In my default web page i have some pop-up Iframe when a user click something (using JS).
How can i prevent users from go directly to the link : WWW.mydomain.com/Iframe.aspx
and see the full page but still give them the access whenever they click the Iframe button from the default page.
default - default.aspx
Iframe - Iframe.aspx.
Thanks.
There is a technique called Frame killer used by web applications to prevent their web pages from being displayed within a frame. In your case, it's a bit opposite, but we can borrow a similar idea.
If you display your Iframe.aspx as a popup when you click a button. You could check for the window.opener in your Iframe.aspx throw error if window.opener is empty. Like this:
<script type="text/javascript">
if(!window.opener) {
throw new Error();
}
</script>
If your Iframe.aspx is embedded in an iframe of the popup. You could check it further using window.parent.opener
<script type="text/javascript">
if(!window.parent.opener) {
throw new Error();
}
</script>
Note that this technique does have limitations as pointed out in the link above.
Related
I am trying to implement login and logout in asp.net(web forms). In my web form I have two pages namely Default and Main. From Default page when I login with username and password it redirects to the Main page. When I press back button it directly redirects to the default page. For this I copied javascript code to my default page
<script type = "text/javascript" >
function preventBack() { window.history.forward(); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
source from stackoverflow question
After login when I click on back button in my browser(chrome) first it shows the Default page and then it shows the Main page. i.e page blinks when I click the back button.
It shows main page successfully with the issue.
What should I implement to stop showing the Default page when I click on back button
Update:
<script type = "text/javascript" >
history.pushState(null, null, 'Default.aspx');
window.addEventListener('popstate', function (event) {
history.pushState(null, null, 'Default.aspx');
});
</script>
I placed this code in default page
There is one important thing that you ought to know here.
One cannot disable the browser back button functionality only thing that can be done is prevent it.
You can't, in anyway diasble that button. What you can however do, is to put some logic and prevent that button from doing what it is meant to do.
Now for the script that you have shown, it should serve fine and the other thing to try here is to put a mediator page between your default and main page. So when you login, the control will flow to mediator page and it will then redirect to main page. Now when the user presses back button on the main page, the control will flow to mediator page which will again redirect the user to his main page.
The effect will be the same as your script, but putting a page can help you write Session handling code and some server side checks if you want.
But one thing is sure, the browser back button will be as it is.
Hope this helps.
As Matt said you can't disagree the back behaviour. However you can check if the user is logged in and redirect them to the main page easily.
All you need to do is, on the default page check if the user is logged in, if they are then redirect them to the main page, this way even if the user clicks back, they will be taken back to the main page. And also the can go to the Default page after logging out.
Another way could be using location.replace("...."), which replace the existing document and user can't "go back" using back button as the page doesn't exist in the url history.
Src: https://developer.mozilla.org/en-US/docs/Web/API/Location/replace
I am looking for a way to change page url (change one of the url key's value) when the user refreshes the page. I am doing this to reflect changes on the contents of the page. I have tried several methods but they all have a loop problem. Below is one of the methods:
In my html page:
<body onLoad="CheckPageLoad();">
<input type="hidden" name="trial" id="trial" value="hello" />
</body>
In the page.asp page: (inside a script tag)
function CheckPageLoad() {
if ($("#trial").val() == "hello") {
// This is a fresh page load
alert('Load');
$("#trial").val("hi");
} else {
// This is a page refresh
window.location = url;
alert('Refresh');
}
}
Issues:
Every time the page is refreshed, the Load alert is always displayed. I thought the load is done once. It looks like every time the page is refreshed, it reloads so the value always remains to be hello.
I tried using the script tag only and the new url is opened but keeps looping. (This is the main problem)
Any suggestion to update the above method or use another method to do the refresh is appreciated. Below are other methods I also tried:
window.onbeforeunload = unloadPage();
function unloadPage() {
//do something
//works but loops
}
Thanks
I put the following code into a basic page and it demonstrates why you are getting the described behaviour:
<html>
<head>
<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script type="text/javascript">
function CheckPageLoad() {
if ($("#trial").val() == "hello") {
// This is a fresh page load
alert('Load');
$("#trial").val("hi");
} else {
// This is a page refresh
alert('Refresh');
window.location = window.location + '?id=1';
}
}
</script>
</head>
<body onLoad="CheckPageLoad();">
<input type="hidden" name="trial" id="trial" value="hello" />
</body>
</html>
When you set the window.location it changes the url (well duh!) which therefore means you are loading a new page. When the page is refreshed you get a "Refresh" alert before a "Load". This demonstrates that the page is posting back first, but the onload event causes the page to navigate to another location, therefore loading it again. It is my understanding that updating anything in the URL ultimately is a new request/newly loaded page.
You might find the following useful regarding the viewstate in asp (seeing as you suggested you are using an asp page): http://msdn.microsoft.com/en-us/library/ms972976.aspx
My suggestion would be to completely remove the window.location = url; part of your code in favour of looking at the data which was posted back instead. This means that you aren't unnecessarily loading the page twice on postback and allows you to access the data from any updated inputs.
If I have a button on my ASP.NET page which will take you to another page but that page will do something and then will send user back using
Uri uu= Request.UrlReferrer;
if (uu!= null)
Response.Redirect(uu.ToString());
Now Which page event can I use so that when other pages displays I can display a message box.
In short I am running my custom code in a "aspx" page where user is directed on button click, and then after custom code I am sending user back to old page, but it happens so quickly that user doesn't realize that he went on another page, now I want to display a message box after redirect on same page user started from, what to do :S !
