tags:

views:

659

answers:

5
Q: 

POST data getting 'lost' somewhere

UPDATE

So it turns out internet exploder's stranglehold on "security" to "make up" for being so bad at security was causing my problems. I should have checked that out first haha. Thanks everyone for the input, it has given me ideas on how to optimize my application :D

I am writing a web app (in ASP.NET 3.5) that integrates with a platform app. The platform app takes the user's credentials and puts them into an "empty" HTML page that consists of a form with hidden items containing said credentials and POSTS to the webapp (default.aspx):

<HTML>
<HEAD>
<SCRIPT LANGUAGE=JSCRIPT>
    function OnLoad(){
        try {
            document.form1.submit();
        }
        catch(e){
        }
    }
</SCRIPT>
</HEAD>
<BODY OnLoad="OnLoad()">
    <FORM ACTION="http://localhost:51816/gs_ontheweb/default.aspx" METHOD=POST NAME=form1 TARGET="_NEW">
    <INPUT TYPE="HIDDEN" NAME="ClientID" VALUE="123456">
    <INPUT TYPE="HIDDEN" NAME="Password" VALUE="2830088828">
    <INPUT TYPE="HIDDEN" NAME="PracType" VALUE="051">
    <INPUT TYPE="HIDDEN" NAME="Encrypt" VALUE="12345620081111">
</FORM>
</BODY>
</HTML>

When my default.aspx page gets loaded up, it calls the following function:

Dim ClientID As String = Request.Form("ClientID")
Dim PassWord As String = Request.Form("Password")
Dim PracType As String = Request.Form("PracType")

Each one of them result in empty strings. Any ideas on why this is happening? Thanks in advanced.

EDIT: Is there something I need to configure in my web.config file to make this work properly? Request.Params("<param name>") does not work.

A: 

Eric, can you elaborate a bit? Thanks.

Anders  2008-11-12 19:14:26
A: 

That HTML is just on the user's harddrive? Maybe the browser security won't let that POST because it's deemed to be a risk.

As a test -- take that exact HTML file and put it on your webserver and then browse to it. If it works, might be the browser refusing to send the data. You could check with Fiddler (for IE) or Firebug in FireFox.

Lou Franco  2008-11-12 20:33:02
Say this is the case, what could be an alternative to transmit this data?
Anders  2008-11-12 21:07:19
A: 

Why not use System.Net.WebClient?

Some sample code (sorry, it's C#. Looks like your looking for VB. I can't translate quickly.)

System.Net.WebClient wc = new System.Net.WebClient();
byte[] b;
byte[] res;
string formdata = "text=test text&password=secret&checkbox=on&textarea=a longer text sentence&submit=submit";

//    encode the form data string into a byte array 
b = System.Text.Encoding.ASCII.GetBytes(formdata);

// set the content type for a form 
wc.Headers.Add("Content-Type", "application/x-www-form-urlencoded");

// POST and get data
res = wc.UploadData("http://localhost:51816/gs_ontheweb/default.aspx", b);

//convert the return page from byte[] to ascii
string s = System.Text.Encoding.ASCII.GetString(res);
Moose  2008-11-12 22:00:56
This code you posted would be on the application side correct? And the last line would be on the web side?
Anders  2008-11-12 22:31:45
This code is on the application side. The last line would give your application back any answer the web server had in response to your POST.The server side should be something close to what you're already doing.
Moose  2008-11-12 22:35:35
+3  A: 

Your issue is the "Target" property on the Form. Why is this here?

(I also took the liberty of cleaning your HTML up a little)

<html>
    <head>
    <title>Test JS Post</title>
    <script type="text/javascript" language="javascript">
    <!--
        function OnLoad(){
            try
            {
                alert("Posting...");
                document.form1.submit();
            }
            catch(e)
            {
                alert("ERROR!");
                alert(e);
            }
        }
    //-->
    </script>
</head>
<body onload="OnLoad()">

    <form action="http://localhost:49684/Default.aspx" method="post" name="form1">

        <input type="hidden" name="ClientID" value="123456" />
        <input type="hidden" name="Password" value="2830088828" />
        <input type="hidden" name="PracType" value="051" />
        <input type="hidden" name="Encrypt" value="12345620081111" />

        <h1>This is in the form.  Submit me here:</h1><input type="submit" value="foo" />

    </form>

</body>
</html>

In the code behind of Default.aspx:

Private Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init

    For Each value As String In Request.Form.Keys
        Debug.WriteLine(String.Format("{0} = ""{1}""", value, Request.Form.Item(value)))
    Next

End Sub
Aydsman  2008-11-13 01:15:16
Anders, also note Aydsman's script tag declaration and use of quotes around attribute values. Keep it tidy.
Ty  2008-11-13 01:24:41
The script that generates the form was not written by me, I am pretty good about keeping things neat. My colleague likes to do it the fastest way possible
Anders  2008-11-13 13:46:36
A: 

So I am testing out Moose's code, and this is what I have:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    Dim wc As New WebClient
    Dim b() As Byte = Nothing
    Dim res() As Byte = Nothing
    Dim s As String = ""
    Dim oData As String = "ClientID=123456&Password=833022918&PracType=051&Encrypt=12345620081112"
    b = System.Text.Encoding.ASCII.GetBytes(oData)
    wc.Headers.Add("Content-Type", "application/x-www-form-urlencoded")
    Try
        res = wc.UploadData("http://localhost:51816/gs_ontheweb/default.aspx", b)
        s = System.Text.Encoding.ASCII.GetString(res)
        Process.Start("iexplore.exe", "http://localhost:51816/gs_ontheweb/default.aspx")
        TextBox1.Text = s
    Catch ex As Exception
     MsgBox(ex.GetType.ToString & vbCrLf & "**********" & ex.Message.ToString)
    End Try
End Sub

When it runs, it gets this back in the textbox:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head><title>
    Untitled Page
</title></head>
<body>
    <form name="form1" method="post" action="default.aspx" id="form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
  value="/wEPDwUKLTY0NzMzMzAzOA9kFgICBA9kFgICAQ8WAh4EVGV4dAVbPGJyPkNsaWVudElEID0gMTIzNDU2PGJyPlBhc3N3b3JkID0gODMzMDIyOTE4PGJyPlByYWNUeXBlID0gMDUxPGJyPkVuY3J5cHQgPSAxMjM0NTYyMDA4MTExMmRkQ7M9Gx2UPHGMW9QBkaX5lX19Oq4=" />
    <div id="temp">
        '<br>ClientID = 123456<br>Password = 833022918<br>PracType = 051<br>Encrypt = 12345620081112'
    </div>
    </form>
</body>

When it launches internet explorer (or firefox for that matter, i tried swapping out iexplore for firefox), my webapp is not picking up that the data is there. Here is the code that supposedly reads the information:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
    Dim displayValues As New StringBuilder()
    Dim postedValues As NameValueCollection = Request.Form
    Dim nextKey As String
    If postedValues.AllKeys.Length = 0 Then
        Literal1.Text = "No form data..."
    Else
        For i As Integer = 0 To postedValues.AllKeys.Length - 1
            nextKey = postedValues.AllKeys(i)
            If nextKey.Substring(0, 2) <> "__" Then
                displayValues.Append("<br>")
                displayValues.Append(nextKey)
                displayValues.Append(" = ")
                displayValues.Append(postedValues(i))
            End If
        Next
        Literal1.Text = displayValues.ToString()    
        End If
End Sub

I am still boggled by this, it shouldn't be this troublesome yet it is :|

Anders  2008-11-13 14:46:41

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps