DevExpress XAF is a framework for .NET and Visual Studio developers who wants to create Office-like LOB apps for desktop, web and mobile faster and without hiring a large team.
Monday, May 11, 2015
Redirecting from an external hyperlink to a View in an XAF Web app with the ASP.NET Forms Authentication - YOUR FEEDBACK IS NEEDED
I wanted to ask the XAF community members interested in this functionality to test a simpler solution to the problem described in this thread. Long story short, you have a hyperlink to an XAF Web application form like this:
and want to include it in an email and send it to a user so that he or she is able to navigate to that view on your web site (e.g., open a user profile or changed order details). If that app has a security system with a logon form enabled, then the URL fragment after # is cut after a successful authentication, which makes navigation to the required app screen not possible by default. Instead, the URL fragment before the hash symbol is opened (see similar threads on StackOverFlow for more details: one, two, three).
There was a tricky solution to work around the default ASP.NET request processing mechanism in the original Support Center thread, but today I wanted to share a simpler solution for our users.
Here it comes:
1. In the Solution Explorer, right-click the YourSolutionName.Web/Login.aspx file and invoke the View Markup command from the context menu.
2. Paste the <script/> element with the JavaScript code below before the </body> element, as follows:
<body class="Dialog">
<div id="PageContent" class="PageContent DialogPageContent">
<form id="form1" runat="server">
<cc4:ASPxProgressControl ID="ProgressControl" runat="server" />
<div id="Content" runat="server" />
</form>
</div>
<%--This part is added.--%>
<script type="text/javascript">
//<![CDATA[
function encodeLocationHash() {
var search = window.location.search;
if (search && search.indexOf('ReturnUrl=') > -1) {
var hash = window.location.hash;
if (hash && hash.length > 1) {
var newUrl = window.location.href.replace(hash, '');
newUrl += encodeURIComponent(hash);
window.location.replace(newUrl);
}
}
}
attachWindowEvent('load', encodeLocationHash);
//]]>
</script>
</body>
This simple solution worked fine in many internal tests, but we wanted to make sure there are no tricky situations in your real apps, which are left uncovered.
I look forward to hearing from you on whether you:
Q1. ever experienced such a requirement in your XAF web sites.
Q2. got this new and simple solution working in your Web apps with the logon form.
Thanks in advance!
Subscribe to:
Post Comments (Atom)
Nice Post Dennis
ReplyDeleteI have tried and it change url from
http://www.companywebsite.com/Login.aspx#MARKEDPRIVATE_DetailView=3D3a149934-a2c5-4c05-a9c7-e4c8be03e7d2
To
www.companywebsite.com/Login.aspx%23MARKEDPRIVATE_DetailView%3D3a149934-a2c5-4c05-a9c7-e4c8be03e7d2
Which gives a 404
Also using Xpand so dont know if that could be the cause, any ideas ?
News, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download Now
Delete>>>>> Download Full
News, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download LINK
>>>>> Download Now
News, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download Full
>>>>> Download LINK gU
Hello Wayne, thanks for your comment! This non-standard situation was not handled by our solution. We will consider either ignoring such URLs or making it to work as expected. Would you please also point out a specific eXpand Framework feature you are using? Looking at the query string, I guess it has something to do with making user-friendly URLs, but I am not 100% sure.
ReplyDeleteHi
ReplyDeleteThank you for the post
I have a question. Howto generate the url of a detailview to sending it by email to a user?
@MohAl: You can use the two solutions from https://www.devexpress.com/Support/Center/Question/Details/T181841
ReplyDelete@Wayne Van Rooyen: This situation is now handled. See the updated code snipped for more details.
ReplyDelete@Dennis
ReplyDeleteThanks only came across your reply now.
Thanks
You're always welcome, Wayne
ReplyDeleteHi Dennis,
ReplyDeleteWe migrated our application where we use this code to new XAf Web UI and this code does not work anymore as is.
during debugging javascript told us attachWindowEvent does not exist or something like that. So I found out I must change attachWindowEvent by method addEventListener (parameters are the same as in attachWindowEvent ) and code again works as expected.
Petr,
DeleteThe attachWindowEvent function is from the XAF's CommonFunctions.js file, which contains a lot of standard functionality and cannot be missing. This function internally uses the addEventListener method you used, which should be working in the latest web browsers such as IE9+ and others. We need to use this custom function for compatibility with the old web browsers XAF supported at the time of writing this article.
function attachElementEvent(element, name, handler) {
if (element.addEventListener) {
element.addEventListener(name, handler, false);
}
else {
element.attachEvent('on' + name, handler);
}
}
So one of my clients uses a penetration tester. The Penn tester is warning that this is unsafe because of the potential for Cross-site Scripting and that there is potential for a malicious user to 'craft a request that may run arbitrary JavaScript in a victim's web browser'. It goes on to say that malicious users could use this to steal session tokens or private data of authenticated users.
ReplyDeleteThoughts on this accusation?
Any other way around this?
Hello, Ambur! Would you please provide a detailed description of a possible attack or step-by-step instructions that can be used to reproduce it with the MainDemo.Web app using the aforementioned approach? With that, we will be able to research and give additional information on this issue, which can eventually be a 'false positive' as well.
DeletePlease email this info at support@devexpress.com or rather submit a private ticket using the Support Center (https://www.devexpress.com/ask).
Sure thing
DeleteMuch appreciated, Ambur!
DeleteNews, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download Now
ReplyDelete>>>>> Download Full
News, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download LINK
>>>>> Download Now
News, Tips, Tricks And More About Devexpress Application Framework (Xaf) Directly From The Lab: Redirecting From An External Hyperlink To A View In An Xaf Web App With The Asp.Net Forms Authentication - Your Feedback Is Needed >>>>> Download Full
>>>>> Download LINK