmx), and trying to us jsonp so that I can call it across different sites. Right now it is working ONLY in IE, but not in Firefox, Chrome, Safari. Also, in IE, a dialog pops up warning "This page is accessing information that is not under its control..."
$.ajax({
type: "POST",
[URL],
dataType: "jsonp",
success: function(data) {
alert(data.prop1);
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
alert(XMLHttpRequest.status + " " + textStatus + " " + errorThrown);
}
});
And the server code is:
[ScriptService]
public class TestService : System.Web.Services.WebService{
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public void HelloWorld() {
string jsoncallback = HttpContext.Current.Request["jsonp"];
var response = string.Format("{0}({1});", jsoncallback, @"{'prop1' : '" + DateTime.Now.ToString() + "'}");
HttpContext.Current.Response.Write(response);
}
}
View 2 Replies
May 18, 2010
I need to validate a coming request where form is being submitted from the another domain to my website,
Like
[URL]
Remote site:
[URL]
Now this submit.aspx form get submitted to my website,
how to validate on [URL] that request is coming from [URL] only.
View 2 Replies
Mar 29, 2011
I am trying out jsonp with jQuery. I found many examples on the web and I believe my code is correct, but its still not working for me.
My web service:
using System.Web;
using System.Web.Script.Services;
using System.Web.Services;
using System.Web.Script.Serialization;..........
Firebug shows this is a success, but I am getting null from the alert. I have my webservice in iis7 locally and I am testing through my debug in my client project.
I need to get cross-domain working.
View 2 Replies
May 5, 2010
I´m using mvc futures 2 with WebApiEnabled for XML and JSON support. But due to cross domain issues with jQuery $.ajax I´m lookin in to JSONP. Is there a simple way to extend futures rest function for JSONP or should I do something else.
View 1 Replies
Jan 21, 2010
There are two web applications App1 & App2. A user would submit his information on App1 though a form. On click of a specific button/link on App1, the same data should be posted to a page on App2 and the user should also be redirected to the same page on App2.I would like some help in finding out the best way to implement this functionality.
One of the approaches that I have already tried out is by creating a temporary HTML form at runtime, setting the action attribute of the form to the App2 Page and get the form posted by using javascript submit. The data can then be fetched on App2 page by using the response.form object.This approach works well, but i was still wondering if there is any other way to implement the required functionality.
give some insights on using RESTful webservices to implement this, or else, using some HttpModule to intercept requests at App1 and modify redirect response to app2 or any other approach that you might find fit for the purpose.
Edit: Using querystring isnt an option for me.
View 6 Replies
Feb 7, 2011
How to solve the Cross domain issue using webservices?
View 4 Replies
Sep 1, 2010
This is a followup question to the one here
Here's briefly what I am trying to do. The File server creates a text file to indicate an end of the process. On a webpage on the Web Server, I loop every x seconds and make an ajax request to find out if the test file exists (ajax request to [URL]
I've tried the following approaches so far:
Trigger a web method from the client side that creates a HttpContext object to verify if the text file exists. But this is too strenous on the server and I started getting all kinds of exceptions in the Event Viewer.
View 3 Replies
Mar 15, 2010
I realized that IE8 does not allow links from cross domains to be displayed in IFrame.
It seems like there are only two Header options that Microsoft allows to modify.
X-FRAME-OPTIONS : "DENY" (This does not display any IFrame content )
X-FRAME-OPTIONS : "SAMEORIGIN" (Displays content from the same domain)
Is there a work around to allow content from other domains to be displayed?
View 1 Replies
Jan 20, 2010
How can I get a user's geolocation information (City and Country - internet service provider and internet speed would also be great) based on their IP address?
I've searched and found several tools for doing this but I seem to run into problems using them with asp.net mvc. Many of them relate to using json and the "security risk" involved in cross domain ajax calls.
View 1 Replies
Nov 15, 2010
UPDATE1:
here is what i am getting when i copy and paste the service url in the IE browser:
[Code]....
View 5 Replies
Feb 17, 2011
Is there any way to get an iframe current URL after it had been changed when the user has clicked a linked inside the iframe. I am talking about cross-domain iframe. If not, is their any web browser control for ASP.net that can give me the URL of that the user is currently browsing?
View 2 Replies
Oct 28, 2010
I have a Single Sign-on solution which is working great in our test environment. It uses Cross-Sub-Domain cookies to share the authentication ticket between 2 web applications. Sign-on is done only on one of the applications and on the second site the user is authenticated by the cookie created by the first site.The problem is that when I roll it into the production environment the single sign-on no longer works. I'm looking for any ideas on why this might be. More details below:1) Both apps are implemented using ASP.NET MVC2
[code]...
View 1 Replies
Feb 22, 2011
I wont to restrict my web service only for few domains.
I wont to have access to web service from using ajax and my page, and I don't want that anybody can create client to my WebService and view my web service methods.
View 4 Replies
Nov 16, 2010
I am making a asynchronous request to different server for some data using jquery. It works fine in IE, but doesn't work in FireFox and Chrome, when it reaches the code where the request to other server is made, it freezes there and a blank page is shown. If I remove that piece of code, the ajax works fine.
Also, when I place a breakpoint at document.ready, the breakpoint is hit when debugging using IE, but it's not hit when debugging using FireFox.
Following is the JQuery I am using
jQuery(document).ready(function ($) {
$('.tabs a, .tabs span').livequery('click', function () {[code]....
