By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,616 Members | 1,184 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,616 IT Pros & Developers. It's quick & easy.

how do i know the frame my page is in?

P: n/a
I hope this is the right newsgoup for this question.
I give it a try,

I show my asp.net page in a frame from a page of another
application.
Everything works fine, but now (for security reasons) I
want that my .net page can ONLY be viewed as a part of
the main page.

If the page is accessed directly I want to redirect
to "access denied" page.

Is it possible to write code to find out if a page is
viewed as a part of another page?

Thanks Dik

Nov 18 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
one other way to solve this would be that the framed page would requre a
querystring key to be sent to it.
You could make up this key in the page that it is framed in.

cheers,
mort

"dik mus" <op*@musit.nl> wrote in message
news:be****************************@phx.gbl...
I hope this is the right newsgoup for this question.
I give it a try,

I show my asp.net page in a frame from a page of another
application.
Everything works fine, but now (for security reasons) I
want that my .net page can ONLY be viewed as a part of
the main page.

If the page is accessed directly I want to redirect
to "access denied" page.

Is it possible to write code to find out if a page is
viewed as a part of another page?

Thanks Dik

Nov 18 '05 #2

P: n/a
Dik,

On the server side, it's impossible to know for sure what's happening on the
client since pretty much any mechanism f or passing this information back to
the server can be spoofed. How important are your "security reasons" for
wanting this behaviour? If it's largely a matter of convenience, then the
query string parameter approach suggested by Mort should be fine. However,
if there are real security concerns with potentially serious implications
involved, you might want to consider something a little more robust. If
this is the case, is the "other application" under your control or, if not,
can you request that some minor changes be made to it?

Nicole
"dik mus" <op*@musit.nl> wrote in message
news:be****************************@phx.gbl...
I hope this is the right newsgoup for this question.
I give it a try,

I show my asp.net page in a frame from a page of another
application.
Everything works fine, but now (for security reasons) I
want that my .net page can ONLY be viewed as a part of
the main page.

If the page is accessed directly I want to redirect
to "access denied" page.

Is it possible to write code to find out if a page is
viewed as a part of another page?

Thanks Dik

Nov 18 '05 #3

P: n/a
Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.
Nov 18 '05 #4

P: n/a
You can't check it from the server, but you can put some client script
in your page that checks for a frameset and redirects to an error page
if it doesn't find it. Something like:

function checkForFrames()
{
if (parent.frames.length == 0)
{
// not in a frameset
window.location = "error.htm";
}

}

-Jason

an*******@discussions.microsoft.com wrote:
Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.

Nov 18 '05 #5

P: n/a
That would be good enough. thanks a lot, ill give it a try.
"Jason DeFontes" <ja***@defontes.com> schreef in bericht
news:er*************@TK2MSFTNGP10.phx.gbl...
You can't check it from the server, but you can put some client script
in your page that checks for a frameset and redirects to an error page
if it doesn't find it. Something like:

function checkForFrames()
{
if (parent.frames.length == 0)
{
// not in a frameset
window.location = "error.htm";
}

}

-Jason

an*******@discussions.microsoft.com wrote:
Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.

Nov 18 '05 #6

P: n/a
You could use User.IsInRole() to control who gets what access. Set up AD
security groups to pattern your access requirements and either display or
don't display sections of the page based on membership in the groups or,
even better, dynamically create the controls based on group membership.

Dale

<an*******@discussions.microsoft.com> wrote in message
news:c0****************************@phx.gbl...
Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.

Nov 18 '05 #7

P: n/a
I like to make it as simple as possible, and because the sequrity settings
for a tab are already set by a admin role (and not exactly known
beforehand), i like a page to just reflect the settings of that tab. I guess
i can figure out in code who has a access to the tab, but i am not looking
for extra work. So i figured, i put one header on all my pages (i hav a lot
of pages), and in that header i just check if the page is part of the dnn
tab. In this way i need only a few lines of code to "secure" a lot of pages
in the appropriate way.

To make it a little more secure, i think i also pass a parameter that codes
the current date, in my application it checkes if that code indeed
represents the current date. In this way, a working url string showed in
another frame would only work for one day.


"DalePres" <no****@nomail.com> schreef in bericht
news:O3**************@TK2MSFTNGP12.phx.gbl...
You could use User.IsInRole() to control who gets what access. Set up AD
security groups to pattern your access requirements and either display or
don't display sections of the page based on membership in the groups or,
even better, dynamically create the controls based on group membership.

Dale

<an*******@discussions.microsoft.com> wrote in message
news:c0****************************@phx.gbl...
Thanks for your answers,

The sequrity does not have to be very strong. It is just
a intranet, and i am not expecting any hackers.

The source application is DNN2.04. Withe the sequrity
settings there it is easy to restrict some users to see a
tabs or not. In these tabs, i show in a frame my pages.
My asp.net pages are created with codecharge, and they
take can read all kind of parameters.

Sending a query string could be an option, but i guess
would not know how to make such a string so that users
could not see it in the url.


Nov 18 '05 #8

P: n/a
Dear mort,

Is there a way to make a query string, that can not be just copied with the
url?

Thanks dik

"mortb" <mo****@hotmail.com> schreef in bericht
news:ed**************@TK2MSFTNGP11.phx.gbl...
one other way to solve this would be that the framed page would requre a
querystring key to be sent to it.
You could make up this key in the page that it is framed in.

cheers,
mort

"dik mus" <op*@musit.nl> wrote in message
news:be****************************@phx.gbl...
I hope this is the right newsgoup for this question.
I give it a try,

I show my asp.net page in a frame from a page of another
application.
Everything works fine, but now (for security reasons) I
want that my .net page can ONLY be viewed as a part of
the main page.

If the page is accessed directly I want to redirect
to "access denied" page.

Is it possible to write code to find out if a page is
viewed as a part of another page?

Thanks Dik


Nov 18 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.