More Information
EDIT
Sorry guys but I can't make changes to ASP page where button is at all
:(
I'm a bit unsure about how the Request.UrlReferrer gets set. I think it's a browser implementation detail. So I wouldn't trust on that.
I would go for something like
A.aspx -> Redirects to -> B.aspx
B.aspx -> Redirects to -> B.aspx?message=1
And check if message=1 is set.
But if you want to use the Request.UrlReferrer it should be accessible on Page_Load
If you use it this way, it'll never appear to the client.
Maybe try redirecting back using javascript with a delay so user can be informed
The best thing to do it's add a flag to the redirected page so you can show something special when the flag is turned on
Uri uu= Request.UrlReferrer;
if (uu!= null)
Response.Redirect(uu.ToString() + "?Message=DataHasChanged");
and then in the ASP page
<% if (Request.QueryString["Message"] == "DataHasChanged") { %>
<div class="alert">The data has changed. Please review it or whatever</div>
<% } %>
I'm not so expert with ajax, so I find it hard to look for the better answer. I've tried creating separate ".js" file that contains the call for rest service (for validation of user session), but it doesn't work.
My goal is to validate user session before loading my views (in MVC). The only way to use the logic of validating the given session with the database is to call a rest service via url using ajax.
This code works well (inside Home View):
<script type="text/javascript">
$(function () {
$.get('#Url.Action("GetSession", "Auth")', function (getdata) {
if (getdata.UserID && getdata.SessionID && getdata.SourceIP) {
$.post('http://website.com/Rest/Authenticate/ValidateUserSession', JSON.stringify(getdata), function (response) {
if (response == false) { window.location.replace('#Url.Action("SignUp", "Auth")'); }
});
} else {
window.location.replace('#Url.Action("SignUp", "Auth")');
}
});
});
</script>
<h2>
Home</h2>
#*The content here should not appear, unless session is validated.*#
The only problem is that, the process of validation takes 3 to 5 seconds, so the user sees the Home page before the ajax call returns the result whether the validation was successful or not. If validation/response returns false it will redirect to sigup page.
I don't know what is the best practice with this process. For now I jsut don't want the Home view show to the user unless session is validated. Hope I'd explain it well. Please suggest if you have the better idea.
Additional info:
If possible, I like doing this:
<script type="text/javascript">
if(!validated()){
window.location.replace('#Url.Action("SignUp", "Auth")');
}
</script>
<h2>
Home</h2>
#*The content here should not appear, unless session is validated.*#
Why can't you consume the rest service at server side ? Technically there should be no reason for not being able to do that. Here's a tutorial discussing exactly that : http://codebetter.com/johnvpetersen/2012/03/22/accessing-a-asp-net-webapi-rest-service-from-asp-net-mvc/
That should take care of everything. If for some reason that's not possible for you, then you can do the following,
Make your home page a partial view.
Instead of loading home page, load an empty page with processing icon (or whatever message you want to show.)
Talk to the REST service and if got the reply then load Home page's partial view using JQuery else load sign up partial view.
Here's an article discussing how to load MVC partial views using JQuery: http://www.codeproject.com/Articles/34221/JQuery-Partial-Views-in-ASP-NET-MVC
I have a security class that is called by a PageBase class (that all pages will inherit from) that will redirect the user to either the home page or the login page (depending on if they're logged in or not), if they try and access a page they aren't authorized to see. I want to alert the user of this by saying something like,
"You are not authorized to view this page, redirecting you"
Or something like that. I know you can call javascript from your codebehind to show an alert to the user.
In my PageBase class, (again, that all pages will inherit from), there is a common Page_Init(..) method, and when I try and call my js alert from there, nothing happens. I've put breakpoints in my code, and the code is being hit, but the user isn't getting the alert. I assume this is because Page_Init is too early in the page's lifecycle to execute js, and that that is what is causing this issue.
Is there a way around this without having to add a function to each individual page? Also, here are the two ways I have tried:
System.Web.UI.Page page = HttpContext.Current.CurrentHandler as System.Web.UI.Page;
System.Web.UI.ScriptManager.RegisterStartupScript(page, page.GetType(), "alert", "alert('You do not have access to this page. You are being redirected')", true);
and
Response.Write("<script type='text/javascript'>alert('You do not have access to this page. You are being redirected');</script>");
The issue is NOT that there isn't any page on the Page_Init. The problem is that the server is not sending out anything to the browser because it's too early in the Page Lifecycle. (more coming)
Under normal circumstances, response data is not sent to the browser until the Rendering event, even if you call Response.Write. This can often be forced by calling Response.Flush() immediately after Response.Write BUT that often has unintended consequences. In the Page_Init cycle, I think that calling Response.Flush() would probably cause you plenty of problems.
You might be better served simply creating a static html page with the "we're redirecting" message, and using a javascrip.SetTimeout method to count down and use javascript to redirect after a few seconds. That's how it's been done on the web for years. Your base class can simply redirect to this page when the user is not authorized.
Code for the "redirect" page.
<html>
<head>
<script type="text/javascript">
function delayedRedirect(){
window.location = "/default.aspx"
}
</script>
</head>
<body onLoad="setTimeout('delayedRedirect()', 3000)">
<h2>You are not authorized to view this page, redirecting you</h2>
</body>
</html>
You need to do implement the logic on Page_Load event on the base page as so:
ScriptManager.RegisterStartupScript(this, this.GetType(), "keykey", "alert('You do not have access to this page. You are being redirected'); window.location='http://caracol.com.co';", true);