Access js localStorage stored value in VB.Net - vb.net

I have a login page that stores a few values to localStorage (html5) then continues to a VB.Net page. I am looking for a method in VB that can read back those stored values and make them VB vars. Any ideas?

The VB.NET code-behind is running on the server and has no direct access to the local storage API of the browser.
You can, however, easily fill some hidden fields on the login page, using JavaScript, which will be posted on submit and can be read from the code-behind of the .NET page.
Something like this (not tested):
this.document.getElementById("HIDDEN_FIELD_ID").value = localStorage.STORED_VALUE;
...
<input type="hidden" id="HIDDEN_FIELD_ID" />
...
On the .NET page the value can be read like:
Request.Form("HIDDEN_FIELD_ID")
(There are other ways, but this one is easy to grasp.)
Be aware that login data in localStorage can be accessed (and modified) by the user, so make sure you are not creating a security risk.

This sample uses the above concept with VB Code:
Here is the html body element:
<body>
<form id="form1" runat="server">
<asp:HiddenField ID="hfLoaded" runat="server" />
<asp:HiddenField ID="hfLocalStorage" runat="server" />
</form>
<script type="text/javascript">
// Load LocalStorage
localStorage.setItem('strData', 'Local storage string to put into code behind');
function sendLocalStorageDataToServer()
{
// This function puts the localStorage value in the hidden field and submits the form to the server.
document.getElementById('<%=hfLocalStorage.ClientID%>').value = localStorage.getItem('strData');
document.getElementById('<%=form1.ClientID%>').submit();
}
// This checks to see if the code behind has received the value. If not, calls the function above.
if (document.getElementById('<%=hfLoaded.ClientID%>').value != 'Loaded')
sendLocalStorageDataToServer();
</script>
Here is the page load event:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim s As String
s = hfLocalStorage.Value
'This next line prevents the javascript from submitting the form again.
hfLoaded.Value = "Loaded"
End Sub
Now your code behind has the localStorage value available to it.

Related

How to populate login textbox UserName (not present in designer file) from a session variable?

A question from a beginner without English as mother language.
I have a Login.aspx file, populated with one asp:HyperLink and one asp:Login. Inside the login control there are labels, textboxes, and validation procedures inside a layout template.
Inside the designer file, however, there are only hyperlink and login controls. The textbox UserName is absent as all other controls inside the Login control.
I want to populate UserName with a session variable at page load, i.e. UserName.text=Session("Fng").ToString but got error
'UserName' is not declared.
How to work around?
You could try to use Login.UserName property to access the textbox UserName.
I designed the following html.
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Login runat="server" ID="log">
</asp:Login>
<asp:button id="btnshowusername" Text="showusername" runat="server" OnClick="btnshowusername_Click"></asp:button>
</div>
</form>
</body>
</html>
VB.NET code:
Public Class WebForm1
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Session("UserName") = "user1"
End Sub
Protected Sub btnshowusername_Click(sender As Object, e As EventArgs)
log.UserName = Session("UserName")
End Sub
End Class
Tested result: When you click the button, the Session value is assigned to the textbox UserName.

onClick vb.net function but prevent postback for JavaScript

I have seen various examples that use a onClientClick to avoid postback.
However, I don't want this. I want to contain the linkbutton's links within vb.net code and prevent the page from performing a postback when clicked. The reason for this is when my page loads it sets the default show() and hide() div displays again which loses the user's current spot on the page when the new window opens. So how can I do this without causing the main page from resetting?
I have tried OnClientClick="javascript:return false;" but prevented user from clicking linkbutton.
I have also tried AutoPostBack = "false" and it didn't work
Attempted other ways as well. ... no luck... including trying HyperLink but those gave me issues too.
<asp:linkbutton ID="aCapShip" runat="server" OnClick="aCapShip_Click" style="text-decoration:none;" >
<i class="fa glyphicon glyphicon-plane fa-lg"></i> Cap Shipping <!--<span class="arrow"></span>-->
</asp:linkbutton>
JavaScript
$(document).ready(function () {
$("#shipping").show();
$("#Ul2List").hide();
$("#manufacture").hide();
$("#Ul1List").hide();
$("#reList").hide();
.........
VB.net
Protected Sub aCapShip_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim url As String = "http://dummyinfo/dummyinfo/dummyinfo.aspx"
Process.Start(url)
End Sub
So my work around is the following:
VB.net
If Not Page.IsPostBack Then
startUp()
End If
Public Sub startUp()
Response.Write("<SCRIPT LANGUAGE=""JavaScript"">startSort()<" & "/" & "SCRIPT>")
End Sub
JavaScript
$(function startSort() {
$("#shipping").show();
$("#Ul2List").hide();
$("#manufacture").hide();
$("#Ul1List").hide();
$("#reworkList").hide();
});

