Say if I have link1.aspx and link2.aspx. Within link1.aspx, I redirect the user to link2.aspx.
What is the most efficient way of checking that link2.aspx is only accessed via link1.aspx?
For example, something like:
link2.aspx:
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
if page is not accessed via link1.aspx
{
Response.Redirect("~/portal.aspx");
}
}
}
I could use a query string but are there any other ways?
You can use UrlReferrer. However, it is not a secure way of detecting where the user comes from.
For example,
if (string.Equals(Request.UrlReferrer.AbsoluteUri,
"YOUR_REFERRER_URL",
StringComparison.InvariantCultureIgnoreCase))
{
}
If it is redirecting between pages inside your application, I would like to suggest to use SessionState which is more secure and robust than UrlReferrer.
link1.aspx.cs
private bool IsValidUrl
{
set { Session["IsValidUrl"] = true; }
}
protected void Button1_Click(object sender, EventArgs e)
{
IsValidUrl = true;
Response.Redirect("link2.aspx");
}
link2.aspx.cs
private bool IsValidUrl
{
get
{
if (Session["IsValidUrl"] != null)
return Convert.ToBoolean(Session["IsValidUrl"]);
return false;
}
set { Session["IsValidUrl"] = value; }
}
protected void Page_Load(object sender, EventArgs e)
{
if (IsValidUrl)
{
// user comes from valid url.
// .... Do somthing
// Reset session state value
IsValidUrl = false;
}
}
You could use the Request.UrlReferrer property to check what page the user is coming from.
Related
I have a login page and a homepage. It's not possible to access homepage without login but after i login and click logout at the homepage. Users are able to access homepage from browser's address row. How can prevent this ? Here is my implementation
Login Click Method at AdminPanelLogin.aspx.cs:
protected void adminLoginButton_Click(object sender, EventArgs e)
{
String adminName = adminNameText.Text;
String password = adminPwdText.Text;
AdminPanelLoginProcess aplp = new AdminPanelLoginProcess();
if (aplp.adminLogin(adminName, password))
{
Session["AdminAuthentication"] = aplp.Admn.AdminID;
Response.Redirect("AdminPanel.aspx");
}
else
{
Response.Write("<script>alert('Login failed !');</script>");
}
}
Logout Click Method at AdminPanel.aspx.cs
protected void adminPanelLogoutLink_Click(object sender, EventArgs e)
{
Session["AdminAuthentication"] = null;
Session.Abandon();
Response.Redirect("AdminPanelLogin.aspx");
}
AdminPanel.aspx.cs Page Load Method:
protected void Page_Load(object sender, EventArgs e)
{
if (Session["AdminAuthentication"] == null)
{
Response.Redirect("AdminPanelLogin.aspx");
}
else
{
if (!IsPostBack)
{
showProducts();
showModels();
showShoes();
}
else
{
if (Session["AdminAuthentication"] == null)
{
Response.Redirect("AdminPanelLogin.aspx");
}
}
}
}
By default, the back button does not reload the page but get it from cache. Try to disable cache in AdminPanel.aspx as
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
or use any other method from http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout.aspx
In asp.net mvc the scott hanselman example shows how to show the mini profiler for a local environmnet
protected void Application_BeginRequest()
{
if (Request.IsLocal) { MiniProfiler.Start(); } //or any number of other checks, up to you
}
But, I would like to go a step further and be able to see it remotely, only for specific logged in users, or ips.
Any idea how?
Update: I used the following code:
protected void Application_EndRequest()
{
MiniProfiler.Stop(); //stop as early as you can, even earlier with MvcMiniProfiler.MiniProfiler.Stop(discardResults: true);
}
protected void Application_PostAuthorizeRequest(object sender, EventArgs e)
{
if (!IsAuthorizedUserForMiniProfiler(this.Context))
{
MiniProfiler.Stop(discardResults: true);
}
}
private bool IsAuthorizedUserForMiniProfiler(HttpContext context)
{
if (context.User.Identity.Name.Equals("levalencia"))
return true;
else
return context.User.IsInRole("Admin");
}
You could subscribe to the PostAuthorizeRequest event and discard the results if the current user is not in a given role or the request is coming from a specific IP or whatever check you want:
protected void Application_BeginRequest()
{
MiniProfiler.Start();
}
protected void Application_PostAuthorizeRequest(object sender, EventArgs e)
{
if (!DoTheCheckHere(this.Context))
{
MiniProfiler.Stop(discardResults: true);
}
}
private bool DoTheCheckHere(HttpContext context)
{
// do your checks here
return context.User.IsInRole("Admin");
}
in my domain service class i want to return part of my object but returns nothing.
Silverlight code:
private void button2_Click(object sender, RoutedEventArgs e)
{
LoadOperation<Employees> loadOpKKM = this._employeeContext.Load(this._employeeContext.GetEmployeesById2Query(1));
loadOpKKM.Completed += new EventHandler(loadOpKKM_Completed);
}
void loadOpKKM_Completed(object sender, EventArgs e)
{
MessageBox.Show(loadOpKKM.Entities.Count().ToString());
}
Domain service class:
public IQueryable<Employees> GetEmployeesById2(int employeeId)
{
var query = from s in ObjectContext.Employees
where (s.EmployeeID == employeeId)
select new Employees()
{
Address = s.Address
};
return query;
}
where am I doing wrong?
