Marco Beyer
Top achievements
Rank 1
Rank 1
Marco Beyer
asked on 28 Sep 2010, 10:02 AM
Dear Telerik-Team,
in my scenario, I show an aspx page inside a RadWindow in order to update an item of a radgrid. I got the code from your demo located at: http://demos.telerik.com/aspnet-ajax/controls/examples/integration/gridandwindow/defaultcs.aspx?product=window .
Everything works fine for me but I want to ensure that my aspx-form is only accessible if it is inside the Window. In the current scenario a user could have found out that the page "behind" the window he is shown when he updates an item inside the grid is "myupdateform.aspx" and has a QueryString passed in order to load specific data.
Can I avoid that and ensure that the aspx-page cannot be called directly?
Can I somehow get a reference to the window that contains my form "myupdateform.aspx" and see if it is null (the user has typed the URL directly into the browser without clicking on an item inside the grid) or not null (he has called the window by double clicking an item in the grid?
Do you have an approach for me?
Kind regards,
Marco
in my scenario, I show an aspx page inside a RadWindow in order to update an item of a radgrid. I got the code from your demo located at: http://demos.telerik.com/aspnet-ajax/controls/examples/integration/gridandwindow/defaultcs.aspx?product=window .
Everything works fine for me but I want to ensure that my aspx-form is only accessible if it is inside the Window. In the current scenario a user could have found out that the page "behind" the window he is shown when he updates an item inside the grid is "myupdateform.aspx" and has a QueryString passed in order to load specific data.
Can I avoid that and ensure that the aspx-page cannot be called directly?
Can I somehow get a reference to the window that contains my form "myupdateform.aspx" and see if it is null (the user has typed the URL directly into the browser without clicking on an item inside the grid) or not null (he has called the window by double clicking an item in the grid?
Do you have an approach for me?
Kind regards,
Marco
4 Answers, 1 is accepted
0
Hi Marco,
You can use a slightly modified version of the GetRadWindow() function to check if the page is loaded in a RadWindow or not. For example, you can run the code from CheckWnd() in pageLoad() (make sure that you have asp:scriptmanager or RadScriptManager on the page for the pageLoad() client function to fire).
Greetings,
Georgi Tunev
the Telerik team
You can use a slightly modified version of the GetRadWindow() function to check if the page is loaded in a RadWindow or not. For example, you can run the code from CheckWnd() in pageLoad() (make sure that you have asp:scriptmanager or RadScriptManager on the page for the pageLoad() client function to fire).
function GetRadWindow(){ var oWindow = null; if (window.radWindow) oWindow = window.radWindow; else if (window.frameElement && window.frameElement.radWindow) oWindow = window.frameElement.radWindow; return oWindow;}function CheckWnd(){ var wnd = GetRadWindow(); if (wnd) { alert("This page is loaded in a RadWindow"); } else { alert("The page is loaded in the browser"); }}Greetings,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Public Issue Tracking
system and vote to affect the priority of the items
0
Marco Beyer
Top achievements
Rank 1
Rank 1
answered on 28 Sep 2010, 02:24 PM
Hi Georgi!
Thank you so much. That did it!
Now i am simply redirecting to a specific url when the code detects that the page has been called directly by the browser.
Short before the redirection takes place you can see the content of the page. No problem since the user cannot do anything but I would like to avoid that.
Instead of calling the javascript pageLoad() function I could place
RadAjaxManager.ResponseScripts.Add(
string.Format("CheckWnd();"));
in the server side code. I tried that with Page_PreInit and Page_Prerender but did the same result as calling the javascript pageLoad(). Do you have an idea how to achieve my goal?
Kind regards,
Marco
0
Hello Marco,
Try executing the code in window.onload . Basically, pageLoad() is a native ASP.NET AJAX function that is fired once all ASP.NET AJAX controls (including ours) are rendered on the page. If there are a lot of controls on the page pageLoad() should be called after window.onload.
Regards,
Georgi Tunev
the Telerik team
Try executing the code in window.onload . Basically, pageLoad() is a native ASP.NET AJAX function that is fired once all ASP.NET AJAX controls (including ours) are rendered on the page. If there are a lot of controls on the page pageLoad() should be called after window.onload.
Regards,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Public Issue Tracking
system and vote to affect the priority of the items
0
Marco Beyer
Top achievements
Rank 1
Rank 1
answered on 01 Oct 2010, 07:30 AM
Hey,
no, that didn't work. But this is not a problem. I found a solution that is acceptable for me.
Before, my page "mysamplepage.aspx" listened for data via a query string parameter. If the pages is called without querystring, the user is redirected to another page. Only if the querystring has been passed and data to the ID passed has been found, the data is shown.
So, a clever user could simply type the ID and pass it as query string. Now I encrypt the query string to base 64 which prevents the user from simply typing "33" or "3".
Regards and thanks for your help,
Marco
no, that didn't work. But this is not a problem. I found a solution that is acceptable for me.
Before, my page "mysamplepage.aspx" listened for data via a query string parameter. If the pages is called without querystring, the user is redirected to another page. Only if the querystring has been passed and data to the ID passed has been found, the data is shown.
So, a clever user could simply type the ID and pass it as query string. Now I encrypt the query string to base 64 which prevents the user from simply typing "33" or "3".
Regards and thanks for your help,
Marco