HTTP to HTTPS Redirect Causes POST to GET [duplicate]

We have the requirement to take a form submission and save some data, then redirect the user to a page offsite, but in redirecting, we need to "submit" a form with POST, not GET.
I was hoping there was an easy way to accomplish this, but I'm starting to think there isn't. I think I must now create a simple other page, with just the form that I want, redirect to it, populate the form variables, then do a body.onload call to a script that merely calls document.forms[0].submit();
Can anyone tell me if there is an alternative? We might need to tweak this later in the project, and it might get sort of complicated, so if there was an easy we could do this all non-other page dependent that would be fantastic.
Anyway, thanks for any and all responses.
Doing this requires understanding how HTTP redirects work. When you use Response.Redirect(), you send a response (to the browser that made the request) with HTTP Status Code 302, which tells the browser where to go next. By definition, the browser will make that via a GET request, even if the original request was a POST.
Another option is to use HTTP Status Code 307, which specifies that the browser should make the redirect request in the same way as the original request, but to prompt the user with a security warning. To do that, you would write something like this:
public void PageLoad(object sender, EventArgs e)
{
// Process the post on your side
Response.Status = "307 Temporary Redirect";
Response.AddHeader("Location", "http://example.com/page/to/post.to");
}
Unfortunately, this won't always work. Different browsers implement this differently, since it is not a common status code.
Alas, unlike the Opera and FireFox developers, the IE developers have never read the spec, and even the latest, most secure IE7 will redirect the POST request from domain A to domain B without any warnings or confirmation dialogs! Safari also acts in an interesting manner, while it does not raise a confirmation dialog and performs the redirect, it throws away the POST data, effectively changing 307 redirect into the more common 302.
So, as far as I know, the only way to implement something like this would be to use Javascript. There are two options I can think of off the top of my head:
Create the form and have its action attribute point to the third-party server. Then, add a click event to the submit button that first executes an AJAX request to your server with the data, and then allows the form to be submitted to the third-party server.
Create the form to post to your server. When the form is submitted, show the user a page that has a form in it with all of the data you want to pass on, all in hidden inputs. Just show a message like "Redirecting...". Then, add a javascript event to the page that submits the form to the third-party server.
Of the two, I would choose the second, for two reasons. First, it is more reliable than the first because Javascript is not required for it to work; for those who don't have it enabled, you can always make the submit button for the hidden form visible, and instruct them to press it if it takes more than 5 seconds. Second, you can decide what data gets transmitted to the third-party server; if you use just process the form as it goes by, you will be passing along all of the post data, which is not always what you want. Same for the 307 solution, assuming it worked for all of your users.
You can use this aproach:
Response.Clear();
StringBuilder sb = new StringBuilder();
sb.Append("<html>");
sb.AppendFormat(#"<body onload='document.forms[""form""].submit()'>");
sb.AppendFormat("<form name='form' action='{0}' method='post'>",postbackUrl);
sb.AppendFormat("<input type='hidden' name='id' value='{0}'>", id);
// Other params go here
sb.Append("</form>");
sb.Append("</body>");
sb.Append("</html>");
Response.Write(sb.ToString());
Response.End();
As result right after client will get all html from server the event onload take place that triggers form submit and post all data to defined postbackUrl.
HttpWebRequest is used for this.
On postback, create a HttpWebRequest to your third party and post the form data, then once that is done, you can Response.Redirect wherever you want.
You get the added advantage that you don't have to name all of your server controls to make the 3rd parties form, you can do this translation when building the POST string.
string url = "3rd Party Url";
StringBuilder postData = new StringBuilder();
postData.Append("first_name=" + HttpUtility.UrlEncode(txtFirstName.Text) + "&");
