473,549 Members | 2,862 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Re: Security issue with an HTA frame

With IIS7 on Vista SP1, the problem does not occur. When I told you
yesterday that the problem occurs on Windows XP/Vista, I talked about the
client environment.

Oct 23 '08 #1
2 2629
Hi Oriane,

Thanks for your information. I've reproduced this issue on my side. If an
internet site (your stibil.fr is considered as an internet site because
it's not in the same domain of the machine where the IE runs) is not added
to the trusted sites zone, when using iframe to show the site the cookie
cannot persist.

To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_Beg inRequest(objec t sender,
EventArgs e)
{
this.Context.Re sponse.AddHeade r("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.

Regards,
Allen Chen
Microsoft Online Support

--------------------
| From: "Oriane" <or****@noemail .noemail>
| References: <e8************ **@TK2MSFTNGP06 .phx.gbl>
<Z3************ **@TK2MSFTNGHUB 02.phx.gbl>
<Om************ **@TK2MSFTNGP04 .phx.gbl>
<gr************ **@TK2MSFTNGHUB 02.phx.gbl>
| In-Reply-To: <gr************ **@TK2MSFTNGHUB 02.phx.gbl>
| Subject: Re: Security issue with an HTA frame
| Date: Thu, 23 Oct 2008 15:27:44 +0200
| Lines: 4
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| Message-ID: <O3************ **@TK2MSFTNGP05 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: net1.yris-technologie.com 213.41.243.88
| Path: TK2MSFTNGHUB02. phx.gbl!TK2MSFT NGP01.phx.gbl!T K2MSFTNGP05.phx .gbl
| Xref: TK2MSFTNGHUB02. phx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:7846 8
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| With IIS7 on Vista SP1, the problem does not occur. When I told you
| yesterday that the problem occurs on Windows XP/Vista, I talked about the
| client environment.
|
|

Oct 27 '08 #2
Hi Allen,

"Allen Chen [MSFT]" <v-******@online.m icrosoft.coma écrit dans le message
de news:z9******** ******@TK2MSFTN GHUB02.phx.gbl. ..
[...]
>
To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_Beg inRequest(objec t sender,
EventArgs e)
{
this.Context.Re sponse.AddHeade r("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.
It works :-)

Thanks a lot

Oct 27 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
3350
by: jasonbrown1999 | last post by:
Someone told me the following script could be used to run harmful commands on the server, by passing commands into the script. What the script does is encode an affiliate URL, create two frames, with the affiliate URL decoded and placed in the bottom URL. The top frame contains http://www.domain.com/selectanothercard.html for navigation back...
7
1985
by: Neil | last post by:
I found some code on a web site regarding accessing the html dom using javascript, where the html resides in a frame. So I wrote a html document with a frame which points to a real website, and tried to access its html dom. Using IE6 (most up to date service packs, etc) or Netscape (7.2 I believe, but I only used it for testing, so I cant be...
2
2479
by: James | last post by:
I'm currently using a basic web service for my Windows and web clients to access a Microsoft Access database on the web server. All works fine, but I'm worried about security. Without any precautions, anyone could use the web service to access or even modify information in the database. This, obviously, is not too good, so currently I've set a...
2
1315
by: K.C. Brown | last post by:
I'm trying to finish up an app that uses a left and right frame extensively. The left frame contains a dynamically built menu and the right is used as the target for links selected from the left. Everything runs pretty well except for a 3rd party dll that is called when certain restricted aspx pages are loaded to perform a 2 factor...
3
2394
by: James Radke | last post by:
Hello, I have an asp.net application (using vb.net codebehind), that is calling some older c++ dlls. These dlls require the use of the c++ Runtime which is in the windows/System32 directories. What is the best way to get access to these directories for the web application? Add the security for IUSR_<system name> to the System32...
3
2240
by: Velvet | last post by:
I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is, what should these
15
1763
by: Scott W Gifford | last post by:
Hello, We've got a Web-based application written in Perl that is designed to integrate as a frame into many different Web sites. We currently have several stylesheets available to allow the user to match the look and feel to their existing Web site. We're considering allowing our users to host their own stylesheet, and just pass in its...
5
9755
by: Ankit Aneja | last post by:
This is my problem. I am using Visual 2003, .Net framework 1.1 and the Application Block I configured the DAAB using the Enterprise Library Configuration now this is the error which is coming Security Exception Description: The application attempted to perform an operation not allowed
2
4490
by: rbanerji | last post by:
I am building a BHO that is meant to popup a IHtmlPopup window on a mouse over image event. All the code works fine if the image is in the main Window. However if the image is in a frame then I get the following error: {"Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"} System.Exception...
0
7484
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
1
7515
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6091
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5400
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5124
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3529
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3510
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1974
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
798
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.