View 1 Replies
Mar 3, 2010
I have integrated Third party advertise module in my website. their domain s "http://rotator.adjuggler.com/".they read cookie from this domain and display advertise based on cookies value. now I want to set cookies on this domain from my website.though this is not possible. they have provided url to set cookies.http://rotator.adjuggler.com/servlet/cookie?action=set&name=test&value=1&maxage=2592000we can set cookies on their doemain by calling above ur.Problem:1) we can't make xmlHttp request because this is cross-doamin link.2) we can't use jquery because it uses xmlHttp as native implementation.3) i have tried to set above url in <img src="..." > and <script src="...">. both not working.but when i paste above url in address bar it works.can anybody have idea how to call above url from Code.
View 2 Replies
Apr 22, 2010
I'm still new to windows authentication. Basically, we have a page on http://externalsite.com that needs to be accessed only by an authenticated user originating from http://internalsite. The user on internalsite is already authenticated using windows authentication.I'm confused here. How can I validate the user and obtain their role so that i can not only validate that they are authentic, but to authorize them to use this page on externalsite.com?
View 2 Replies
Feb 4, 2010
I have this polling script to check if a text file is created on the server. Works great locally, but fails when the file is on a different domain. How would i rewrite this for cross domain support?
$.ajax({
url: 'http://blah.mydomain.com/test.txt',
type: "GET",
success: function(result) {
//Success!
window.location.replace(Successful.aspx');
},
error: function(request, status, error) {
setTimeout("VerifyStatus(" + pollingInterval + ")");
}
});
EDIT: I ended up using YQL to solve the cross domain issue and although it works, YQL is really slow that's adding quite a bit of performance overhead. Can anyone suggest a better solution for cross domain JQuery calls?
View 3 Replies
Mar 10, 2010
I am browsing the page (http://jessie.mydomain.com/), then i click the Logout button in this page, it will be logout successful but it will not redirect to the page (http://www.mydomain.com/Default.aspx), it will show (http://jessie.mydomain.com/Default.aspx).
(1) In master page,
[Code]....
[Code]....
View 3 Replies
Aug 20, 2010
Here is what I want to do: I have a local site in which I want to display data from a remote site
Lets say: I want to display data of http://www.abc.com/Default.aspx on my localhost
Now Default.aspx requires some post-data which it sends to itself. Thus the __viewstate and __eventvalidation are posted back to it by itself. I want to directly post the data to Default.aspx from localhost without opening Default.aspx and display the Default.aspx's response on my localhost.
The WebApp on http://www.abc.com is configured for __eventvalidation i.e. I cannot post-data to it from my localhost without getting a __viewstate from it. I also have to post the current __viewstate of http://www.abc.com/Default.aspx to itself
View 6 Replies
Jan 5, 2010
I have written code to access a text file in another server from my application in javascript. This code works fine in IE but fails in mozilla firefox. Below is the code i have written.
var httpRequest;
httpRequest = new XMLHttpRequest();
httpRequest.open('GET', url, true);
httpRequest.setRequestHeader('X-PINGOTHER','pingpong');
httpRequest.setRequestHeader('Content-Type','application/plain');
httpRequest.onreadystatechange = function() {alertContents(httpRequest);
httpRequest.send('');
function alertContents(httpRequest){
if (httpRequest.readystate == 4){
if (httpRequest.status == 200) {
alert(httpRequest.responseText);
}
}
}
View 2 Replies
Jul 7, 2010
I am building a website, within a large intranet, that wraps and adds functionality to another site within the same intranet. I do not have access to the other site's source and they do not provide any api's for the functionality they provide. I need to, somehow, have my server-side code go to that site, fill in some forms, then press a submit button. Is this possible? If so, how can I accomplish this?
Note: I am working in asp.NET if that matters at all.
View 4 Replies
Feb 3, 2011
we host catalog data and UI for our clients. we do not build entire web site for them. so for the time being client puts an iframe and points URL to our hosting site. it was working fine but now just because of iframe they are lossing SEO.so my question is how to achieve my goal without iframe.
1) how can i embed/inject/merge UI hosted by US to our client web site.
2) Get SEO benefits
View 1 Replies
Feb 20, 2010
I want to pull down a feed (like twitter) and place in on a page using javascript (jquery). Ultimately, the "service" just needs to hand off JSON. I created a web service that allows me to do that, sort of. I don't know if using a stream reader is all that efficient and I was a little bothered by having to use what amounts to 2 evals on the clientside.
My question is twofold: is there a better method than using a web service and two, is there a problem with my implementation?
asmx:
[WebMethod]
public string World()
{
WebRequest request = WebRequest.Create("http://twitter.com/statuses/user_timeline/username.json?count=1");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader reader = new StreamReader(response.GetResponseStream());
string tmp = reader.ReadToEnd();
response.Close();
reader.Close();
return tmp;
}
aspx
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js" type="text/javascript"></script>
<script>
$(document).ready(function() {
$.ajax({
url: "WebService1.asmx/twitter",
type: "POST",
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(obj) {
var t = eval(obj.d)[0].text;
$('div').html(t);
}
})
});
</script>
View 2 Replies
Mar 25, 2010
We recently discovered that our web app was vulnerable to cross site scripting (XSS) attacks. We managed to manipulate our inputs to produce the following HTML:
[Code]....
Which executes an alert window when clicked.
After HTMLEncoding using the AntiXSS the web app successfully encodes the output to look like this:
<a href="javascript:__doPostBack('ctl00$ContentPlaceHolder1$CtlSearchList1$CtlListView1$DataGrid1$ctl03$ctl00','')">'); onclick=alert('This
is an XSS vulernability. An attacker could do anything here (redirect to another website, virus etc)');('.txt</a>
but the alert window still fires! What am I doing wrong?
View 3 Replies