postData.Append("last_name=" + HttpUtility.UrlEncode(txtLastName.Text));
//ETC for all Form Elements
// Now to Send Data.
StreamWriter writer = null;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postData.ToString().Length;
try
{
writer = new StreamWriter(request.GetRequestStream());
writer.Write(postData.ToString());
}
finally
{
if (writer != null)
writer.Close();
}
Response.Redirect("NewPage");
However, if you need the user to see the response page from this form, your only option is to utilize Server.Transfer, and that may or may not work.
Something new in ASP.Net 3.5 is this "PostBackUrl" property of ASP buttons. You can set it to the address of the page you want to post directly to, and when that button is clicked, instead of posting back to the same page like normal, it instead posts to the page you've indicated. Handy. Be sure UseSubmitBehavior is also set to TRUE.
This should make life much easier.
You can simply use Response.RedirectWithData(...) method in your web application easily.
Imports System.Web
Imports System.Runtime.CompilerServices
Module WebExtensions
<Extension()> _
Public Sub RedirectWithData(ByRef aThis As HttpResponse, ByVal aDestination As String, _
ByVal aData As NameValueCollection)
aThis.Clear()
Dim sb As StringBuilder = New StringBuilder()
sb.Append("<html>")
sb.AppendFormat("<body onload='document.forms[""form""].submit()'>")
sb.AppendFormat("<form name='form' action='{0}' method='post'>", aDestination)
For Each key As String In aData
sb.AppendFormat("<input type='hidden' name='{0}' value='{1}' />", key, aData(key))
Next
sb.Append("</form>")
sb.Append("</body>")
sb.Append("</html>")
aThis.Write(sb.ToString())
aThis.End()
End Sub
End Module
Thought it might interesting to share that heroku does this with it's SSO to Add-on providers
An example of how it works can be seen in the source to the "kensa" tool:
https://github.com/heroku/kensa/blob/d4a56d50dcbebc2d26a4950081acda988937ee10/lib/heroku/kensa/post_proxy.rb
And can be seen in practice if you turn of javascript. Example page source:
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Heroku Add-ons SSO</title>
</head>
<body>
<form method="POST" action="https://XXXXXXXX/sso/login">
<input type="hidden" name="email" value="XXXXXXXX" />
<input type="hidden" name="app" value="XXXXXXXXXX" />
<input type="hidden" name="id" value="XXXXXXXX" />
<input type="hidden" name="timestamp" value="1382728968" />
<input type="hidden" name="token" value="XXXXXXX" />
<input type="hidden" name="nav-data" value="XXXXXXXXX" />
</form>
<script type="text/javascript">
document.forms[0].submit();
</script>
</body>
</html>
PostbackUrl can be set on your asp button to post to a different page.
if you need to do it in codebehind, try Server.Transfer.
#Matt,
You can still use the HttpWebRequest, then direct the response you receive to the actual outputstream response, this would serve the response back to the user. The only issue is that any relative urls would be broken.
Still, that may work.
I suggest building an HttpWebRequest to programmatically execute your POST and then redirect after reading the Response if applicable.
Here's what I'd do :
Put the data in a standard form (with no runat="server" attribute) and set the action of the form to post to the target off-site page.
Before submitting I would submit the data to my server using an XmlHttpRequest and analyze the response. If the response means you should go ahead with the offsite POSTing then I (the JavaScript) would proceed with the post otherwise I would redirect to a page on my site
In PHP, you can send POST data with cURL. Is there something comparable for .NET?
Yes, HttpWebRequest, see my post below.
The GET (and HEAD) method should never be used to do anything that has side-effects. A side-effect might be updating the state of a web application, or it might be charging your credit card. If an action has side-effects another method (POST) should be used instead.
So, a user (or their browser) shouldn't be held accountable for something done by a GET. If some harmful or expensive side-effect occurred as the result of a GET, that would be the fault of the web application, not the user. According to the spec, a user agent must not automatically follow a redirect unless it is a response to a GET or HEAD request.
Of course, a lot of GET requests do have some side-effects, even if it's just appending to a log file. The important thing is that the application, not the user, should be held responsible for those effects.
The relevant sections of the HTTP spec are 9.1.1 and 9.1.2, and 10.3.
