how do i know the frame my page is in?

I hope this is the right newsgoup for this question.
I give it a try,

I show my asp.net page in a frame from a page of another
application.
Everything works fine, but now (for security reasons) I
want that my .net page can ONLY be viewed as a part of
the main page.

If the page is accessed directly I want to redirect
to "access denied" page.

Is it possible to write code to find out if a page is
viewed as a part of another page?

Thanks Dik

re: how do i know the frame my page is in?

one other way to solve this would be that the framed page would requre a
querystring key to be sent to it.
You could make up this key in the page that it is framed in.

cheers,
mort

"dik mus" <opt@musit.nl> wrote in message
news:be9101c43824$1aedd9b0$a601280a@phx.gbl...[color=blue]
> I hope this is the right newsgoup for this question.
> I give it a try,
>
> I show my asp.net page in a frame from a page of another
> application.
> Everything works fine, but now (for security reasons) I
> want that my .net page can ONLY be viewed as a part of
> the main page.
>
> If the page is accessed directly I want to redirect
> to "access denied" page.
>
> Is it possible to write code to find out if a page is
> viewed as a part of another page?
>
> Thanks Dik
>[/color]

re: how do i know the frame my page is in?

Dik,

On the server side, it's impossible to know for sure what's happening on the
client since pretty much any mechanism f or passing this information back to
the server can be spoofed. How important are your "security reasons" for
wanting this behaviour? If it's largely a matter of convenience, then the
query string parameter approach suggested by Mort should be fine. However,
if there are real security concerns with potentially serious implications
involved, you might want to consider something a little more robust. If
this is the case, is the "other application" under your control or, if not,
can you request that some minor changes be made to it?

Nicole


"dik mus" <opt@musit.nl> wrote in message
news:be9101c43824$1aedd9b0$a601280a@phx.gbl...[color=blue]
>I hope this is the right newsgoup for this question.
> I give it a try,
>
> I show my asp.net page in a frame from a page of another
> application.
> Everything works fine, but now (for security reasons) I
> want that my .net page can ONLY be viewed as a part of
> the main page.
>
> If the page is accessed directly I want to redirect
> to "access denied" page.
>
> Is it possible to write code to find out if a page is
> viewed as a part of another page?
>
> Thanks Dik
>[/color]

re: how do i know the frame my page is in?

Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.

re: how do i know the frame my page is in?

You can't check it from the server, but you can put some client script
in your page that checks for a frameset and redirects to an error page
if it doesn't find it. Something like:

function checkForFrames()
{
if (parent.frames.length == 0)
{
// not in a frameset
window.location = "error.htm";
}

}

-Jason

anonymous@discussions.microsoft.com wrote:
[color=blue]
> Thanks for your answers,
>
> The sequrity does not have to be very strong. It is just
> a intranet, and i am not expecting any hackers.
>
> The source application is DNN2.04. Withe the sequrity
> settings there it is easy to restrict some users to see a
> tabs or not. In these tabs, i show in a frame my pages.
> My asp.net pages are created with codecharge, and they
> take can read all kind of parameters.
>
> Sending a query string could be an option, but i guess
> would not know how to make such a string so that users
> could not see it in the url.
>
>[/color]

re: how do i know the frame my page is in?

That would be good enough. thanks a lot, ill give it a try.


"Jason DeFontes" <jason@defontes.com> schreef in bericht
news:erTcqIEOEHA.556@TK2MSFTNGP10.phx.gbl...[color=blue]
> You can't check it from the server, but you can put some client script
> in your page that checks for a frameset and redirects to an error page
> if it doesn't find it. Something like:
>
> function checkForFrames()
> {
> if (parent.frames.length == 0)
> {
> // not in a frameset
> window.location = "error.htm";
> }
>
> }
>
> -Jason
>
> anonymous@discussions.microsoft.com wrote:
>[color=green]
> > Thanks for your answers,
> >
> > The sequrity does not have to be very strong. It is just
> > a intranet, and i am not expecting any hackers.
> >
> > The source application is DNN2.04. Withe the sequrity
> > settings there it is easy to restrict some users to see a
> > tabs or not. In these tabs, i show in a frame my pages.
> > My asp.net pages are created with codecharge, and they
> > take can read all kind of parameters.
> >
> > Sending a query string could be an option, but i guess
> > would not know how to make such a string so that users
> > could not see it in the url.
> >
> >[/color][/color]

re: how do i know the frame my page is in?

