Search Results

Search found 66 results on 3 pages for 'returnurl'.

Page 1/3 | 1 2 3  | Next Page >

  • How to elegantly handle ReturnUrl when using UrlRewrite in ASP.NET 2.0 WebForms

    - by Brian Kim
    I have a folder with multiple .aspx pages that I want to restrict access to. I have added web.config to that folder with <deny users="?"/>. The problem is that ReturnUrl is auto-generated with physical path to the .aspx file while I'm using UrlRewrite. Is there a way to manipulate ReturnUrl without doing manual authentication check and redirection? Is there a way to set ReturnUrl from code-behind or from web.config? EDIT: The application is using ASP.NET 2.0 WebForms. I cannot use 3.5 routing. EDIT 2: It seems like 401 status code is never captured. It returns 302 for protected page and redirects to login page with ReturnUrl. It does not return 401 for protected page. Hmm... Interesting... Ref: http://msdn.microsoft.com/en-us/library/aa480476.aspx This makes things harder... I might have to write reverse rewrite mapping rules to regex match ReturnUrl and replace it if it doesn't return 401... If it does return 401 I can either set RawUrl to Response.RedirectLocation or replace ReturnUrl with RawUrl. Anyone else have any other ideas?

    Read the article

  • create manually parameter ReturnUrl

    - by user276640
    i have view like 'home/details/5', it can be access by anonymous user. but there is button, which can be pressed only by registered users. no problem, i can look into Request.IsAuthenticated , and if anonymous i show button login instead of secret button but the problem- when press login i can lose address and parameters of page. how can i create login button and pass a parameter ReturnUrl ? something like <%= Html.ActionLink("enter to buy", "LogOn", "Account", new { ReturnUrl = path to view with route value })%> i see only stupid solution <%= Html.ActionLink("enter to buy", "LogOn", "Account", new { ReturnUrl = "home/details/" + ViewContext.RouteData.Values["id"] })%> but i don't like to hard code names of controller

    Read the article

  • ASP.Net MVC ReturnUrl Practice

    - by Terry
    I have a question about the returnUrl querystring parameter that is appended by ASP.Net when attempted to hit a page that requires authentication. In looking at Microsoft NerdDinner Sample's LogOn action (along with every other 'sample authentication code' I see on the 'net), it just has the ReturnUrl parameter declared in the action's signature and uses it directly in a Redirect() call. However, back in the WebForms days and using Membership Controls, we use to use the FormsAuthentication.GetReturnUrl() call. Besides returning the 'default url' if no url was specified in the querystring, it also does a few security checks (Cross App Redirect and 'IsDangerousUrl()'). Are those no longer a concern or are all the sample 'log on' actions I'm seeing all over the 'net just ignoring those issues?

    Read the article

  • ReturnUrl = Default.aspx for MVC?

    - by Cynthia
    I'm trying to secure my entire MVC site, so before the Home controller, I added an [Authorize] attribute. Now if you run it from Visual Studio or navigate using the root URL (e.g. http://localhost:2897) it does redirect to the login page, as expected. However the URL in the address bar after redirection looks like this: http://localhost:2897/Account/LogOn?ReturnUrl=%2fdefault.aspx%3f I haven't tested this out, seeing as I have not implemented my authentication code. However, this looks like a big problem to me, since I do not have a default.aspx in my project! My authentication tag in the web.config looks like this: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880"/> </authentication> Why doesn't it pick up this route as the default ReturnUrl instead of default.aspx?

    Read the article

  • Check ReturnUrl is valid before redirecting

    - by Josh
    I'm using ASP.NET Membership and Form Authentication and before redirecting to the returnURL I wanted to validate it. For those unfamiliar with the workflow, basically if you request a page that requires that you are authenticated, you are redirected to a login page. In the URL string you'll see a parameter called returnURL, e.g. http://example.com/login.aspx?ReturnUrl=%2fprotected%2fdefault.aspx Whether you use this in a redirect such as Response.Redirect(returnURL) or indirectly through the FormsAuthentication.RedirectFromLoginPage method, it passes without validating returnURL. FormsAuthentication.RedirectFromLoginPage does have a security check that it is isn't leaving the domain, but that still doesn't stop someone from putting enough random characters to cause an error. I tried using System.IO.File.Exists(Server.MapPath(returnURL)) but given enough illegal characters it cause Server.MapPath to error. Note: URLEncoding doesn't work because we are not cleaning a parameter, but the primary URL. Any other suggestions for validating or cleaning the returnURL value?

    Read the article

  • ASP.NET MVC Login ReturnUrl always NULL?

