Protecting XPages (hiding custom controls source code) - xpages

I am trying to protect my XPages custom controls (hide *.xsp source files) using Stephan H. Wissel's arcticle "Protecting your XPages Application", but I had no luck.
I have a single *.xsp which contains a custom control.
When I have made all the instuctions, I tried to open my page and I got an error
404: HTTP Web Server: Item Not Found Exception.
If I remove the custom control from the page it will work.
Have somebody been successful using this technique?
I appriciate any suggestions. Thank you.

Related

POST request in controller for custom contact form via AJAX

I've build a custom form which action redirects to a confirm page. In the controller of this page I get the POST values via $request->request->get('fieldName');
To enhance the user experience I'd like to stay on the same page as the form and add a success message to the page. I guess this can be done via AJAX? I tried to follow this guide since it kind of seems to describe what I'm trying to achieve, but I struggle to understand the custom component part. It seems this is only for the backend?
Any help would be appreciated.
The guide you shared is about the administration, if you want to add your functionality to the storefront instead you should be able to follow this guide.
For an overview of how the administration and storefront differs, you can read up the concepts behind those two areas here.

404 error being generated on controller actions that use [HttpGet] when clicking on a hyperlink?

Background
I have an ASP.Net Core v2.0 web application that has the [HttpGet] attribute above action results that don't need to accept a post.
I created a spreadsheet with a list of pages on the website to my marketing team, along with a column of hyperlinks that link directly to each page on the website.
Example Spreadsheet:
Issue
Once the marketing team started clicking on the links in the spreadsheet, I started to receive 404 errors via email (configured using NLog) although the page did still load for the user.
Troubleshooting
I troubleshooted this and uncovered that the issue was down to the [HttpGet] attribute. If I take the [HttpGet] attribute out, clicking on the links in the spreadsheet doesn't generate a 404 error.
The site doesn't generate 404 errors when loading the page (s) via the browser.
I installed fiddler and it looks as though Excel is using the "CONNECT" method.
Fiddler screenshot:
I thought this could be the issue as it's not a GET but when I access a page within Chrome, it also shows using the "CONNECT" method in fiddler.
I'm looking to see if anyone else has had this issue and if they got around it? Do I need to add another attribute alongside [HTTPGet] to stop Excel or other 3rd party software causing a 404?
I've resolved my own issue.
For anyone else that has this issue the fix is to put [HttpGet, HttpHead] as the attribute. If you have a custom route then add another attribute underneath:
[Route("[controller]/custom-action")].
For info, I got to the bottom of this by using the logs from the drop down ASP.Net Core Web Server in the output window in Visual Studio. I could see that when the link was first being requested by Excel, it was using the HEAD method rather than the GET which is why a 404 error was being fired.
Hope that helps someone down the line.

set cutom user agent in web browser control when navigating to a single page

How can I set a custom user agent for a webbrowser control? The control is loading a page where I need to spoof it. I am using c sharp.
This has been asked many times on here. I suggest searching for a solution next time before posting a new question, but you can easily do this by using the WebBrowser control's Navigate() method. Just note that this will only work when you use this method, after you navigate to another page, it will "reset".
webBrowser1.Navigate("http://yoursite.com", "_self", null, "User-Agent: Custom User Agent string");
Also, other header information can be included in the header parameter as well. More information can be found here.
Microsoft's official way to customize the User Agent is to implement the IOleControl::OnAmbientPropertyChange event to respond to DISPID_AMBIENT_USERAGENT requests (but does not affect Navigate() or a page's DOM), or use UrlMkSetSessionOption(URLMON_OPTION_USERAGENT).

UpdatePanel in SharePoint throws an error

I get the following when I click on a custom made webpart in the Web Part Gallery: The control with ID 'UpdatePanel1' requires a ScriptManager on the page. The ScriptManager must appear before any controls that need it. If I use the webpart, ie perform a search, I get a pop-up error: Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The Status code returned from the server was: 500.
This webpart takes a search string from a textbox, passes it to BL/DAL and returns a data from DB. I've integrated an UpdatePanel for partial postbacks - used this blog as guide but it is not working.
I've added the scriptManager to the default.master page using MSSP Designer as the blog suggests but curiously, the script manager causes an error (red underline) In Internet Explorer 6.0 the tag <asp:ScriptManager> is not permitted.
I'm not totally sure what's up with that but here's an alternative. Dont use MS Ajax - EVER. jQuery is simpler, faster, better, stronger, sexier!
This is how I normally do this stuff:
add jQuery to your master page head
create a user control that implements your web part ui. This should use Page.ScriptManager.RegistryScriptInclude or .RegistryScriptBlock to insert script for the control. Eg, methods to do your callback using jQuery.Ajax.
create a web part wrapper for the user control
create an aspx in _layouts that acts as the 'service' for your callback. The page load can use the parameters passed from the ajax call to return some json or text
Instead of #4 you could create a web service but this is a lot harder with SharePoint - an apx will work well enough.
HTH
Cheers

Sharepoint : Event Receiver : Item Adding

Anybody used the "ItemAdding" method successfully in an Event Receiver in Sharepoint for validation?
I think it just can't work properly for validation purposes because it seems that :
You can't access the data you just
entered in a form
If you add an error message,
instead of displaying the form
back with your error, Sharepoint
display the big ugly error page.
Here's what I found so far on the web for the ItemAdding method :
http://www.sharepoint-tips.com/2006/09/synchronous-add-list-event-itemadding.html
http://www.moss2007.be/blogs/vandest/archive/2007/07/20/wss-3-0-event-handler-pre-event-cancelling-issues.aspx
http://www.synergyonline.com/blog/blog-moss/Lists/Posts/Post.aspx?ID=25
Anyway, if somebody successfully used that method, please tell me how because I think that it's just broken/missing something!
Thanks!
You can't use ItemAdding to perform that kind of "friendly" validation checking. If you set e.Cancel = true and set e.ErrorMessage, sharepoint will redirect you to the standard error page and display your message. You can't make it redirect back to your form page.
Rather than trying to hack the built in pages, you should use an infopath or aspx form bound to a content type. Infopath has built-in validation controls and with aspx forms you build yourself you can treat it like any web app and choose your own validation.
No easy way out here I'm afraid.
-Oisin
You can access data that was just added in the form. Look at properties.AfterProperties in the adding/updating event receivers.
An example would be properties.AfterProperties["Title"].
I agree that error handling is a little hard, but I recommend that you do validation in your event receivers in addition to having your UI do validation. If it is not a custom page, then you can add JavaScript to existing pages using a Content Editor Web Part to do the validation.

Resources