I have a .net c# web forms in my web application. I do some processing in the code behind of this page.
Within the mark up of this page, I have a http handler referenced, which outputs a response type of text/javascript, included in the markup:
<script type="text/javascript" src="handler.axd"></script>
I want to pass from my page to the http handler some values. I do not want to pass it via query string and session is not available to me.
Any ideas or tips as to how I can pass data/variable values from my page to the http handler?
I do not want to pass it via query string and session is not available to me
Cookies? In your main page set a cookie, and in the handler read the value of the cookie.
If this is not an option for you how about Application State? In your main page generate an unique GUID and store the value you would like to pass to the handler into the application state. Then pass the GUID to the handler as request parameter. In the handler use the GUID to fetch the value from application state.
If application state is not an option for you how about database state (or some other persistent storage mechanism on server)?
If all those are not an options for you describe your scenario in more details as I am afraid that you could quickly run out of options :-)
I know you don't want to use qs variables, but you could do the following. Create a unique key on page load, store your variables in Application Cache by that key, and stick that key as a querystring variable on you script reference, then access that information from Application Cache again. This is assuming that you're concerned about security or data size as the reason for now sticking directly in the querystring.
Have you looked at the HttpContext.Items collection?
Related
I don't understand the notion of session for webservices. In one hand you can allow session in DataAnnotation like that :
[WebMethod(EnableSession = true)]
In the other and you can configure the session state in IIS :
So I put Session State in process and set the delay for 20 minutes.
Then in my webservice I try to get the session ID like that :
return HttpContext.Current.Session.SessionID
I use a winform to get this information and call the webservice.
And the session ID Change at every call. I don't understand why, beaucoup SessionState is set to 20 minutes...
May I'm in wrong way ? Can you explain me ?
Is SessionID correspond to the Session State in IIS ?
There must be something that connects the request to a particular session. Usually a cookie is used for that. This cookie is sent along with the response, so the calling application must remember that cookie and send it along with the next request. Without cookie the request is handled as if it's a new session.
A browser handles this by default (unless specifically switched off), for an other application you need to do cookie management yourself. For this you need to use a single CookieContainer that will be shared among your requests.
See the link in the answer by Marius for more details.
I was thinking of a solution, but then I found this post :
How to keep session alive between two calls to a web service in a c# application?
I hope this helps.
If you want to keep your sessionID same througout users session life time you should add a global.asax file to your web project and implement Session_Start method.
Please check this link:
https://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.sessionid.aspx
I've got an .ashx handler which, upon finishing processing will redirect to a success or error page, based on how the processing went. The handler is in my site, but the success or error pages might not be (this is something the user can configure).
Is there any way that I can pass the error details to the error page without putting it in the query string?
I've tried:
Adding a custom header that contains the error details, but since I'm using a Response.Redirect, the headers get cleared
Using Server.Transfer, instead of Response.Redirect, but this will not work for URLs not in my site
I know that I can pass data in the query string, but in some cases the data I need to pass might be too long for the query string. Do I have any other options?
Essentially, no. The only way to pass additional data in a GET request (i.e. a redirect) is to pass it in the query string.
The important thing to realise is that this is not a limitation of WebForms, this is just how HTTP works. If you're redirecting to another page that's outside of your site (and thus don't have the option of cookies/session data), you're going to have to send information directly in the request and that means using a query string.
Things like Server.Transfer and Response.Redirect are just abstractions over a simple HTTP request; no framework feature can defy how HTTP actually works.
You do, of course, have all kinds of options as to what you pass in the query string, but you're going to have to pass something. If you really want to shorten the URL, maybe you can pass an error code and expose an API that will let the receiving page fetch further information:
Store transaction information (or detailed error messages) in a database with an ID.
Pass the ID in the query string.
Expose a web method or similar API to allow the receiving page to request additional information.
There are plenty of hacky ways you could create the illusion of passing data in a redirect outside of a form post (such as returning a page containing a form and Javascript to immediately do a cross-domain form post) but the query string is the proper way of passing data in a GET request, so why try to hack around it?
If you must perform a redirect, you will need to pass some kind of information in the Query String, because that's how browser redirects work. You can be creative about how you pass it, though.
You could pass an error code, and have the consuming system know what various error codes mean.
You could pass a token, and have the consuming system know how to ask your system about the error information for the given token behind-the-scenes.
Also, if you have any flexibility around whether it's actually performing a redirect, you could use an AJAX request in the first place, and send back some kind of JSON object that the browser's javascript could interpret and send via a POST parameter or something like that.
A redirect is executed by most browsers as a GET, which means you'd have to put the data in the query string.