    - by aherrick
    Using Forms Authentication in ASP.NET MVC when trying to log back into a site, it puts a ReturnUrl parameter in the query string. My Logon action method accepts a "returnUrl" string. However it seems that returnUrl string is always null, even when it is clearly in the query string. Any thoughts on why this might be the case or a possible fix?

    Read the article

  • ASP.NET MVC - HttpPost to ReturnURL after redirect

    - by JP
    Hello, I am writing an ASP.NET MVC 2.0 application which requires users to log in before placing a bid on an item. I am using an actionfilter to ensure that the user is logged in and, if not, send them to a login page and set the return url. Below is the code i use in my action filter. if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new RedirectResult(String.Concat("~/Account/LogOn","?ReturnUrl=",filterContext.HttpContext.Request.RawUrl)); return; } In my logon controller I validate the users credentials then sign them in and redirect to the return url FormsAuth.SignIn(userName, rememberMe); if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } My problem is that this will always use a Get (HttpGet) request whereas my original submission was a post (HttpPost) and should always be a post. Can anyone suggest a way of passing this URL including the HttpMethod or any workaround to ensure that the correct HttpMethod is used? Thanks in advance, JP

    Read the article

  • How to set the returnURL manually when using Ajax.ActionLink

    - by Roge
    I have this link @Ajax.ActionLink("create poll question", "CreatePoll", new { id = Model.DebateID }, new AjaxOptions { UpdateTargetId = "poll-entry-box", InsertionMode = InsertionMode.Replace, HttpMethod = "GET" }) which is pointing at a action with the [Authorize] Attribute. The login works, but the returnURL is empty so it just redirects to the index page. Is there some way to manually set the returnURL ? NOTE I am using the method described here http://haacked.com/archive/2011/10/04/prevent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx because the login page was loading inside my partial.

    Read the article

  • Problem Rewriting URL's from HTTPS to HTTP using IIS7 URL Rewriter, when using Webforms ReturnURL=

    - by theminesgreg
    I took Jeff's Re-write rules from this post and the HTTP to HTTPS conversion works great. However, going back to HTTP is giving me problems because of the ReturnUrl= in the URL (I'm using webforms). Here's an example of the url: https://localhost/Login.aspx?ReturnUrl=%2f Here's the rewrite rule I'm using: <rule name="HTTPS to HTTP redirect for all other pages" stopProcessing="true"> <match url="^login\.aspx$" ignoreCase="true" negate="true" /> <conditions> <add input="{SERVER_PORT}" pattern="^443$" /> </conditions> <action type="Redirect" redirectType="Found" url="http://{HTTP_HOST}{REQUEST_URI}" /> </rule> Here's the resulting re-written URL: http://localhost/,/ Has anyone found a work around for this?

    Read the article

  • How to set the ReturnUrl for the Login link in MVC 3 app?

    - by user762196
    using System; using Microsoft.Practices.Unity; namespace <MyNameSpace> { public class UrlFactory { public static UrlFactory Current { get { return HttpApplicationUnityContext.Current.Resolve<UrlFactory>(); } } public string GetLoginUrl() { return String.Format("{0}/login?ReturnUrl={1}", MyConfig.BaseHttpUrl, <GET_PAGE_URL>); } } The user can be on any page on the site and click the Login link. But the ReturnUrl must always point to the exact page where he clicked it. I must take the user back to the page he clicked the login link. In my code above, how do I get the page url in <GET_PAGE_URL>? Thanks

    Read the article

  • ASP.NET MVC Return to Previous Page

    - by Jason Enochs
    I have a basic Edit method in my controller that redirects back to a top level listing (“Index”) when the edit succeeds. Standard setup after scaffolding. I am trying to change this Edit method to redirect back to the previous page (not Index). Since my Edit method is not using the default mapped input parameter “id”, I am using that to pass the previous URL. In my Edit “get” method, I use this line to grab the previous URL and it works fine: ViewBag.ReturnUrl = Request.UrlReferrer.AbsoluteUri; I send this return URL to the Edit “post” method by using my form tag like this: @using (Html.BeginForm(new { id = ViewBag.ReturnUrl })) Now this is where the wheels fall off. I can't seem to get the URL parsed from the id parameter properly. UPDATE**** Using Gary's example as a guide, I changing my parameter name from "id" to "returnUrl" and used a hidden field to pass my parameter. Lesson: Only use the id parameter how it was intended to be used...keep it simple. It works now... Here is my updated code. // // GET: /Question/Edit/5 public ActionResult Edit(int id) { Question question = db.Questions.Find(id); ViewBag.DomainId = new SelectList(db.Domains, "DomainId", "Name", question.DomainId); ViewBag.Answers = db.Questions .AsEnumerable() .Select(d => new SelectListItem { Text = d.Text, Value = d.QuestionId.ToString(), Selected = question.QuestionId == d.QuestionId }); ViewBag.returnUrl = Request.UrlReferrer; ViewBag.ExamId = db.Domains.Find(question.DomainId).ExamId; ViewBag.IndexByQuestion = string.Format("IndexByQuestion/{0}", question.QuestionId); return View(question); } // // POST: /Question/Edit/5 [HttpPost] public ActionResult Edit(Question question, string returnUrl) { int ExamId = db.Domains.Find(question.DomainId).ExamId; if (ModelState.IsValid) { db.Entry(question).State = EntityState.Modified; db.SaveChanges(); //return RedirectToAction("Index"); return Redirect(returnUrl); } ViewBag.DomainId = new SelectList(db.Domains, "DomainId", "Name", question.DomainId); return View(question); } and I changed my form tag to this: @using (Html.BeginForm()) { <input type="hidden" name="returnUrl" value="@ViewBag.returnUrl" /> Thanks Gary

