I have a security class that is called by a PageBase class (that all pages will inherit from) that will redirect the user to either the home page or the login page (depending on if they're logged in or not), if they try and access a page they aren't authorized to see. I want to alert the user of this by saying something like,
"You are not authorized to view this page, redirecting you"
Or something like that. I know you can call javascript from your codebehind to show an alert to the user.
In my PageBase class, (again, that all pages will inherit from), there is a common Page_Init(..) method, and when I try and call my js alert from there, nothing happens. I've put breakpoints in my code, and the code is being hit, but the user isn't getting the alert. I assume this is because Page_Init is too early in the page's lifecycle to execute js, and that that is what is causing this issue.
Is there a way around this without having to add a function to each individual page? Also, here are the two ways I have tried:
System.Web.UI.Page page = HttpContext.Current.CurrentHandler as System.Web.UI.Page;
System.Web.UI.ScriptManager.RegisterStartupScript(page, page.GetType(), "alert", "alert('You do not have access to this page. You are being redirected')", true);
and
Response.Write("<script type='text/javascript'>alert('You do not have access to this page. You are being redirected');</script>");
The issue is NOT that there isn't any page on the Page_Init. The problem is that the server is not sending out anything to the browser because it's too early in the Page Lifecycle. (more coming)
Under normal circumstances, response data is not sent to the browser until the Rendering event, even if you call Response.Write. This can often be forced by calling Response.Flush() immediately after Response.Write BUT that often has unintended consequences. In the Page_Init cycle, I think that calling Response.Flush() would probably cause you plenty of problems.
You might be better served simply creating a static html page with the "we're redirecting" message, and using a javascrip.SetTimeout method to count down and use javascript to redirect after a few seconds. That's how it's been done on the web for years. Your base class can simply redirect to this page when the user is not authorized.
Code for the "redirect" page.
<html>
<head>
<script type="text/javascript">
function delayedRedirect(){
window.location = "/default.aspx"
}
</script>
</head>
<body onLoad="setTimeout('delayedRedirect()', 3000)">
<h2>You are not authorized to view this page, redirecting you</h2>
</body>
</html>
You need to do implement the logic on Page_Load event on the base page as so:
ScriptManager.RegisterStartupScript(this, this.GetType(), "keykey", "alert('You do not have access to this page. You are being redirected'); window.location='http://caracol.com.co';", true);
Related
In my default web page i have some pop-up Iframe when a user click something (using JS).
How can i prevent users from go directly to the link : WWW.mydomain.com/Iframe.aspx
and see the full page but still give them the access whenever they click the Iframe button from the default page.
default - default.aspx
Iframe - Iframe.aspx.
Thanks.
There is a technique called Frame killer used by web applications to prevent their web pages from being displayed within a frame. In your case, it's a bit opposite, but we can borrow a similar idea.
If you display your Iframe.aspx as a popup when you click a button. You could check for the window.opener in your Iframe.aspx throw error if window.opener is empty. Like this:
<script type="text/javascript">
if(!window.opener) {
throw new Error();
}
</script>
If your Iframe.aspx is embedded in an iframe of the popup. You could check it further using window.parent.opener
<script type="text/javascript">
if(!window.parent.opener) {
throw new Error();
}
</script>
Note that this technique does have limitations as pointed out in the link above.
I have a form on my page where users can send an email,
try
{
smtpClient.Send(message);
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "Key",
"alert('Thank you for your submission.');", true);
}
catch(Exception)
{
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "Key",
"alert('There was an error processing your request.');", true);
}
Response.Redirect("home.aspx");
The alert does not appear and the page simply redirects immediately, unless I comment out Response.Redirect, then the alert works. I want to display the alert and then redirect.
How can this be achieved? I thought of using a timer somehow, but I'm not sure if thats the best solution.
Thanks.
Let the JS do the redirect, instead of using Response.Redirect.
eg.
alert('....'); window.location='home.aspx';
The reason is that the RegisterClientScriptBlock call and the redirect code are within the same page life cycle. That means Response.Redirect() get invoked before the page rendered to the client's browser. The client has no way to see alert message.