As Silverming, GertArnold said you should first check if your table is correctly set.
private void button2_Click(object sender, RoutedEventArgs e)
{
LoadOperation<Employees> loadOpKKM = this._employeeContext.Load(this._employeeContext.GetEmployeeByIDQuery(1));
loadOpKKM.Completed += new EventHandler(loadOpKKM_Completed);
}
void loadOpKKM_Completed(object sender, EventArgs e)
{
MessageBox.Show(loadOpKKM.Entities.Count().ToString());
}
[Query(IsComposable=false)]
public Employees GetEmployeeByID(int employeeID)
{
return this.ObjectContext.Employees.Single(c => c.EmployeeID == employeeID);
}
Review your domain service to see if you didn't do any errors or typo
You should not be able to access loadOpKKM inside loadOpKKM_Completed as shown. It is outside the scope of that method (and should not compile unless you have another property of the same name).
I am guessing you are actually accessing another property called loadOpKKM on your page (which will be empty as it is not the temporary one loaded). Check your designer file for that page and see if you also have a property/control called loadOpKKM.
If not please list all the code for the page (including designer file).
as #Hitech Magic said, loadOpKKM is outside the scope of that method.
try use it like this :
private void button2_Click(object sender, RoutedEventArgs e)
{
LoadOperation<Employees> loadOpKKM = this._employeeContext.Load(this._employeeContext.GetEmployeeByIDQuery(1));
loadOpKKM.Completed += new EventHandler(loadOpKKM_Completed);
}
void loadOpKKM_Completed(object sender, EventArgs e)
{
LoadOperation<Employees> loadOpKKM = (LoadOperation<Employees>)sender;
if(loadOpKKM != null)
{
MessageBox.Show(loadOpKKM.Entities.Count().ToString());
}
else
{
//TODO
}
}
This is really important question. this makes me crazy in 4 hours :( i can load UCAddX.ascx but if i click "Search in X" button not load UCSearchX user control. There are 3 button also there are 3 web user control. i want to load these 3 web user controls after clickEvents. But below method not working.How to load web user control dynamically? Click By Click (Like Tab control)
public partial class MyPage: System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
ViewState["controlType"] = "AddX";
if (!IsPostBack)
{
AddUserControl();
}
else
{
AddUserControl();
}
}
protected void btnAddX_Click(object sender, DirectEventArgs e)
{
ViewState["controlType"] = "AddX";
if (!IsPostBack)
AddUserControl();
else
AddUserControl();
}
protected void btnSearchX_Click(object sender, DirectEventArgs e)
{
ViewState["controlType"] = "SearchX";
if (!IsPostBack)
AddUserControl();
else
AddUserControl();
}
protected void btnUpdateX_Click(object sender, DirectEventArgs e)
{
}
void AddUserControl()
{
// plhContent1.Controls.Clear();
if (ViewState["controlType"] != null)
{
if (ViewState["controlType"].ToString() == "AddX")
{
UCAddX uc = (UCAddX)Page.LoadControl("~/Pages/EN/MyUserControls/UCAddX.ascx");
uc.ID = "ucAddX";
uc.Attributes.Add("runat", "Server");
uc.EnableViewState = true;
uc.Visible = true;
plhContent1.Controls.Add(uc);
}
else if (ViewState["controlType"].ToString() == "SearchX")
{
UCSearchX uc = (UCSearchX)Page.LoadControl("~/Pages/EN/MyUserControls/UCSearchX.ascx");
uc.ID = "ucSearchX";
uc.Attributes.Add("runat", "Server");
uc.EnableViewState = true;
uc.Visible = true;
plhContent1.Controls.Add(uc);
}
}
}
}
Use the code below to load usercontrol dynamically
var control = LoadControl(filePath) as ControlType;
then you can subscribe to events and add to control placeholder.
Hope this helps
try something like this,
//to load the control
protected void Page_Init(object sender, EventArgs e)
{
ViewState["controlType"] = "AddSector";
//you don't need to check the if condiontion, cause you load every time the controls
AddUserControl();
}
when you need to get values from the control after postback you should get it on
protected void Page_PreRender(object sender, EventsArgs args) {
//your placeholder that contains data
}
User controls when loaded dynamically need to be loaded on every Page_Load so their view state is maintained. So you need something like:
public string CurrentControlToLoad
{
get
{
if(ViewState["controlType"] == null)
return "";
return (string)ViewState["controlType"];
}
set
{
ViewState["controlType"] = value;
}
}
protected void Page_Load(object sender, EventArgs e)
{
if(CurrentControlToLoad != "")
LoadControl(CurrentControlToLoad);
}
protected void btnAddSector_Click(object sender, DirectEventArgs e)
{
CurrentControlToLoad = "AddSector";
LoadControl(CurrentControlToLoad);
}
I have two buttons and two separate validation groups for each button. I kept EnableClientScript=false on each requiredfield validator of the textboxes. I have c# code like below
void submitButton_Click(object sender, EventArgs e)
{
this.Page.Validate("LoginAccountGroup");
if (this.Page.IsValid)
{
}
}
void saveButton_Click(object sender, EventArgs e)
{
this.Page.Validate("CreateAccountGroup");
if (Page.IsValid)
{
}
}
My question is this Page.Isvalid is always returning false in the c# code. How to make it work
Try This
protected bool IsGroupValid(string sValidationGroup)
{
Page.Validate(sValidationGroup);
foreach (BaseValidator validator in Page.GetValidators(sValidationGroup))
{
if (!validator.IsValid)
{
return false;
}
}
return true;
}