    Read the article

  • Can't explain why not redirecting after login using RedirectFromLogin

    - by Blankman
    I am using ASP.NET MVC, on my login action I am doing: [AcceptVerbs("POST")] public ActionResult Login(FormCollection form) { User validatedUser = // tests username/pwd here. FormsAuthentication.RedirectFromLoginPage( validatedUser.ID.ToString(), rememberMe); if(String.IsNullOrEmpty(Request["ReturnUrl"])) string redirectUrl = Request["ReturnUrl"]; if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) string redirectUrl = Request["ReturnUrl"]; } My url looks like this when I am on the login page: http://localhost:56112/user/login?ReturnUrl=/admin/settings Does anything look wrong here? My web.config: <authentication mode="Forms"> <forms loginUrl="/user/login" protection="All" timeout="30" name="SomeCookie" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" />

    Read the article

  • Object Moved error while consuming a webservice

    - by NandaGopal
    Hi - I've a quick question and request you all to respond soon. I've developed a web service with Form based authentication as below. 1.An entry in web.config as below. 2.In Login Page user is validate on button click event as follows. if (txtUserName.Text == "test" && txtPassword.Text == "test") { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, // Ticket version txtUserName.Text,// Username to be associated with this ticket DateTime.Now, // Date/time ticket was issued DateTime.Now.AddMinutes(50), // Date and time the cookie will expire false, // if user has chcked rememebr me then create persistent cookie "", // store the user data, in this case roles of the user FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any. string hashCookies = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket Response.Cookies.Add(cookie); string returnUrl = Request.QueryString["ReturnUrl"]; if (returnUrl == null) returnUrl = "~/Default.aspx"; Response.Redirect(returnUrl); } 3.Webservice has a default webmethod. [WebMethod] public string HelloWorld() { return "Hello World"; } 4.From a webApplication I am making a call to webservice by creating proxy after adding the webreferance of the above webservice. localhost.Service1 service = new localhost.Service1(); service.AllowAutoRedirect = false; NetworkCredential credentials = new NetworkCredential("test", "test"); service.Credentials = credentials; string hello = service.HelloWorld(); Response.Write(hello); and here while consuming it in a web application the below exception is thrown from webservice proxy. -- Object moved Object moved to here. --. Could you please share any thoughts to fix it?

    Read the article

  • How to avoid open-redirect vulnerability and safely redirect on successful login (HINT: ASP.NET MVC

    - by Brad B.
    Normally, when a site requires that you are logged in before you can access a certain page, you are taken to the login screen and after successfully authenticating yourself, you are redirected back to the originally requested page. This is great for usability - but without careful scrutiny, this feature can easily become an open redirect vulnerability. Sadly, for an example of this vulnerability, look no further than the default LogOn action provided by ASP.NET MVC 2: [HttpPost] public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); // open redirect vulnerability HERE } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "User name or password incorrect..."); } } return View(model); } If a user is successfully authenticated, they are redirected to "returnUrl" (if it was provided via the login form submission). Here is a simple example attack (one of many, actually) that exploits this vulnerability: Attacker, pretending to be victim's bank, sends an email to victim containing a link, like this: http://www.mybank.com/logon?returnUrl=http://www.badsite.com Having been taught to verify the ENTIRE domain name (e.g., google.com = GOOD, google.com.as31x.example.com = BAD), the victim knows the link is OK - there isn't any tricky sub-domain phishing going on. The victim clicks the link, sees their actual familiar banking website and is asked to logon Victim logs on and is subsequently redirected to http://www.badsite.com which is made to look exactly like victim's bank's website, so victim doesn't know he is now on a different site. http://www.badsite.com says something like "We need to update our records - please type in some extremely personal information below: [ssn], [address], [phone number], etc." Victim, still thinking he is on his banking website, falls for the ploy and provides attacker with the information Any ideas on how to maintain this redirect-on-successful-login functionality yet avoid the open-redirect vulnerability? I'm leaning toward the option of splitting the "returnUrl" parameter into controller/action parts and use "RedirectToRouteResult" instead of simply "Redirect". Does this approach open any new vulnerabilities? Side note: I know this open-redirect may not seem to be a big deal compared to the likes of XSS and CSRF, but us developers are the only thing protecting our customers from the bad guys - anything we can do to make the bad guys' job harder is a win in my book. Thanks, Brad

