I have a 5 ASPX page wizard.
Each one contains a SaveAndExit button that executes a C# function on a common static class. After saving, the C# code redirects to another page.
Is there a way for running javascript: alert('Data Saved'); after the saving, and before new page is Loaded.
You'll have to register a startup script on postback to do the alert. Then redirect via javascript after the alert.
You can't do it exactly like you want.
The C# code (server-side) can't run until the page has already posted back and unloaded from the browser. So by the time your server-side code is running the page doesn't even exist any more as far as the browser is concerned and it's too late to run your javascript code. This is true even in the middle of a post back, and even if the result of the post back will be the same page. That is why in certain circumstances ASP.Net pages can appear to flicker during post backs.
So you can't force a javascript alert after the data is saved without doing it via some kind of ajax call back-- and that's certainly one option. Another choice is to have the page to which you redirect show some kind of "data saved" message in certain circumstances; trigger it with something simple like a session variable or the value of hidden input on load so it's not obvious to the user.
But I think probably the best thing to do is nothing at all. It sounds like if the save fails you won't redirect. You'll probably even show some kind of error. If your user doesn't have enough confidence in your app that they don't trust it even when there's no error message and it's moved on to the next step, you're in trouble.
Vik, unless this is a homework I would highly suggest you don't.
JavaScript alert is very annoying to most users and seems completely useless in this case as explained by Joel Coehoorn.
If you insist on showing a message when it is saved then think of adding maybe a session variable and on the redirected page show the "Data saved" message at the top if the session variable exist and then delete the session variable.
Again though, as Joel Coehoorn said, you should definitely show a message if there is an error but redirecting should be all the "proof" they need that their data was saved.
Related
I know this has been asked a LOT of times, but I am really struggling having tried a lot of different potential solutions.
I have a c# ASP.net website page. There is a form on there with a submit button. all code is in the code behind page.
We do not get any spam submitted through the form because I have a capture element. Yet - spam bots have are scanning the page, getting the field names and posting straight to the page.
I only know this because I set the Application_Error to report any errors by email to me (in global.asax).
I have tried changing my field names - but they just pick up the new fields.
I have put <httpRuntime requestValidationMode="2.0" /> in the web.config.
In my page, I have EnableEventValidation="False"
But - as I said, the problem isn't allowing html in the post data, it's trying to stop spam bots from submitting DIRECTLY to the page. It's being triggered (I think) before the page even loads.
I'm running out of ideas here! I am blocking ip ranges every 10 minutes on our firewall. I cannot keep doing that!
Thanks for any help!
This is what you do: ignore it. Blocking IPs will just keep you running around in circles and is ultimately a waste of time.
If spam is not actually being submitted then you really don't have a problem. The framework is doing exactly what it is supposed to be doing.
Quite frankly, I wouldn't bother investigating an error message like that unless it was preventing an actual user from doing what they need to do.
If you really just want the errors to go away then you need to do the following:
Set EnableEventValidation="true"
Set ValidateRequest="false"
EnableEventValidate tells .net to see if the post came from clicking on a control that it had rendered. This should help prevent direct posts.
ValidateRequest tells .net whether to test the inputs for html and other "dangerous" characters. Turning it off will stop your error message.
If you are simply trying to get spammers to stop hitting your site: close the site down. As that is the ONLY reliable way of keeping a spammer off of it.
Have you tried a honeypot field?
Create an input field in your markup, but don't display it on the page. You can use css or other methods to hide it from users, as long as it still shows up in your page source.
Then, in your code-behind, check that the field is empty before processing anything. You know your real users can't see the field, or enter anything in it. Therefore if that field was filled in, you know that it was from a bot scanning your page, and you can ignore all the rest.
The idea is that spam bots can't resist filling in fields, but most aren't smart enough to determine if the field is actually visible in a browser, so you trick them into giving themselves away by filling in something they shouldn't.
FWIW, I've used this approach personally with decent success.
However, if ASP is rejecting the submissions and causing an error, that's a different problem. Do you need legitimate users to be able to submit markup in the field? If you don't, the framework is actually doing the right thing by protecting your site. In that case, I would just check for that particular error in your Application_Error method and ignore it.
Is there any event to identify that a page has been terminated in c#? I have a scenario where i need certain session variables to get removed when i navigate from page 'A' to any other page. Im not using response.redirect() to navigate to another page. So how will i know when i exit A?
Try the onbeforeunload event: It is fired just before the page is unloaded
Follow this link
https://web.archive.org/web/20211028110528/http://www.4guysfromrolla.com/demos/OnBeforeUnloadDemo1.htm
If you need some specific action getting from page A to page B. you should think about making a call to the server , do your stuff and then redirect to the page B.
otherwise you might work on the link client side, and make some JQuery call to the server while redirecting, so that receiving the call, the server is doing your stuff.
