I want to send new thread in vbulletin forum through the application i made in C Sharp. As thread submission needs security token so i have to add that while submitting and also need to login to forum.
For vbulletin forum i want send post through my application. structure is like this.
Ex:
Url of forum : http://myforumurl.com/forum
Thread need to submit url : http://myforumurl.com/forum/newthread.php?do=newthread&f=01
So how can i submit the thread which have string data of Tag + Title + Message to submit url i.e http://myforumurl.com/forum/newthread.php?do=newthread&f=01
And i also need to send my Username and Password to that forum while submitting.
You need to send an HTTP POST request to the server. You can do this using the WebClient class. The request will need to contain all the fields a browser would typically submit, as well as the session cookies. You can get the session cookies by sending another POST request first, one that the browser would send when you log in.
To see what the browser sends, you could use a Firefox addon like HttpFox, or just use the built-in features that both Chrome and Firefox have these days.
I doubt anyone is going to just post the complete code for you though.
Related
Recently I have attended a training in mvc. The trainer said that - As per the security concerns we have to use HttpPost instead of HttpGet. Always use HttpPost.
Can anyone explain - what is the security issue when we use HttpGet?
When transmitting data over secure connection (https) body of the post request is encrypted and practically undreadable, you can only see address where data is going but not the data itself. Get on the other hand has no body and data has to be transmitted in either query string or as a path parameter. While it is true that query string does get encrypted as well, due to request logging on the server and browser it is possible to get hold of that data.
Anyone can insert image on public forum or stackoverflow with link to your web-site. Then happens next:
Browser looks at url in image tag
Browser find cookies corresponding to domain in url
Browser sends request to url with cookies of user
Your server performs action
Browser tries to parse response as image and fails
Browser renders error instead of image
But if you mark your action as Http Post only then this scenario isn't applicable for 90% of sites. But you should also consider that if hacker can create a form on other web-site then he still can make browser to perform request. So you need CSRF. Well, browsers made a lot to prevent cross-site requests, but it's still possible in some scenarios.
I've set up an HttpListener running on port 8086 on my custom server application, which works with JSON and XML over sockets. I can't change my server application to any other implementation, I am stuck with it for now.
I'm a bit new to Http, so feel free to correct my naviety below! I've searched, but can't find anything that deals with my exact problem.
When I use Hurl.it to send an HttpRequest to the server, the GetContext function fires no problem and I am able to send an html response back to Hurl.it.
Now, the question is, I want to be able to send out Reset Password email links in the form of "http://myip:PORT/resetpasswordseed=74283235" and have a browser be able to receive, parse and display a dynamically generated html form. (I will also need to add SSL to this a bit later, as I don't want a newly updated password being sent as plain text in a URL.)
Now, when I click the URL link http://myserverip:port/resetpassword with Edge or Firefox the GetContext function does not fire and the web browser times out. Have I missed something or am I trying to do something that is not possible? I don't get an error message or an exception or anything.
Any help would be appreciated.
Cheers
Craig.
Im using Facebook C# SDK to post and fetch data. These simple tasks took forever to get running properly. Now I need to notify my webpage(ASP.NET C#) about changes on the specific facebook page so the webpage knows then it should fetch new data.
I have looked at this page : https://developers.facebook.com/docs/graph-api/real-time-updates/v2.2
But as usally with facebook documentations it misses to explain in detail how it works and how to get it working. Where exacly do I create the subscriptions? It says /{app-id}/subscriptions but I have tried this url with my app-id but no page is found?
I have tried to find examples on how to set this up but to no sucess.
Could someone please explain how this works? What do I need to do exacly to get this running?