    Read the article

  • Intellitrace bug causes &ldquo;Operation could destabilize the runtime&rdquo; exception

    - by Magnus Karlsson
    We cant use it when we use simplemembership to handle external authorizations.   Server Error in '/' Application. Operation could destabilize the runtime. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.VerificationException: Operation could destabilize the runtime. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [VerificationException: Operation could destabilize the runtime.] DotNetOpenAuth.OpenId.Messages.IndirectSignedResponse.GetSignedMessageParts(Channel channel) +943 DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement.GetExtensionsDictionary(IProtocolMessage message, Boolean ignoreUnsigned) +282 DotNetOpenAuth.OpenId.ChannelElements.<GetExtensions>d__a.MoveNext() +279 DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement.ProcessIncomingMessage(IProtocolMessage message) +594 DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) +933 DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) +326 DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestBase httpRequest) +1343 DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestBase httpRequestInfo) +241 DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse() +361 DotNetOpenAuth.AspNet.Clients.OpenIdClient.VerifyAuthentication(HttpContextBase context) +136 DotNetOpenAuth.AspNet.OpenAuthSecurityManager.VerifyAuthentication(String returnUrl) +984 Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthenticationCore(HttpContextBase context, String returnUrl) +333 Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthentication(String returnUrl) +192 PrioMvcWebRole.Controllers.AccountController.ExternalLoginCallback(String returnUrl) in c:hiddenforyou lambda_method(Closure , ControllerBase , Object[] ) +127 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +250 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39 System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +87 System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +439 System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +439 System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +15 System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +34 System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +221 System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +523 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +176 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

    Read the article

  • ASP.NET Login Page Redirection Problem

    - by Daniel
    Hello everyone! I'm building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled website. For security, I put my silverlight page inside a Members folder in the ASP.NET Web Application, and restricted access from anonymous users.(see web.config below) when users try to access pages under Members folder, they get redirected to https://www.ssldemo.com/authenticationtest/login.aspx. (see web.config below) (I've mapped www.ssldemo.com to 127.0.0.1). for security, I'm switching to HTTPS in login.aspx, and back to HTTP after validation. below is the code for login.aspx.cs. protected void Page_Load(object sender, EventArgs e) { LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn); } void LoginControl_LoggedIn(object sender, EventArgs e) { //for going to ReturnURL & switching back to HTTP string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]); string returnURL = Request["ReturnURL"]; Response.Redirect(ResolveClientUrl("http://" + serverName + returnURL)); } The problem is, when I deploy another application to http://www.ssldemo.com/authenticationtest/members/AnotherApplication/ and open http://www.ssldemo.com/authenticationtest/members/AnotherApplication/default.aspx, Users get redirected to https://www.ssldemo.com/authenticationtest/login.aspx?ReturnUrl=%2fauthenticationtest%2fmembers%2fanotherapplication%2fdefault.aspx. but even when I enter the correct credentials at login page, I get redirected to the same login page again, not to the ReturnUrl. when I looked into fiddler, it said '302 object moved to here.' Thank you for reading! Any input will be much appreciated. <configuration> <connectionStrings> <add name="CompanyDatabase" connectionString="Data Source=192.168.0.2;Initial Catalog=SomeTable;User ID=Username;Password=P@ssword" /> </connectionStrings> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms slidingExpiration="true" timeout="15" loginUrl="https://www.ssldemo.com/authenticationtest/login.aspx" defaultUrl="~/Members/Default.aspx" > </forms> </authentication> <!--Custom Membership Provider--> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="MyMembershipProvider" type="AuthenticationTest.Web.MyMembershipProvider" connectionStringName="CompanyDatabase" applicationName="AuthenticationTest.Web"/> </providers> </membership> </system.web> <!--securing folders--> <location path="Members"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> </configuration>