Typically, all you'll ever need is to carry some state between these two requests. There's actually a really funky way to do this which doesn't rely on JavaScript (think <noscript/>).
Set-Cookie: name=value; Max-Age=120; Path=/redirect.html
With that cookie there, you can in the following request to /redirect.html retrieve the name=value info, you can store any kind of information in this name/value pair string, up to say 4K of data (typical cookie limit). Of course you should avoid this and store status codes and flag bits instead.
Upon receiving this request you in return respond with a delete request for that status code.
Set-Cookie: name=value; Max-Age=0; Path=/redirect.html
My HTTP is a bit rusty I've been going trough RFC2109 and RFC2965 to figure how reliable this really is, preferably I would want the cookie to round trip exactly once but that doesn't seem to be possible, also, third-party cookies might be a problem for you if you are relocating to another domain. This is still possible but not as painless as when you're doing stuff within your own domain.
The problem here is concurrency, if a power user is using multiple tabs and manages to interleave a couple of requests belonging to the same session (this is very unlikely, but not impossible) this may lead to inconsistencies in your application.
It's the <noscript/> way of doing HTTP round trips without meaningless URLs and JavaScript
I provide this code as a prof of concept: If this code is run in a context that you are not familiar with I think you can work out what part is what.
The idea is that you call Relocate with some state when you redirect, and the URL which you relocated calls GetState to get the data (if any).
const string StateCookieName = "state";
static int StateCookieID;
protected void Relocate(string url, object state)
{
var key = "__" + StateCookieName + Interlocked
.Add(ref StateCookieID, 1).ToInvariantString();
var absoluteExpiration = DateTime.Now
.Add(new TimeSpan(120 * TimeSpan.TicksPerSecond));
Context.Cache.Insert(key, state, null, absoluteExpiration,
Cache.NoSlidingExpiration);
var path = Context.Response.ApplyAppPathModifier(url);
Context.Response.Cookies
.Add(new HttpCookie(StateCookieName, key)
{
Path = path,
Expires = absoluteExpiration
});
Context.Response.Redirect(path, false);
}
protected TData GetState<TData>()
where TData : class
{
var cookie = Context.Request.Cookies[StateCookieName];
if (cookie != null)
{
var key = cookie.Value;
if (key.IsNonEmpty())
{
var obj = Context.Cache.Remove(key);
Context.Response.Cookies
.Add(new HttpCookie(StateCookieName)
{
Path = cookie.Path,
Expires = new DateTime(1970, 1, 1)
});
return obj as TData;
}
}
return null;
}
Copy-pasteable code based on Pavlo Neyman's method
RedirectPost(string url, T bodyPayload) and GetPostData() are for those who just want to dump some strongly typed data in the source page and fetch it back in the target one.
The data must be serializeable by NewtonSoft Json.NET and you need to reference the library of course.
Just copy-paste into your page(s) or better yet base class for your pages and use it anywhere in you application.
My heart goes out to all of you who still have to use Web Forms in 2019 for whatever reason.
protected void RedirectPost(string url, IEnumerable<KeyValuePair<string,string>> fields)
{
Response.Clear();
const string template =
#"<html>
<body onload='document.forms[""form""].submit()'>
<form name='form' action='{0}' method='post'>
{1}
</form>
</body>
</html>";
var fieldsSection = string.Join(
Environment.NewLine,
fields.Select(x => $"<input type='hidden' name='{HttpUtility.UrlEncode(x.Key)}' value='{HttpUtility.UrlEncode(x.Value)}'>")
);
var html = string.Format(template, HttpUtility.UrlEncode(url), fieldsSection);
Response.Write(html);
Response.End();
}
private const string JsonDataFieldName = "_jsonData";
protected void RedirectPost<T>(string url, T bodyPayload)
{
var json = JsonConvert.SerializeObject(bodyPayload, Formatting.Indented);
//explicit type declaration to prevent recursion
IEnumerable<KeyValuePair<string, string>> postFields = new List<KeyValuePair<string, string>>()
{new KeyValuePair<string, string>(JsonDataFieldName, json)};
RedirectPost(url, postFields);
}
protected T GetPostData<T>() where T: class
{
var urlEncodedFieldData = Request.Params[JsonDataFieldName];
if (string.IsNullOrEmpty(urlEncodedFieldData))
{
return null;// default(T);
}
var fieldData = HttpUtility.UrlDecode(urlEncodedFieldData);
var result = JsonConvert.DeserializeObject<T>(fieldData);
return result;
}