Facebook subscription works by pinging a URL you own every time data has changed. You need to add a URL you own as a callback URL for Facebook subscriptions to work with
POST /v2.2/{app-id}/subscriptions HTTP/1.1
Host: graph.facebook.com
object=page
callback_url=http%3A%2F%2Fexample.com%2Fcallback%2F
fields=feed
verify_token=thisisaverifystring
In the above API request a POST request is made to add http://example.com/callback/ as the callback URL subscribing to the feed edges of the page object (a page object that the session user owns)
In your callback URL you must have it handle two actions
the initial callback (Handling Verification Requests via the verify token)
saving updated subscriptions (Receiving the Real Time Updates)
Here is an example of what it looks like in PHP
<?php
if ($_REQUEST['hub_verify_token'] === 'thisisaverifystring') {
echo $_REQUEST['hub_challenge'];
}
$file = 'sample.txt';
$inputJSON = json_decode(file_get_contents('php://input'));
file_put_contents($file, file_get_contents('php://input') );
?>
In my Project i don't want to show query string values to users. For that case i used URL Rewriting in asp.net. So my URL Looks like below.
http://localhost/test/default.aspx?id=1
to
http://localhost/test/general.aspx
The first URL will be rewrites to second URL, but it will still executes the default.aspx page with that query string value. This is working fine.
But my question is that, is there any way the user can find that original URL in browser?
The answer is no.
The browser can't tell what actual script ended up servicing the request - it only knows what it sent to the server (unless the server issued a redirect, but then the browser would make a new request to the redirect target).
Since URL rewriting takes an incoming request and routes it to a different resource, I believe the answer is yes. Somewhere in your web traffic you are requesting http://localhost/test/default.aspx?id=1 and it is being rewritten as the new request http://localhost/test/general.aspx.
While this may hide the original request from displaying in the browser, at some point it did send that original URL as an HTTP GET.
As suggested, use Firebug or Fiddler to sniff the traffic.
I figured answer for my question. We can easily found the rewritten urls. If we saw the view source of that page in browser then we can see that original url with querystring values.
I have a problem that when a user times out on my site they are still logged in. So they can still do an ajax request. If they do an ajax request on my site my asp.net mvc authorization tag will stop this.
The authorization normally then redirects the user back to the signin page if they fail authorization.
Now since this is an ajax request what seems to be happening is it send the entire page back rendered as html. So the user never gets redirect since I just got the entire page send to me as html.
However firebug says this in the console:
http://localhost:3668/Account/signIn?ReturnUrl="return" ( this is not in the actual url bar in the web browser so I can't go up there and get it. I only can seem to see it through firebug.)
So I am not sure but maybe if I could somehow grab this url from inside my errorCallback area that would be great.
Since from my testing no error code is sent back(200 OK is sent). Instead I just get parsing error(hence why errorCallback is called) but I can't assume that every time I get parsing error it means the user timed out.
I need something better. The only other option is too look at the response and look for key works and see if it is the signin page what I don't think is that great of away to do it.
You probably want to do one of two things:
Write your server code such that ajax requests return an ajax error when a session is expired. That way the javascript will expect a return code that indicates a session timeout, and you can tell the user the session expired.
If an elegant solution isn't forthcoming because of how your framework handles this stuff, just put a chunk of HTML comment in your login page like Uth7mee3 or something; then check for the existence of that string in your ajax code.
Alternative, you can also set a timer on the web page that figures out when the session is about to time out and warn the user with a little message that lets them renew their session. Once it times out, blank out the page and give them a link to login again.
How about having a script in the Loginpage
if(document.location.href != "/Account/Login")
{
document.location.href = "/Account/Login"
}
This would work if you try to render partials in an ajax request.
(Not if you expect json)
What is the status code of the response in this situation? I think you should be able to check for a 302 here. If not, the Location header would be the next best way to check for the sign-in page.
This isn't an answer to your specific question, but the way I deal with this is to have a some client-side code that understands about the session length and prompts the user to renew a session just prior to it being ready to expire if they haven't moved off the page. If the user doesn't respond to the prompt in time, it invokes the logout action of the site -- taking the user to the login page.
You can find more information on the exact implementation, including some code, on my blog: http://farm-fresh-code.blogspot.com.