    Read the article

  • ASP.NET MVC SSL POST Error

    - by RyanFetz
    I have a Logon page in a MVC (1.0) application that I am securing with SSL, I have an attribute that inspects the request for the page and redirects to a https uri when it is requested with http. This all works, however when I post the form content i get the following error: The parameters dictionary contains a null entry for parameter 'rememberMe' of non-nullable type 'System.Boolean' for method 'System.Web.Mvc.ActionResult LogOn(System.String, System.String, Boolean, System.String)' in 'DAC.US.Web.Portal.Controllers.AccountController'. To make a parameter optional its type should be either a reference type or a Nullable type. Parameter name: parameters here is the controller code... // // GET: /Account/LogOn [RequiresSSL] public ActionResult LogOn(string ReturnUrl) { if (TempData["Message"] != null) ViewData["Message"] = TempData["Message"]; TempData["Message"] = null; ViewData["ReturnUrl"] = ReturnUrl ?? "/Home"; return View(); } Again, the RequireSSL Attribute works, but the POST from that SSL uri does not. What is not working?

    Read the article

  • Regex negative lookahead

    - by Alyn
    I need to modify this regex href=\"(.*)\" which matches this... href="./pothole_locator_map.aspx?lang=en-gb&lat=53.153977&lng=-3.533306" To NOT match this... href="./pothole_locator_map.aspx?lang=en-gb&lat=53.153977&lng=-3.533306&returnurl=AbandonedVehicles.aspx" Tried this, but with no luck href=\"(.*)\"(?!&returnurl=AbandonedVehicles.aspx) Any help would be much appreciated. Thanks, Al.

    Read the article

  • OAuthWebSecurity.VerifyAuthentication IsSuccessful returns false how do I to determine the reason?

    - by Eonasdan
    I'm using DotNetOpenAuth with a MVC 4 application. All the sudden Google auth is failing (MS is working). The stock code does this: [AllowAnonymous] public ActionResult ExternalLoginCallback(string returnUrl) { var result = OAuthWebSecurity.VerifyAuthentication(Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl })); if (!result.IsSuccessful) { return RedirectToAction("ExternalLoginFailure"); } I know that result.IsSuccessful is false, but how do I get the reason? result.Error is null. I also looked at this page to use log4net. I do get a log on the local dev box but not when I deploy it to a remote server. log4net webconfig: <log4net> <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender"> <file value="RelyingParty.log" /> <appendToFile value="true" /> <rollingStyle value="Size" /> <maxSizeRollBackups value="10" /> <maximumFileSize value="100KB" /> <staticLogFileName value="true" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" /> </layout> </appender> <!-- Setup the root category, add the appenders and set the default level --> <root> <level value="INFO" /> <appender-ref ref="RollingFileAppender" /> </root> <!-- Specify the level for some specific categories --> <logger name="DotNetOpenAuth"> <level value="ALL" /> </logger> </log4net> Edit I also tried log4net to a sql db but it still didn't log anything

    Read the article

  • Div click and AUTOCOMPLETE password dialog problem

    - by ticky
    And what if you want to autocomplete passwords? I am using similar thing here... I am using Div (id=loginButton) and it has some image - I don't want button control in MVC application (), neither image button. I have hidden input control which is hidden button actually (id=submit_btn). So, on div's (id=loginButton) click, I want to call hidden input control (id=submit_btn) and it's submit action. HTML: <div id="loginButton" > </div> <input type="submit" style="display:none" name="submit" id="submit_btn" /> And JQuery: $(document).ready(function() { $('#loginButton').click(function() { $('#LoginForm').submit(); }); $("form[action$='HandleLoginForm']").submit(function() { Login(); return false; }); return false; }); Function Login() is working with Ajax, without downloading file dialog, but I need also auto complete passwords dialog. function Login() { var urlData = $("#LoginForm").serialize(); if (returnUrl != "") { urlData = $("#LoginForm").serialize() + "&returnUrl=" + returnUrl; } $.ajax({ url: $("#LoginForm").attr("action"), type: "POST", data: urlData, dataType: "json", success: function(result) { if (result.Content != null) { if (result.Valid) { window.location = result.Content.toString(); } else { document.body.innerHTML = result.Content.toString(); } } } }); return false; } It is easy when you use only <input type="submit"> instead of DIV. Form knows that it is for auto completing passwords, but if I use div and force hidden button click like in the code from below, it doesn't show autocomplete password dialog. $('#submit_btn').click(); It will not work. User is logged in, but no reminding for browser to store password. I need this.