IE automation send the HTTP Post directly to the form action using VBA

I am having some automation trouble.
I am using HTML Object Library to automate an download. At the end of the automation process, I have to click a submit button of a form and then the download starts.
When I try to handle the dialog with the winapi32 function like this:
hWndDialog = 0
'Wait until the dialog is open
While hWndDialog = 0
hWndDialog = FindWindow(vbNullString, "Dateidownload")
Wend
'get the handle of the button
hWndDialogSpeichern = FindWindowEx(hWndDialog, 0, "Button", "&Speichern")
Call SetForegroundWindow(hWndDialog)
'send message
lRetval = SendMessage(hWndDialogSpeichern, &H5, ByVal 0&, ByVal 0&)
Nothing happens. I read something, that this isn't possible, because the dialog is modal?
So I try to send the POST data directly to the form's action. I think this is the best possibility even.
But I don't know what to send to the server.
Here the form in the html page:
<form action="/smarti/bismt/bismt/resexport" method="post">
<input class="active" type="button" onclick="submitform()" name="button_export" value="Export">
submitform() only check some values and then calls:
document.forms[0].submit();
However, when I send a POST request to "/smarti/bismt/bismt/resexport" I only get the page. I don't know how to set up the request header. Tried to use firebug, to see what is sending to the form, but saw nothing I recognized.
Did you try adding a question mark ? and then the names of the text input boxes? Like http://zip4.usps.com/zip4/zcl_3_results.jsp?zip5=92101.

repeater control causing Invalid postback or callback argument

I have read through many of the questions related to my situation but I have not found one that does. I currently have a repeater with 4 bound items to it, clicking on a button in the repeater causes my error, below is the markup and codebehind. Can someone explain to me why this is happening and the fix for it? (I have excluded the page decleration and just included the page_load event. let me know if i should cut and past full code in)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Repeater ID="rptFoo" runat="server">
<ItemTemplate>
<asp:Button ID="btnfoo" runat="server" />
</ItemTemplate>
</asp:Repeater>
</div>
</form>
</body>
</html>
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim items As New List(Of String)
items.Add("test1")
items.Add("test2")
items.Add("test3")
items.Add("test4")
rptFoo.DataSource = items
rptFoo.DataBind()
End Sub
"Invalid postback or callback argument" with Databound controls
answers my question incase anyone else needs this
That happens because the Repeater is getting datasource (binding) as you perform the item command operation. Just add if(not ispostback) to the page_load method.
I will repeat the answer here so you don't need to link to
The problem is loading the data for the control in the page Load event and calling the DataBind() method. However it appears that if the DataBind() method is called before the events are raised the above exception is generated as the control naming has changed.
The solution is to change this to if(!IsPostback) DataBind() and then call the DataBind() method at the end of the event handler. You would need to call it most of the time anyway at the end of the handler to affect the changes.
If this is not your problem, and you are modifying controls client side using JavaScript, check out this article.