I need to just search Yammer for a various string on the timeline and facing a few weird issues.
Using Nuget, I got the yammer.simpleapi package (Found the bug everyone was talking about and changed it from GET to POST) and I created an App on Yammer, but, this is where the fun starts.
I have a local page http://localhost/home/yammer which redirects to Oauth and then redirects to my app with the key and I retrieve basic user settings.
Now, this is where I get confused - I see if I refresh this page, I just get a blank response (I guess that the code is only good for one query?), but if I refresh the http://localhost/home/yammer - I sometimes get the correct response and sometimes I get nothing.
This is best shown in a recording I did - https://youtu.be/RqrAGiP7Rh4
This is really annoying me and I was wondering if anyone knows what is going on?
I would post code examples, but, there hasn't really been anything modified from the original yammer.simpleapi other than the keys.
The web example app is just working one time.
If you want to replay your page, you should save your YammerClient somewhere (or declare it in static)
Related
Currently I'm trying to implement an auto login link for the emails sent from the site.
One of the requirements is that the user is able to see the link but not the rest of the site unless he manually logs in.
My current problem is that I cannot get the logout part right. The current flow goes something like this:
Check if the user is logged in
If not, check the url query string and do some calculation to check
the code
If everything is alright I log the user in, update the CurrentUser
and all the Session object
Then I need to use HttpContext.Response.Redirect() because the way
the system is made (as far as I have read using Redirect is a quite
abrupt way to cut the Request, but my current issue is that the
system will keep checking other things and redirect me to the LogIn
page if I don't cut it here)
At this point the user is Logged In
If they click on a new link inside the page, on this new Request it will check some Session properties
created on step 4 and if they exist it will log the
user out.
My problem is that it works some times and some other times it doesn't. A pretty consistent thing I notice is that is not working when I open the link in a new browser instance, but generally works when opening on an already open browser.
I guess something could be happening with the Session object between the Redirect and the new Request specially on a new browser instance, but not sure why.
Edit: The problem is happening on step 6
I'm not sure if i totally understand your question, but here are some ideas related to session problems.
Probably when opening the new instance a new Session is created. Therefore your data is gone.
A work around might be storing the needed values in the cache. This is dangerous because cache items can be deleted if iis thinks there is not enough memory.
https://support.microsoft.com/en-us/kb/323290
Another workaround might be saving the needed values in a database.
Or send the needed data through the headers.
Hello All I need all your help badly. We have made a role,ID based application in asp.net(C#) where the menu appear as per his roles. This is fine now the users are trying to directly type the link in address bars and using them. Cant restrict them in page loads and sessions as this is a production site which is already slow. So my intension is to show the url in encrypted format which expires in certain time where the user cant copy and paste it. Is there any possible way...
Cant restrict them in page loads and sessions as this is a production site which
is already slow.
Fix that crappy code and / or add more servers. Because this is the ONLY way it makes sense to do it. Anything else is the type of security that gets broken into and then you run around blaming the world for being unfair.
So my intension is to show the url in encrypted format which expires in certain
time where the user cant copy and paste it.
? So the menu has an encrypted URL that is only valid like for half a second? What if the user browses the source code of the page? He can see all the source there.
This is not security, it is hogwash. Sorry to be blunt, but this is not going to work and you are making a bad job here.
Checking this in page load will take less than a millisecond (assuming you cache roles in the session). WAY less.
Check for user role in page_load event and if the user does not have permission then redirect him to a page showing permission denied.
Please provide code if you need further help.
Yeah.... you've painted yourself into a corner here.
Short answer:
No, there's no clean way to do this and whatever type of 'special' url implementation you create will be open to abuse/spoofing and still require you to add code anyway.
Long answer:
I can't see any viable solution other than injecting some code into Page_Load.
I take it you're not using WIF/Claims-based security, just some bespoke written user login, database store based code? So your best approach (at this point) is to make a simple class in App_Code: When the user logs in, load their permissions into something like a DataTable and store that in a session variable. That way you can avoid doing database requests every time the page loads/posts back, this'll probably speed your site up a bit too.
Build a non-static method in a class that is to be used on Page_Load, where this will get the URL (or page id) being accessed, then check that against the session stored DataTable. If that check fails redirect them to an access denied page.
Building the class foundation is key, don't attempt to shortcut and copy-paste chunks of code into each page. With the 'security' class you can standardise your code and reduce testing down to a few simple checks.