You could use User.IsInRole() to control who gets what access. Set up AD
security groups to pattern your access requirements and either display or
don't display sections of the page based on membership in the groups or,
even better, dynamically create the controls based on group membership.

Dale

<anonymous@discussions.microsoft.com> wrote in message
news:c04e01c43830$a8ccb470$a501280a@phx.gbl...[color=blue]
> Thanks for your answers,
>
> The sequrity does not have to be very strong. It is just
> a intranet, and i am not expecting any hackers.
>
> The source application is DNN2.04. Withe the sequrity
> settings there it is easy to restrict some users to see a
> tabs or not. In these tabs, i show in a frame my pages.
> My asp.net pages are created with codecharge, and they
> take can read all kind of parameters.
>
> Sending a query string could be an option, but i guess
> would not know how to make such a string so that users
> could not see it in the url.
>
>[/color]

re: how do i know the frame my page is in?

I like to make it as simple as possible, and because the sequrity settings
for a tab are already set by a admin role (and not exactly known
beforehand), i like a page to just reflect the settings of that tab. I guess
i can figure out in code who has a access to the tab, but i am not looking
for extra work. So i figured, i put one header on all my pages (i hav a lot
of pages), and in that header i just check if the page is part of the dnn
tab. In this way i need only a few lines of code to "secure" a lot of pages
in the appropriate way.

To make it a little more secure, i think i also pass a parameter that codes
the current date, in my application it checkes if that code indeed
represents the current date. In this way, a working url string showed in
another frame would only work for one day.






"DalePres" <nospam@nomail.com> schreef in bericht
news:O33xi4IOEHA.1616@TK2MSFTNGP12.phx.gbl...[color=blue]
> You could use User.IsInRole() to control who gets what access. Set up AD
> security groups to pattern your access requirements and either display or
> don't display sections of the page based on membership in the groups or,
> even better, dynamically create the controls based on group membership.
>
> Dale
>
> <anonymous@discussions.microsoft.com> wrote in message
> news:c04e01c43830$a8ccb470$a501280a@phx.gbl...[color=green]
> > Thanks for your answers,
> >
> > The sequrity does not have to be very strong. It is just
> > a intranet, and i am not expecting any hackers.
> >
> > The source application is DNN2.04. Withe the sequrity
> > settings there it is easy to restrict some users to see a
> > tabs or not. In these tabs, i show in a frame my pages.
> > My asp.net pages are created with codecharge, and they
> > take can read all kind of parameters.
> >
> > Sending a query string could be an option, but i guess
> > would not know how to make such a string so that users
> > could not see it in the url.
> >
> >[/color]
>
>[/color]

re: how do i know the frame my page is in?

Dear mort,

Is there a way to make a query string, that can not be just copied with the
url?

Thanks dik

"mortb" <mortb1@hotmail.com> schreef in bericht
news:edOAouCOEHA.3420@TK2MSFTNGP11.phx.gbl...[color=blue]
> one other way to solve this would be that the framed page would requre a
> querystring key to be sent to it.
> You could make up this key in the page that it is framed in.
>
> cheers,
> mort
>
> "dik mus" <opt@musit.nl> wrote in message
> news:be9101c43824$1aedd9b0$a601280a@phx.gbl...[color=green]
> > I hope this is the right newsgoup for this question.
> > I give it a try,
> >
> > I show my asp.net page in a frame from a page of another
> > application.
> > Everything works fine, but now (for security reasons) I
> > want that my .net page can ONLY be viewed as a part of
> > the main page.
> >
> > If the page is accessed directly I want to redirect
> > to "access denied" page.
> >
> > Is it possible to write code to find out if a page is
> > viewed as a part of another page?
> >
> > Thanks Dik
> >[/color]
>
>[/color]