If you are looking for some general exit from a page, you are entering a world of pain.
There is no exact way to handle unload event of the page.
But you can writer some javascript as mentioned in above answer..
Thanks
Ik working on some project, and there is one main problem I have. I'm writing some code that is performing some actions on the web, like posting data. But what happens all the time: Javascript code on the pages reload the page, just after i posted data, so it will ask for confirmation. I just need to know, is there any way at all to do this? I'm using C# with WatIn. I've thought of some ways myself:
Disabling all message boxes, doesn't seem to work for this box.
Detect when the box shows up and then press cancel, but I don't know if that's possible?
Look in the Javascript code and when it tries to call the Reload method intercept that or something?
Some other setting that disables this auto-reload? (tried some thing called METAreload i think but didn't work)
Google doesn't give me the information I need, I have been searching on this for quite a while now. Someone knows how to get rid of this box blocking my program?
Ok, I finally fixed it myself. There was a javascript function that would make the page reload when the timer was at 0. Just by putting javascript in the URL bar i could replace that function bij an empty one, and now it won't reload anymore!
I am working on a project such that once a user is directed to a certain page, they receive a certain level of "authentication" and I wanted to remove this "authentication" if the user tried to navigate away from the page before they completed a form.
I was wondering if the is a way to get a method to call when redirecting away from a specific page that fit into the Page event life cycle (or a different one if you have suggestions)?
I am kind of new to C# and the .Net framework, so if this is not standard, then just tell me what would be the correct approach for this.
Thanks!
You could try using a PageMethod triggered by a JavaScript event. This needs a ScriptManager in the aspx.
Example:
JavaScript
function LeavePage(e) {
PageMethods.RevokeAuthentication();
}
window.onbeforeunload = LeavePage;
C# Code behind
[PageMethod]
public static void RevokeAuthentication()
{
// Do stuff here
}
However, this method is not foolproof. If the client's browser has scripting disabled the JavaScript will not run.
Perhaps a better method is to handle the authentication in a MasterPage with a Session. A MasterPage is similar to how PHP developers use includes.
E.g. OnLoad check page, if pageName allowed higher authentication, set it, else revoke it.
Your page will not know it is being navigated away from as it is effectively stateless. Once the page is generated by the C#, it is transmitted to the browser. The page does not "live" in the C#. Once generated, that's it.
You could use a session variable to track the user's "authentication" level. If they hit other pages, you can check the value of this variable and act accordingly. If they complete the form, you record that fact in the session.
Another option would be to use javascript to callback to the server when the user is leaving the page. This wouldn't act within the Page event life cycle as it will already be complete
Does this "authentication" exist for long? Do you need to persist it?
I have C# form in the site and want to prevent spam bots from filling it. The trick is, that I want to avoid CAPTHA or any other user input to avoid loosing a single registration.
Here are some techniques I have in my mind:
Hidden input field (question: is this still effective?)
Track time, since the first user input (focus on FirstName) till posting a form.. Humans will take more than 3 seconds to complete a form (even with auto-fill), where bots take a second or less to fill in registration and post it. (question: if I start timer with the first user input, when should I stop it?)
Put in the form tag a fake post url, or post form to itself, and only on Submit button click action to add a real post url with javascript. (question: wonder if new spam bots can cheat this?)
I would be glad to hear other techniques I could adopt, again, without using CAPTCHA, spam filters, form verifications and even validation. Thank you
would be good to have some sort of flash which asks you to reconnect dots (so that it is interactive and doesnt require typing), and when the user does it correctly, you can post with submit to check.
Never liked CAPTCHA, especially the wierd ones where even humans have problem intepreting it :)
A year ago there was a nice control for asp.net that put a hidden field on the form. With a javascript formula. Robots posted it back - and it wanted the result (stored the result first in the session). basically, as robots dont interpret the form in a browser (too slow).... ;) Most got just thrown out there.
Also, another tip: put in hidden fields for the email to address. Some (old)php forms use a mailer supportnig this. OBVIOUSLY only a robot fills that out ;) If not empty -> garbage.
Anyone else have any smart ideas? ;)
I would say stick with Captcha or a similar thing where the user has to type something in.
The problem with using JavaScript is that not everyone has javascript turned on and quite a few have it turned off for various reasons.
Now if you want to really track time, send a hidden form field with the server time filled in. When the postback occurs take the delta of that with the current time. Obviously if the field is missing then you know someone directly posted.