Ensure aspx site is inside RadWindow

5 posts, 0 answers
  1. Marco Beyer
    Marco Beyer avatar
    25 posts
    Member since:
    Jun 2009

    Posted 28 Sep 2010 Link to this post

    Dear Telerik-Team,

    in my scenario, I show an aspx page inside a RadWindow in order to update an item of a radgrid. I got the code from your demo located at: http://demos.telerik.com/aspnet-ajax/controls/examples/integration/gridandwindow/defaultcs.aspx?product=window .

    Everything works fine for me but I want to ensure that my aspx-form is only accessible if it is inside the Window. In the current scenario a user could have found out that the page "behind" the window he is shown when he updates an item inside the grid is "myupdateform.aspx" and has a QueryString passed in order to load specific data.

    Can I avoid that and ensure that the aspx-page cannot be called directly?

    Can I somehow get a reference to the window that contains my form "myupdateform.aspx" and see if it is null (the user has typed the URL directly into the browser without clicking on an item inside the grid) or not null (he has called the window by double clicking an item in the grid?

    Do you have an approach for me?

    Kind regards,
    Marco
  2. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 28 Sep 2010 Link to this post

    Hi Marco,

    You can use a slightly modified version of the GetRadWindow() function to check if the page is loaded in a RadWindow or not. For example, you can run the code from CheckWnd() in pageLoad() (make sure that you have asp:scriptmanager or RadScriptManager on the page for the pageLoad() client function to fire).

    function GetRadWindow()
    {
        var oWindow = null;
        if (window.radWindow) oWindow = window.radWindow;
        else if (window.frameElement && window.frameElement.radWindow) oWindow = window.frameElement.radWindow;
        return oWindow;
    }
     
    function CheckWnd()
    {
        var wnd = GetRadWindow();
        if (wnd)
        {
            alert("This page is loaded in a RadWindow");
        }
        else
        {
            alert("The page is loaded in the browser");
        }
    }





    Greetings,
    Georgi Tunev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Marco Beyer
    Marco Beyer avatar
    25 posts
    Member since:
    Jun 2009

    Posted 28 Sep 2010 Link to this post

    Hi Georgi!

    Thank you so much. That did it!

    Now i am simply redirecting to a specific url when the code detects that the page has been called directly by the browser.

    Short before the redirection takes place you can see the content of the page. No problem since the user cannot do anything but I would like to avoid that.

    Instead of calling the javascript pageLoad() function I could place

     

    RadAjaxManager.ResponseScripts.Add(

     

    string.Format("CheckWnd();"));

     

     

     

    in the server side code. I tried that with Page_PreInit and Page_Prerender but did the same result as calling the javascript pageLoad(). Do you have an idea how to achieve my goal?

    Kind regards,
    Marco

  4. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 30 Sep 2010 Link to this post

    Hello Marco,

    Try executing the code in window.onload . Basically, pageLoad() is a native ASP.NET AJAX function that is fired once all ASP.NET AJAX controls (including ours) are rendered on the page. If there are a lot of controls on the page pageLoad() should be called after window.onload.

    Regards,
    Georgi Tunev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Marco Beyer
    Marco Beyer avatar
    25 posts
    Member since:
    Jun 2009

    Posted 01 Oct 2010 Link to this post

    Hey,

    no, that didn't work. But this is not a problem. I found a solution that is acceptable for me.

    Before, my page "mysamplepage.aspx" listened for data via a query string parameter. If the pages is called without querystring, the user is redirected to another page. Only if the querystring has been passed and data to the ID passed has been found, the data is shown.

    So, a clever user could simply type the ID and pass it as query string. Now I encrypt the query string to base 64 which prevents the user from simply typing "33" or "3".

    Regards and thanks for your help,
    Marco
Back to Top