RE: Security issue with an HTA frame

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Oriane,

Quote from Oriane=================================================
http://stibil.fr is my Asp.net web application, with a "forms"
authentication. So I get the login form page, and I enter my password and
login name, and then I should see the default.aspx page. But I have again
the login page inside the HTA window.
=================================================

Do you mean when the page is in the iframe, even though you input the
correct username and password you are sill navigated to the Login page? I
have tested your code but cannot reproduce this problem on my side.

Could you provide your environment such as the operating system and IE
version so that I can try to repro it?

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Oriane" <oriane@xxxxxxxxxxxxxxx>
| Subject: Security issue with an HTA frame
| Date: Wed, 22 Oct 2008 09:51:31 +0200
| Lines: 34
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| Message-ID: <e8MypsBNJHA.2324@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: net1.yris-technologie.com 213.41.243.88
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:78329
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hi there,
|
| In order to open a web site in a windows form, I use this little hta file
:
|
| <HTML>
| <HEAD>
| <TITLE>Stibil</TITLE>
| <HTA:APPLICATION ID="Stibil" / >
| <SCRIPT TYPE="text/Javascript">
| window.moveTo(20,20);
| </SCRIPT>
| </HEAD>
| <BODY>
| <IFRAME SRC="http://stibil.fr/default.aspx"; APPLICATION="No"
| STYLE="width:100%;height:100%;"></IFRAME>
| </BODY>
| </HTML>
|
| http://stibil.fr is my Asp.net web application, with a "forms"
| authentication. So I get the login form page, and I enter my password and
| login name, and then I should see the default.aspx page. But I have again
| the login page inside the HTA window.
|
| When I open directly http://stibil.fr/default.aspx, I've got no problem.
|
| To bypass this problem, I have set http://stibil.fr as a trusted site in
| Internet Explorer, and now it's ok. But I'm not satisfied with that
solution
| since I can't ask all my intranet clients to do that. And moreover, I
can't
| see why my default.aspx page could cause a security risk form my computer.
|
| Any hint ?
|
| Best regards
|
|

.

Relevant Pages

  • RE: SBS Web Remote Webworkplace Login
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... SBS Web Remote Webworkplace Login ...
    (microsoft.public.windows.server.sbs)
  • RE: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN
    ... could not grant "alter any login" permission to a domain login. ... You may want to login as a domin user or sql login with sysadmin role, ... Microsoft Online Community Support ...
    (microsoft.public.sqlserver.security)
  • Re: SBS 2003 setup strategy
    ... I suggest that you contact our Microsoft Phone Call Support ... Microsoft CSS Online Newsgroup Support ... -userA@xxxxxxxxxxxxxx login: userA ...
    (microsoft.public.windows.server.sbs)
  • RE: How do I set the login name for a user?
    ... If a database is created by a Microsoft Windows NT authenticated login ... database does not have a matching SID in the syslogins system table. ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.adonet)
  • RE: multi user messageing software - but not e-mail
    ... The Live Messsenger can login itself, never mind whether you log on domain. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)