One trick (posted in two other answers) to do a "redirect" as a POST is to turn the response into a form that POSTs itself to the target site:
Response.Clear();
StringBuilder sb = new StringBuilder();
sb.Append("<html>");
sb.AppendFormat(#"<body onload='document.forms[""form""].submit()'>");
sb.AppendFormat("<form name='form' action='{0}' method='post'>",postbackUrl);
<!-- POST values go here -->
sb.AppendFormat("<input type='hidden' name='id' value='{0}'>", id);
sb.Append("</form>");
sb.Append("</body>");
sb.Append("</html>");
Response.Write(sb.ToString());
Response.End();
But I would read the comments on both to understand the limitations.
Basically there are two usual HTTP ways to send some data - GET and POST.
When you redirect to another URL with additional parameters, you make the client browser to send the GET request to the target server. Technically, your server responds to the browser with specific HTTP error code 307 + the URL to go (including the GET parameters).
Alternatively, you may want/need to make a POST request to the target URL. In that case you should respond with a simple HTML form, which consists of several hidden fields pre-filled with certain values. The form's action should point the target URL, method should be "POST", and of course your HTML should include javascript, which automatically submits the form once the document is loaded. This way the client browser would send the POST request instead of the GET one.
Is it possible to postback to the server, perform a function, and then continue that postback on to an external place? (ie, to a payment system)
(the scenario is clicking a button to place an order, mark it as sent, then send them off to the payment page (there are form variables that needs to be sent to the payment screen as well))
You can (probably) use Response.Redirect and send the posted variables to the external page as part of the querystring.
The variables will then be visible in the browser's address bar, but this is no less secure than posted form variables, just a bit uglier.
You need to ensure that the variables are tamper-proof regardless of how they're submitted to the payment page. You should consult the payment provider's documentation to figure out how to do this.
Instead of thinking "continue that postback", if you want to send these values to a payment page, you can store them in session state and access them on that payment page. It's not a "postback" if you're transferring control to a different page.
UPDATE
Since it's Worldpay payment service, you need to check their API and perhaps contact them.
Securely submitting form data to Worldpay using ASP.NET
Google Search on ASP.NET and Worldpay
Similar question on SO
Yes, you could do that. Once the postback loads, output an HTML form that occurs outside of the default ASP.net form, and use javascript to automatically submit that form once the page has loaded.
You could do this entirely as a javascript solution (and update the div outside the asp.net form) or you could overwrite the rendering method of the page itself.
A work around if the two are on different page. This is just skeleton
try
{
Response.Redirect(To your order page);
Process your data
try
{
Response.redirect to WorldPay
Do Payment
}
catch
{
to original page
}
}
Catch
{
Reposne.Redirect to origin page
}
I'd try to use the URL API to accomplish this. I'm not sure if this is the right part of the API though.
http://www.rbsworldpay.com/support/kb/bg/htmlredirect/rhtml.html#rhtml5207.html
Edit: I see they are passing the price on the query string. Hopefully that's not susceptible to manipulation....
I am developing a small application in asp.net (writing in c#).
In my application I am using jquery to perform asynchronous call to the server.
I have an http handler that listens in to the requests and does what it needs to do.
Problems start when in the handler I need to access information stored in the page , from where the asynchronous call started. When I try this:
Page page = HttpContext.Current.Handler as Page;
I don't get a page.
How else can I access the page itself?
Thank you
You have a slight design issue. The Page class IS an HttpHandler. It is in fact the default HttpHandler that handles requests. When you define your own HttpHandler, there is no Page class... and hence no Master either.
If you need to access information from a different page, you need to do that via the normal ASP.NET mechanisms... Session, Cache, etc.
You can create new instance of page.
SomePage page = new SomePage();
I have a simple ASP.NET MVC application. When the first action method is run it stores some data in the Session variable. On the resulting view I have a jquery ajax call triggered by a button to another action method.
When I click the button a different session id is used at the server side, it's a bit random. There is sometimes a gap of a second or so between starting and clicking the button and the Session ID still changes. This breaks the app as it tries to retrieve the data stored by the first action method.
Any idea what's going on? Both requests are to the same URL.
I see method one instantiate a new session with Id X and store the data.
Immediately after loading the Jquery request fires. I see a different session cookie id on the request header.
I get an error "data not found"
Many thanks,
This is by design and ASP.NET tries to be efficient in storing sessions for users. Remember unless you store anything in session the session value changes.
If you want to tell ASP.NET that you want it to track user sessions, you can do one of 2 things:
Store something in the session.
Simple handle the Session_Start event in your GLobal.asax. The presence of this method will tell ASP.NET to track sessions , even if there is no data in the session..
// NOTE: There is no need to add any thing to session if you are doing this...
public void Session_Start(object sender, EventArgs e)
{
}
This behavior had caused me much worry in the past :)
Are all your AJAX calls using the same server name:
http://localhost/whatever
vs
http://machinename/whatever