I have a facebook App that for some reason it got banned.
How can I find out programatically (FB C# SDK preferably) at login for instance that the application got banned?
There are no exceptions or other markers that I noticed so I could figure out this.
I am open to any ideas.
The app is not doing anything un-ethical but it pulls up a lot of data and there is a possibility that FB might not like that. So in order to keep it live, I want to know when the app got banned so that i can replace it on the fly with another one, until the issue gets resolved with th first one. FB gives you an answer only after 2+ weeks.
You might be able to use the installable field in the properties array from admin.getAppProperties outlined here: https://developers.facebook.com/docs/reference/rest/admin.getAppProperties/
I am trying to replicate a browser page to another browser on another machine. I basically want to reproduce a page exactly how it appears to a customer for viewing by the website owner. I have done this before using some impersonation trickery, but found that it would throw the session state out of wack when the site owner would switch customers. So I would like to stay away from cookie and authentication manipulation.
Anybody done anything like that? Is there a way to easily transfer the DOM to a webservice?
The tech/programming at my disposal are C#, javascript, WCF.
Is sending image an option? If that is an option, you can use IECapt program to take screenshot of that image and send it to the other machine:
http://iecapt.sourceforge.net/
If session state is getting messed up when the site owner changes customer roles, your implementation might be the problem. I'd probably try fixing how your session management is working before solving a problem which is really a sympton of a deeper problem IMO.
Since you mentioned transferring the DOM to a webservice, I assume you need to inspect the page's source and not just its appearance. I recommend checking this link:
http://www.eggheadcafe.com/community/aspnet/7/10041011/view-source-of-a-web-page.aspx
It was a few suggestions for grabbing a page's source programmatically / screen-scraping.
Of course, a few more details might yield better answers. Specifically, does the customer submit their page to the owner (I imagine a scenario where a user of your site says "Hey, I'm having a problem! Take a look at this...") or is the owner looking at how the page renders when logged-in as a specific customer?
Easiest way is to post the innerHTML of the body tag to your webservice, which your other page can poll (or use comet, or something) to get back. You'll have to be careful to load the right css in your clone page. Also, you'll need to think about how often you want it to update.
This is a bit of a hack though, a better solution would be to have designed the page from the start with this in mind (I'm assuming this is too late now?), so that anything that mutated the page would at the same time send a message back to the server describing what was changed, or if the page is not very interactive, storing the canonical state of the page on the server, and querying that from both browsers with XHRs or similar.
I need to create and add custom headers to an ASP.NET 2.0 application.
The case is simulation of an SSO-login in our dev/test environment.
When I try to add headers I run into the "Not supported on this platform."
error. BigJim has a nice post on the subject here:
http://bigjimindc.blogspot.com/2007/07/ms-kb928365-aspnet-requestheadersadd.html
The root of my problem lies in the fact that I need to simulate various
persons logging into my application. Not just adding static data in a
HttpModule. I need to take values from a couple of TextBoxes and transfer
information from these into custom headers and then re-direct the user. The
HttpModule stuff happens to early in the pipeline...
Does anyone now if there exsist a simple redirect/proxy solution that one
could use in a dev environment? Or have simple/beautiful way of doing it in code?
One method i have used before, though a long winded approach, is NUnitASP.
This is based on the NUnit framework but intended for ASP.NET UI Testing.
It basically starts a browser in memory, and is able to manipulate the content exactly like a user would.
Using this you could view your page, enter data into textboxes and submit pages.
Hopefully that can help you do the testing you require. I've used it to test load, and spider through sites of mine to gather data.
If you use IIS 7 you can set the Pipeline Mode to integrated
This Setting is found in the App-Pool Properties.
I could be wrong, but doesn't the Response.AddHeader() method still work? Although, I agree with Oscar that a formal testing solution like NUnitASP is a good idea. Although, NUnitASP is a little dated. I still use it for some of my projects just because it still does work; it just isn't as refined or as simple as WaTiN or similar projects.
The browser drops the header if you do a Response.AddHeader()...
The header must be added to the orginal Request...
why don't use ASP.NET forms authentication model?
you define your "private folders". if you attempt to acces to a private folder without login, you automatically are redirected to a your custom login page.
here's a couple of link:
http://support.microsoft.com/kb/301240
http://www.asp.net/learn/security/tutorial-02-cs.aspx