Re: HttpHandler


Hi Kevin,

Sorry, I was not clear enough on my last answer. The problem we are trying
to avoid is cross-site Javascript, since in the web site we use several
IFRAMEs that are coming from different web servers within our company. We
realized that some Javascript that used to access a parent frame's property,
for instance, could not execute. We always got a "Permission denied"
exception. Therefore, we thought to add an HttpHandler that would retrieve
the content from the remote server. The client would then only receive the
answer from the local server. The code that forwards the POST request is
below.

Do you mean that instead of the HttpWebRequest, we could simply use a
"Response.Redirect"? Would we be able to execute a Javascript like
"parent.parent.myProperty = true;" from a IFRAME (page) that was redirected
through "Response.Redirect", or would we run into the cross-site Javascript
problem?

Thanks.
Mike


******
If url.IndexOf("isremote=true") = -1 Then
' The request is forwarded back to the
default server.
request =
DirectCast(WebRequest.Create(remoteServer + url), HttpWebRequest)
request.Credentials =
CredentialCache.DefaultCredentials

ElseIf url.IndexOf("isremote=true") <> -1 Then
' Keeps the request to the local server, no
need to re-route it.
url = url.Replace("redirected=true",
String.Empty)
request =
DirectCast(WebRequest.Create(localServer + url), HttpWebRequest)
request.Credentials =
CredentialCache.DefaultCredentials
End If
request.Method = "POST"
request.ContentType =
"application/x-www-form-urlencoded"
Dim RawBytes() As Byte = readRequest(context)
request.ContentLength = RawBytes.Length
Dim newStream As Stream = request.GetRequestStream()
newStream.Write(RawBytes, 0, RawBytes.Length)
newStream.Close()

' Create a Response.
Dim myHttpWebResponse As HttpWebResponse =
CType(request.GetResponse(), HttpWebResponse)
' Get the stream associated with the response.
Dim receiveStream As Stream =
myHttpWebResponse.GetResponseStream()
' Pipes the stream to a higher level stream reader
with the required encoding format.
Dim readStream As New StreamReader(receiveStream,
Encoding.UTF8)

'Stream the data in a single operation to the
context's response.
context.Response.Write(readStream.ReadToEnd())
myHttpWebResponse.Close()
readStream.Close()
*********



"Kevin Spencer" <unclechutney@xxxxxxxxxxxx> schrieb im Newsbeitrag
news:OOdPGvX5HHA.5164@xxxxxxxxxxxxxxxxxxxxxxx
I'm not following you. Response.Redirect does not use JavaScript. It adds
a redirect header instruction to the response.

--
HTH,

Kevin Spencer
Microsoft MVP

DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net

"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F367440E-E1AB-4345-94F9-CCE89A27E0B1@xxxxxxxxxxxxxxxx

To avoid the cross-site Javascript security problem, since we have 2 web
server handling the various IFRAMEs.



"Kevin Spencer" wrote:

Why aren't you just using Response.Redirect?

--
HTH,

Kevin Spencer
Microsoft MVP

DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net

"Mike" <mike@xxxxxxxx> wrote in message
news:OpJLXfD5HHA.6024@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

I have a problem of page redirection. Basically, the user has to
connect
to the local web server, but some pages need to be served by a remote
server, because it contains some confidential data that cannot be
moved
locally (everything occurs in the company Intranet, however). Since
the
ASP.NET application uses extensive Javascript, we cannot make it work
because of the "cross-site" (same origin policy) of Javascript.

Therefore, we thought it would be useful to implement the IHttpHandler
and
create a request for all pages that need to be served remotely. The
code
is the following:

*************
Public Class AsyncProxyHandler
Implements IHttpHandler, IRequiresSessionState

Public Sub ProcessRequest(ByVal context As HttpContext) Implements
IHttpHandler.ProcessRequest

Dim url As String = context.Request.RawUrl
url = url.Replace(context.Request.ApplicationPath, "")
Dim request As HttpWebRequest
request =
DirectCast(WebRequest.Create("http://localhost/AsyncProxy2/Default.aspx";),
HttpWebRequest)
request.Credentials = CredentialCache.DefaultCredentials

Try
Dim response As HttpWebResponse =
DirectCast(request.GetResponse(), HttpWebResponse)
Dim responseStream As Stream = response.GetResponseStream()
Dim output As Stream = context.Response.OutputStream
CopyStream(responseStream, output)

Catch we As System.Net.WebException

End Try

End Sub

Private Sub CopyStream(ByVal fromStream As Stream, ByVal toStream
As
Stream)
Try
Dim sr As New StreamReader(fromStream)
Dim sw As New StreamWriter(toStream)
sw.WriteLine(sr.ReadToEnd())
sw.Flush()
Catch ex As Exception
End Try
End Sub

Public ReadOnly Property IsReusable() As Boolean Implements
IHttpHandler.IsReusable

Get
Return True
End Get

End Property

End Class
*************

However, since the same page also contains controls, all the events
(button click events, for instance) are never executed. We also tried
we a
dummy application, and everything we can see on the page is the
content of
the page included in the request, no other control.

Are we doing something wrong? Is there a better solution to overcome
our
problem?

Any help would be appreciated. We are working on this problem for
several
days, but we cannot find a solution....

Thanks
Mike












.

Loading