    Read the article

  • PayPal express checkout on the shopping cart

    - by Noam Smadja
    i wish to achieve: so in my shopping cart page i set session("Payment_Amount") = total and downloaded both asp files the wizard told me. expresschecout.asp and paypalfunctions.asp. and added the API credentials to the corect place. and i add the form from their wizard: <form action='expresscheckout.asp' METHOD='POST'> <input type='image' name='submit' src='https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif' border='0' align='top' alt='Check out with PayPal'/> </form> But when i go to my shopping cart and press on the paypal submit button i am taken to expressheckout.asp but the page stays whit, saying Done in the status bar. how can i debug that? :/ EDIT ADDED MY CODE, ASP: <!-- #include file ="paypalfunctions.asp" --> <% ' ================================== ' PayPal Express Checkout Module ' ================================== On Error Resume Next '------------------------------------ ' The paymentAmount is the total value of ' the shopping cart, that was set ' earlier in a session variable ' by the shopping cart page '------------------------------------ paymentAmount = Session("Payment_Amount") '------------------------------------ ' The currencyCodeType and paymentType ' are set to the selections made on the Integration Assistant '------------------------------------ currencyCodeType = "USD" paymentType = "Sale" '------------------------------------ ' The returnURL is the location where buyers return to when a ' payment has been succesfully authorized. ' ' This is set to the value entered on the Integration Assistant '------------------------------------ returnURL = "http://www.noamsm.co.il/index.asp" '------------------------------------ ' The cancelURL is the location buyers are sent to when they click the ' return to XXXX site where XXX is the merhcant store name ' during payment review on PayPal ' ' This is set to the value entered on the Integration Assistant '------------------------------------ cancelURL = "http://www.noamsm.co.il/index.asp" '------------------------------------ ' Calls the SetExpressCheckout API call ' ' The CallShortcutExpressCheckout function is defined in the file PayPalFunctions.asp, ' it is included at the top of this file. '------------------------------------------------- Set resArray = CallShortcutExpressCheckout (paymentAmount, currencyCodeType, paymentType, returnURL, cancelURL) ack = UCase(resArray("ACK")) If ack="SUCCESS" Then ' Redirect to paypal.com ReDirectURL( resArray("TOKEN") ) Else 'Display a user friendly Error on the page using any of the following error information returned by PayPal ErrorCode = URLDecode( resArray("L_ERRORCODE0")) ErrorShortMsg = URLDecode( resArray("L_SHORTMESSAGE0")) ErrorLongMsg = URLDecode( resArray("L_LONGMESSAGE0")) ErrorSeverityCode = URLDecode( resArray("L_SEVERITYCODE0")) End If %> i am guessing i am getting one of the errors from the bottom but cant find where to see thm..

    Read the article

  • MVC3 html.TextBox

    - by BigTommy79
    I have login view that takes a LoginPageViewModel: public class LoginPageViewModel : PageViewModel { public string ReturnUrl { get; set; } public bool PreviousLoginFailed { get; set; } public LoginFormViewModel EditForm { get; set; } } which is rendered in the view. When a user tries to log in I only want to post the LoginFormViewModel (Model.EditForm) to the controller: public ActionResult Login(LoginFormViewModel loginDetails) { //do stuff } Using Html.TextBox I can specify the name of the form field manually 'loginDetails.UserName' and post back to the controller and everything works. @model Web.Controllers.User.ViewModels.LoginPageViewModel @using (Html.BeginForm()){ @Html.Hidden("loginDetails.ReturnUrl", Model.ReturnUrl) @Html.LabelFor(x => x.EditForm.UserName, "User Name:") @Html.TextBox("loginDetails.UserName", Model.EditForm.UserName) @Html.ValidationMessageFor(x => x.EditForm.UserName) ..... But what I want to do is to use the staticaly typed helper, something like: @Html.TextBoxFor(x => x.EditForm.UserName) But I'm unable to get this to work. Are you only able to post back the same model when useing the strongly typed helpers? Is there something I'm missing on this? Intellisense doesn't seem to give any clues such as a form field string.