The solution is use JS to redirect page as suggested by Will
I am calling this in my code behind:
(test.aspx)
Response.Redirect("~/Default.aspx");
I want to include a javascript alert after/before being redirected to Default.aspx, is it possible?
I'm doing this because I'm passing a value to another page (test.aspx) and that page checks the db, if reader HasRow(), then redirect to Default.aspx.
The way to do that is display the alert with javascript and then do the redirect with javascript as well:
ScriptManager.RegisterStartupScript(this,this.GetType(),"Redit","alert('asdf'); window.location='" + Request.ApplicationPath + "Default.aspx';",true);
Lets take a look at what happens when you call response.redirect()
Servers sends HTTP response 302 to browser including the url to navigate to
browser doesn't display content of response and instead gets the content from the url specified
if the request to the new url succeeds, then it is displayed.
Now looking at this, we can deduce that it is impossible to tell the browser to do a alert() from the page that issues the redirect because its content (if any) is discarded.
It is possible to accomplish what you want from the page that you are redirecting to. To do this, just check Request.UrlReferrer to check if you were redirected from the correct page, then display the alert when appropriate.
example:
Page1 redirects to page2
Page2 check if Request.UrlReferrer is equal to page1
If equal, display alert
If not, do nothing special
Another approach is do the alert first then do the redirect from javascript. window.location.href = newurl.
if you have display something message on Defaul.aspx page you must declare it. Because when you use redirect your page is rendering from top. You must set before redirect Sesion state on something flag and on Default.aspx page you must insert section who been added when this Sesion state been set.
if users press the browser's back button to reach the prior page, the page should display a message like "web page expired".
can i use javascript for this???
for example:
there are 4 pages in web sites. on page 1,2 and 3 the user can use the back-button, wheras on the 4th page the user gets the desired message.
i thought that i can do this by using counter.
i used following javascript on the master page ..
<script type="text/javascript">
function GoBack() {
window.history.go(+1);
}
</script>
and call the function in body like this:
<body onload="GoBack();">
and on the 4th page_load i do the following:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
it is working for all pages .. but i want to do this only for the 4th page
If you only want it on that page level, and when you use postbacks, then I suggest you simply keep it in ViewState instead of Session state. Session's also still available on other pages, where you might want to have other counters.
You need to keep the variable alive across requests. So one way is to put it in some viewstate or sessionstate. Sessionstate is least preferred. But you can possibly put it in a hidden textbox in the page and simply use it.
Looking at the problem after the much awaited update/edit, I shall suggest you to use SessionState. Please give a try on it.
I have update button and after saving the record to database, I am displaying popup Msg using Javascript as below.
When i don't use Response.Redirect, Popup is working fine.
But when i use Response.Redirect, Popup is not displaying.
Anybody faced the same issue. Please throw some light.
Appreciate your help.
ScriptManager.RegisterStartupScript(
this,
typeof(string),
"popup",
"alert('Thank you for visiting the MedInfo website. Your request has been submitted.');",
true);
Response.Redirect("Default.aspx");
Create a js function , in function show message then navigate to the page
Server side
ScriptManager.RegisterStartupScript(this, this.GetType(), "key", "ShowMessage()", true);
JS
function ShowMessage()
{
alert('your message');
window.location.href='default.aspx';
}
The very reason you don't see the message is that you navigate from this page, so the page with this script injected in it never gets rendered.
Response.Redirect transfers the control to another page, and your script is loaded in the current page.
See Response.Redirect Method
Remove the response.redirect method and then change the scriptmanager. Remove the alert message and instead call a javascript function. Inside the function you can show the alert message and then on the next line write
document.location = "Default.aspx";
ScriptManager.RegisterStartupScript(
this,
typeof(string),
"popup",
"alert('Thank you for visiting the MedInfo website. Your request has been submitted.')" + "location.href='Default.aspx';",true);
As mentioned earlier, Response.Redirect interrupt current page execution and transfers control to another page. If you want to show message box after redirect, register your javascript code in Page_Load event handler routine of page to which you are redirect.
Instead of doing a server side, try doing it in the client side. Add window.top.location ="Default.aspx" to your javascript code