I have two applications. The first is used as an internal user management application that was developed to for multiple applications to use as a central authentication service. It is placed in an IFrame inside the second application. The second application is the application users are logging into after they have been authenticated.
My problem is the show password eye icon in IE10. I have the CSS code in the central authentication app to hide the eye icon.
.input::-ms-reveal
{
display:none;
}
When I run just the central authentication app, the eye icon is hidden. However when I run the second app, with the central authentication app inside an IFrame, the CSS appears to be overridden and the eye icon is visible.
Has anyone encounter this before and what was your solution?
Depends on how you are implementing the IFrame. You need to make sure that page that is located in that IFrame is also pointing to that same CSS.
It's bad practice, but appending !important to the rule might cancel out whatever is causing it to not apply your rule. e.g.
.input::-ms-reveal
{
display:none !important;
}
Related
I have developed an application that allows file uploads and downloads with ASP.NET Core Web app (razor pages not controllers). In this app, I am setting a background image on each page as globally it doesn't work but something strange is happening with it.
On Initial login, the homepage background shows fine(see first image), but as soon as you switch to a different page and go back, its like it loses part of its URL? The original URL for the site image on initial login was http://ip.address/PORTAL/hero-range-1.jpg but when switching pages its like it loses the /PORTAL/ part? (see second image)
background-image: url('hero-range-1.jpg I would use background-image: url("http://ipaddress/PORTAL/hero-range-1.jpg")
As a software developer, a project has come up to migrate a current portal application. The portal allows users to log in and once logged in they provided with a selection of different application that they can opt from a menu.
The portal application is written in .aspx webforms. The applications from the menu are also .aspx webforms. Once an application is loaded the menu control is loaded with the application.
The proposed solution is create a new portal application and will be written using .net core along with identity to provide secure login functionality and comply to best practices etc.
The application being written using MVC / .net core / bootstrap to create a mobile first driven environment. Once a user is logged in, the menu is loaded once and I am working towards a solution of loading the applications into an responsive iframe. Allowing the applications to be loaded into an iframe would allow the progressive journey of migrating the webform applications to an MVC format in the future months.
I have read mix reviews about iframes? But nothing really evident that they are safe to use within an internal hosted application. The hosted internal application will allow member users to login and view their specific applications. The things I have read also say they are safe etc but nothing total concrete.
I need to find evidence that iframes are safe regarding PCI / security / clickjacking. What do i require to make the .core application that contains the iframe as secure as possible? Again to re-iterate the proposed application portal will be hosted under SSL that would contain an iframe once logged on to then load hosted internal applications into the iframe.
If I am to use an iframe solution then what should I be doing to make everything secure? What would be the alternative to iframe to load an internal application successfully. Again having read everything, i believe div elements will not work as the applications that are loaded have independent jquery under different versions. Also within the iframe, the postback process can happen with no issue.
Any other advise or opinions would be grateful? Thanks.
Generally speaking iFrames are safe from client side script attacks due to same origin policy
So if you want to see if they're safe enough for your needs I'd suggest looking at ways to get around this policy. A quick google shows this question asking for ways to get around it.
Is this possible? i have an exit button on my web application, originally, my client request that once they click the exit button, it should CLOSE the tab or the browser itself but afaik that's impossible since the web aplication can be opened via link in an email (outlook,yahoomail etc) via tag, so I suggested this alternative to simply just redirect to the Home (of the user, not the web app). the problem how to Redirect to USER's home page. TIA
if (window.home){
window.home();
}else{
window.location='about:home';
}
Something like that would be my guess.
window.home() reference.
There is no way to detect user's existing settings for a home page. This is a security issue. You can always, however, close the browser window after the user is finished using your application.
JS: window.close();
Not sure that would be advisable (even if it were possible), as users can have multiple homepages. Usually, web applications have a log-out button which would log the user out and return to the application's main page (probably showing a log-in form).
I'm using Facebook C# SDK for my WP7 app. The authentication dialog that prompts the user to grant permission to the app is displayed full screen on the app (about 480px I guess), but the allow/don't allow button are hidden at the bottom of the frame, which needs to scroll. There is a large part of the screen that is white though, so I think Facebook is serving a dialog for a larger screen.
How can I specify the size of the screen when authenticating over Facebook oauth ?
This is a bug with Facebook. I would suggest opening a bug with Facebook at https://developers.facebook.com/bugs.
The one thing you might do to work around the issue is to inject either javascript or css into the page using the browser control. Your javascript/css could fix this issues and resize the page. I have done that before on an old WPF app and it worked well.
Unfortunately, the Facebook support for Windows Phone is very poor and there are several major issues of this type.
Say I have a webbrowsercontrol inside a windows form, and the user logs in to a secure site from the form. If the user were to open IE separately, it would also show them logged in. Is it possible to isolate the windows form's IE instance?
The WebBrowser control is built on top of the WebBrowser ActiveX, which lies on top of the WinInet. So you should be able to affect its behavior through the WinInet API.
You can try calling InternetSetOption WinInet API to set the INTERNET_OPTION_END_BROWSER_SESSION option to end the current session and start new one. To ensure that the call will affect only the current process, use the INTERNET_HANDLE_TYPE_INTERNET handle.
you don't mention your version; the behavior changed from IE7 to IE8.
In IE7 and IE6, you can open multiple windows and authenticate with different userids on one site.
In IE8, your session state is shared across browser sessions.
You can open IE with privacy mode on; this should allow the session to be sandboxed.
IE8 has the command line switch -nomerge, which starts the browser with a new session
When you log into a site, you generally get a cookie passed to your from the server that marks you as "logged in" (VERY oversimplified....). My guess would be to delete the cookies. See here:
How to delete Cookies from windows.form?