    Read the article

  • URL Rewrite – Multiple domains under one site. Part II

    - by OWScott
    I believe I have it … I’ve been meaning to put together the ultimate outgoing rule for hosting multiple domains under one site.  I finally sat down this week and setup a few test cases, and created one rule to rule them all.  In Part I of this two part series, I covered the incoming rule necessary to host a site in a subfolder of a website, while making it appear as if it’s in the root of the site.  Part II won’t work without applying Part I first, so if you haven’t read it, I encourage you to read it now. However, the incoming rule by itself doesn’t address everything.  Here’s the problem … Let’s say that we host www.site2.com in a subfolder called site2, off of masterdomain.com.  This is the same example I used in Part I.   Using an incoming rewrite rule, we are able to make a request to www.site2.com even though the site is really in the /site2 folder.  The gotcha comes with any type of path that ASP.NET generates (I’m sure other scripting technologies could do the same too).  ASP.NET thinks that the path to the root of the site is /site2, but the URL is /.  See the issue?  If ASP.NET generates a path or a redirect for us, it will always add /site2 to the URL.  That results in a path that looks something like www.site2.com/site2.  In Part I, I mentioned that you should add a condition where “{PATH_INFO} ‘does not match’ /site2”.  That allows www.site2.com/site2 and www.site2.com to both function the same.  This allows the site to always work, but if you want to hide /site2 in the URL, you need to take it one step further. One way to address this is in your code.  Ultimately this is the best bet.  Ruslan Yakushev has a great article on a few considerations that you can address in code.  I recommend giving that serious consideration.  Additionally, if you have upgraded to ASP.NET 3.5 SP1 or greater, it takes care of some of the references automatically for you. However, what if you inherit an existing application?  Or you can’t easily go through your existing site and make the code changes?  If this applies to you, read on. That’s where URL Rewrite 2.0 comes in.  With URL Rewrite 2.0, you can create an outgoing rule that will remove the /site2 before the page is sent back to the user.  This means that you can take an existing application, host it in a subfolder of your site, and ensure that the URL never reveals that it’s in a subfolder. Performance Considerations Performance overhead is something to be mindful of.  These outbound rules aren’t simply changing the server variables.  The first rule I’ll cover below needs to parse the HTML body and pull out the path (i.e. /site2) on the way through.  This will add overhead, possibly significant if you have large pages and a busy site.  In other words, your mileage may vary and you may need to test to see the impact that these rules have.  Don’t worry too much though.  For many sites, the performance impact is negligible. So, how do we do it? Creating the Outgoing Rule There are really two things to keep in mind.  First, ASP.NET applications frequently generate a URL that adds the /site2 back into the URL.  In addition to URLs, they can be in form elements, img elements and the like.  The goal is to find all of those situations and rewrite it on the way out.  Let’s call this the ‘URL problem’. Second, and similarly, ASP.NET can send a LOCATION redirect that causes a redirect back to another page.  Again, ASP.NET isn’t aware of the different URL and it will add the /site2 to the redirect.  Form Authentication is a good example on when this occurs.  Try to password protect a site running from a subfolder using forms auth and you’ll quickly find that the URL becomes www.site2.com/site2 again.  Let’s term this the ‘redirect problem’. Solving the URL Problem – Outgoing Rule #1 Let’s create a rule that removes the /site2 from any URL.  We want to remove it from relative URLs like /site2/something, or absolute URLs like http://www.site2.com/site2/something.  Most URLs that ASP.NET creates will be relative URLs, but I figure that there may be some applications that piece together a full URL, so we might as well expect that situation. Let’s get started.  First, create a new outbound rule.  You can create the rule within the /site2 folder which will reduce the performance impact of the rule.  Just a reminder that incoming rules for this situation won’t work in a subfolder … but outgoing rules will. Give it a name that makes sense to you, for example “Outgoing – URL paths”. Precondition.  If you place the rule in the subfolder, it will only run for that site and folder, so there isn’t need for a precondition.  Run it for all requests.  If you place it in the root of the site, you may want to create a precondition for HTTP_HOST = ^(www\.)?site2\.com$. For the Match section, there are a few things to consider.  For performance reasons, it’s best to match the least amount of elements that you need to accomplish the task.  For my test cases, I just needed to rewrite the <a /> tag, but you may need to rewrite any number of HTML elements.  Note that as long as you have the exclude /site2 rule in your incoming rule as I described in Part I, some elements that don’t show their URL—like your images—will work without removing the /site2 from them.  That reduces the processing needed for this rule. Leave the “matching scope” at “Response” and choose the elements that you want to change. Set the pattern to “^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*)”.  Make sure to replace ‘site2’ with your subfolder name in both places.  Yes, I realize this is a pretty messy looking rule, but it handles a few situations.  