15 October, 2009

Detect local Server to Server Request in C#.NET

In my current project, I needed to secure file access.

Not any file, but one file that could return any file that users have uploaded to the application!

When Users try to access such an URL, let's say http://myapps/getFile.ashx?idFile=123, I chek the user right to see/access the file. If the user couldn't access the file, I just respond "You don't have access to this file" instead of the file Stream.

For some reason, somewhere else in my app, I need to make an internal WebRequest to a file through getFile.ashx. The problem is I can't get the file because my app is not a granted user for that file.

I need a way for getFile.ashx to know that it's the app itself that make a WebRequest to access the file and thus should be granted.

After some diggin, I found the bool
context.Request.IsLocal
that garantee that the WebRequest is internal.

So getFile either check the user right or evaluate IsLocal and give access if True.
Posted by at 1 comment:

02 October, 2009

LINQ to Javascript - make a Where

I find LINQ very cool for Data querying.

I tried to code a Where function for Javascript Arrays :


Array.prototype.where = function(condition) {
  var list = [];
  for (var i=0; i < this.length; i++) {
    if ( condition.call(this[i]) ) {
      list.push(this[i]);
    }
  }
  if ( list.length == 1) {
    return list[0];
  }
  else {
    return list;
  }
}


You havre to send a "condition" function in the where that will test each element and return an array contained elements that verify the condition.

The context of the condition is the element itself so you can easily access it with "this".

Suppose you have INPUT form elements in your document and you want to retrieve those which id contains "browserWidth".

Here is the code :


$$('input').where(
  function() {
    return (this.id.indexOf('serviceSelected') != -1);
  });


If the return array contains a single element, it returns the element itself.
Posted by at No comments:

Access C#.NET Server controls by id on client side

In C#.NET, when you declare a Control runat="server", the id of the Control is not the same on the client side.

For example, a Control named "browserWidth" on the server side will have the following id on the client side : "ctl00_ctl00_ContentPlaceHolder1_ContentPlaceHolder1_browserWidth".

Thus, you can't access it with a classic Javascript $("browserWidth"), and it is very difficult to guess what client id the Control will have.

My best hack for that is to use the "class" attribute, that can be multiple, and add a class which name is the same as the id of the Control, like this : class="browserWidth" or CssClass="browserWidth" if you work with an asp.net Control.

This way, I can access my client control with Javascript $$("*.browserWidth")[0].

The only problem comes with the asp:HiddenField Control that doesn't accept CssClass attribute.

On the client side, I have a tricks to access to it :

$$('input').where(function() { return (this.id.indexOf("browserWidth") != -1); })

The "where" fucntion is one of mine explain in the next Post.

This tricks works under two conditions :

- your Control has a unique ID
- the Server ID of the Control is contained in the client ID "ctl00_ctl00_ContentPlaceHolder1_ContentPlaceHolder1_browserWidth"

If M$ changes the way client ID are made and decides to not add server control id at the end, that tricks would not work.
Posted by at No comments:
Subscribe to: Posts (Atom)