This rule will handle the following situations correctly: Original Rewritten using {R:1}{R:2} http://www.site2.com/site2/default.aspx http://www.site2.com/default.aspx http://www.site2.com/folder1/site2/default.aspx Won’t rewrite since it’s a sub-sub folder /site2/default.aspx /default.aspx site2/default.aspx /default.aspx /folder1/site2/default.aspx Won’t rewrite since it’s a sub-sub folder. For the conditions section, you can leave that be. Finally, for the rule, set the Action Type to “Rewrite” and set the Value to “{R:1}{R:2}”.  The {R:1} and {R:2} are back references to the sections within parentheses.  In other words, in http://domain.com/site2/something, {R:1} will be http://domain.com and {R:2} will be /something. If you view your rule from your web.config file (or applicationHost.config if it’s a global rule), it should look like this: <rule name="Outgoing - URL paths" enabled="true"> <match filterByTags="A" pattern="^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> Solving the Redirect Problem Outgoing Rule #2 The second issue that we can run into is with a client-side redirect.  This is triggered by a LOCATION response header that is sent to the client.  Forms authentication is a common example.  To reproduce this, password protect your subfolder and watch how it redirects and adds the subfolder path back in. Notice in my test case the extra paths: http://site2.com/site2/login.aspx?ReturnUrl=%2fsite2%2fdefault.aspx I want to remove /site2 from both the URL and the ReturnUrl querystring value.  For semi-readability, let’s do this in 2 separate rules, one for the URL and one for the querystring. Create a second rule.  As with the previous rule, it can be created in the /site2 subfolder.  In the URL Rewrite wizard, select Outbound rules –> “Blank Rule”. Fill in the following information: Name response_location URL Precondition Don’t set Match: Matching Scope Server Variable Match: Variable Name RESPONSE_LOCATION Match: Pattern ^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*) Conditions Don’t set Action Type Rewrite Action Properties {R:1}{R:2} It should end up like so: <rule name="response_location URL"> <match serverVariable="RESPONSE_LOCATION" pattern="^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> Outgoing Rule #3 Outgoing Rule #2 only takes care of the URL path, and not the querystring path.  Let’s create one final rule to take care of the path in the querystring to ensure that ReturnUrl=%2fsite2%2fdefault.aspx gets rewritten to ReturnUrl=%2fdefault.aspx. The %2f is the HTML encoding for forward slash (/). Create a rule like the previous one, but with the following settings: Name response_location querystring Precondition Don’t set Match: Matching Scope Server Variable Match: Variable Name RESPONSE_LOCATION Match: Pattern (.*)%2fsite2(.*) Conditions Don’t set Action Type Rewrite Action Properties {R:1}{R:2} The config should look like this: <rule name="response_location querystring"> <match serverVariable="RESPONSE_LOCATION" pattern="(.*)%2fsite2(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> It’s possible to squeeze the last two rules into one, but it gets kind of confusing so I felt that it’s better to show it as two separate rules. Summary With the rules covered in these two parts, we’re able to have a site in a subfolder and make it appear as if it’s in the root of the site.  Not only that, we can overcome automatic redirecting that is caused by ASP.NET, other scripting technologies, and especially existing applications. Following is an example of the incoming and outgoing rules necessary for a site called www.site2.com hosted in a subfolder called /site2.  Remember that the outgoing rules can be placed in the /site2 folder instead of the in the root of the site. <rewrite> <rules> <rule name="site2.com in a subfolder" enabled="true" stopProcessing="true"> <match url=".*" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTP_HOST}" pattern="^(www\.)?site2\.com$" /> <add input="{PATH_INFO}" pattern="^/site2($|/)" negate="true" /> </conditions> <action type="Rewrite" url="/site2/{R:0}" /> </rule> </rules> <outboundRules> <rule name="Outgoing - URL paths" enabled="true"> <match filterByTags="A" pattern="^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> <rule name="response_location URL"> <match serverVariable="RESPONSE_LOCATION" pattern="^(?:site2|(.*//[_a-zA-Z0-9-\.]*)?/site2)(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> <rule name="response_location querystring"> <match serverVariable="RESPONSE_LOCATION" pattern="(.*)%2fsite2(.*)" /> <action type="Rewrite" value="{R:1}{R:2}" /> </rule> </outboundRules> </rewrite> If you run into any situations that aren’t caught by these rules, please let me know so I can update this to be as complete as possible. Happy URL Rewriting!

    Read the article

  • How to get HandleUnauthorizedRequest to return correct url?

    - by Jova
    I'm writing a custom AuthorizeAttribute which should redirect unauthorized users to the login page. My HandleUnauthorizedRequest method looks like this, protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { RouteValueDictionary returnRoute = new RouteValueDictionary(); returnRoute["controller"] = "Account"; returnRoute["action"] = "Login"; returnRoute["returnUrl"] = filterContext.HttpContext.Request.Url.AbsolutePath; filterContext.Result = new RedirectToRouteResult(returnRoute); } Unfortunately it's not working properly as the returning url looks like this, www.mydomain.com/?controller=Account&action=Login&returnUrl=%2FUser%2FEditProfile%2FUsername What is the reason for this and how do I correct it?

    Read the article

1 2 3  | Next Page >