Websecurity logout link using Webmatrix and Razor - razor

I am creating an application largely based on the template provided with WebMatrix 2.
Everything is working great, although I'm having some issues creating a "logout" link in my header.
Currently I have the following link:
Sign Out
Which in turn, directs to this page:
#{
WebSecurity.RequireAuthenticatedUser();
if (IsPost) {
// Verify the request was submitted by the user
AntiForgery.Validate();
// Log out of the current user context
WebSecurity.Logout();
// Redirect back to the return URL or homepage
var returnUrl = Request.QueryString["ReturnUrl"];
Context.RedirectLocal(returnUrl);
} else {
Response.Redirect("~/");
}
}
But when I click this link, it does nothing, and I'm still logged in. Where am I going wrong?

The problem is that by default logout links are (and should be) validated POST requests, this is to prevent XSS attacks of logging your users out by redirecting them to the logout page.
Thanks to this code:
if (IsPost) {
// Verify the request was submitted by the user
AntiForgery.Validate();
.. you will need to create a form for logging out, like so:
<form method="post" action="~/account/logout.cshtml">
#AntiForgery.GetHtml()
<input type="submit" value="Logout" />
</form>
Of course, you can use JavaScript to have a normal link submit that form, thus making it look like a normal link to the end user, only they're protected!

Related

HTML Forms post redirect

I've got an HTML form that I'm posting to a url successfully. However, I need to have the page be redirected after I've posted the form. I'm not able to use ajax because CORS is not enabled. When I post to the url I'm getting a success message, and a redirect link in json format. This seems much easier than it's proving to be.
What I know is, when I post to the original url, a cookie is created, and when I go to the url that the page is returning, I am an authenticated user. So, it seems that I need to capture that cookie, and then redirect, but I could be off base.
This can be achieved using custom scripting.
The script waits for the input button to be clicked and sets up a listener that checks to see if the div that holds the confirmation text is visible and then sends the user to the destination page.
Add this to the code injection point for the page that holds the form:
<script src="//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script>
var eventposted=0;
$(document).ready(function(){
$('input.button').click(function() {
window.setInterval(foo, 100);
});
});
function foo(){
if(($(".form-submission-text").is(':visible')) && (eventposted==0)){
window.location = "http://www.something.com/destinationpage";
eventposted=1;
}
}
</script>

How redirect login.html to chat.html page after successful logged in Django framework?

I have used template/login.html for logging in, after successful logged in how to redirect the login.html page to chatwindow.html page (some other html) in Django framework.
So, do I need to redirect it from views.py file or from login.html?
Any help highly appreciated.
Django implements multiple ways to do this:
1. LOGIN_REDIRECT_URL
This is a global setting in your settings.py. It works for all login pages when next= parameter is not specified in login url (e.g. example.com/login?next=/foo).
2. Use next parameter in the login URL
This is usually used to customize the login redirect for individual cases.
The common use-case is when you use #login_required decorator. When a user tries to access a page which requires authentication, a user is then redirected to a login page with a next= parameter pointing to the current page. For example if the user went to /secure/page, then the login page will be something like /login?next=/secure/page. After the user will successfully authenticate, Django will redirect them back to the protected page.
3. Use the hidden input next on the login page
Finally you can set the redirect path in the login form itself:
<form method="POST" ...>
<input typy="hidden" name="next" value="/secure/page">
...
</form>
I would guess that first method might be the most appropriate in your case however keep in mind the other options if you will need them.

ASP.NET MVC Redirect with Form inside IFrame

I am developing a SharePoint app that is using an ASP.Net MVC web application. The web application is launched inside an iframe in SharePoint.
I have a form that I use to store information related to a project. Different actions are possible on this form:
Submit form with no error: the form is redirected to the homepage of my project. For that I am using.:
Html.BeginForm(.., FormMethod.Post, new { **#target="_top**", #class = "form-horizontal" })
As you can see i redirect my form to the target _top to be able to go back to my homepage.
Cancel form: the form is cancelled and i am redirected to the homepage of my project. For that I am using also a link with the target _top:
Cancel:
Everything is working for this case
Submit form but error in the post method:
now let's imagine that i submit my form but i have some error during processing. What I would like to do is to display again the form inside my frame in my page with the validation error present on the top of the form.
The problem is explain above, my form has the target set to top, the validation errors are displayed on the top windows and not in my frame. So it is like that I am redirected to a new page.
Here is the code my post action:
if (!ModelState.IsValid)
{
return View("Edit", KeyFiguresHelper.BuildKeyFiguresEditViewModel(keyFigure, agencies));
}
var keyFiguresDTO = KeyFiguresHelper.ExtractKeyFiguresFromModel(model, agencies);
var errorCode = _projectService.EditProjectKeyFigures(keyFiguresDTO);
if (errorCode == ErrorCode.NO_ERROR)
{
return Redirect(keyFigure.ProjectUrl);
}
ModelState.AddModelError("", _errorMessageFactoryService.Create(errorCode));
return View("Edit", KeyFiguresHelper.BuildKeyFiguresEditViewModel(keyFigure, agencies));
Is it possible to redirect a page with the target "_top" if the post action is running well and if I have any errors to redirect to the same page with the target "_self" ?
Thank you very much for your help

HTML forms - difference between 'action' and the 'next' variable?

According to the HTML book which I am reading (and according to here: http://www.w3schools.com/tags/att_form_action.asp) it says that in the case of forms:
<form action="/login/" method="post">
'action' specifies where to send the form data when a form is submitted. The syntax for it could be
<form action="URL">
Now, in the book I am reading, it also talks about a hidden 'next' variable, like so:
<form action="/login/" method="post">
<input type='hidden' name='next' value='/' />
<input type='submit' value='login' />
The book I am reading states that
The form contains a submit button as well as a hidden field called 'next'. This hidden variable contains a URL that tells where to redirect the user after they have logged in.
From my understanding, doesn't 'action' either way tell specify where to redirect to after the form has been submitted? So isn't having the hidden 'next' variable not necessary because 'action' already tells where to redirect to? Which takes priority if action and next are different URLs? Does it redirect to the URL in action or the URL in next?
First up the action attribute has nothing to do with redirection.
When you click a submit button in a form the browser sends an HTTP request to the server, specificaly to the resource mentioned in the action attribute, using either get or post. What happens next is entirely dependant on what you are using server side.
As far as I am aware the presense of a Next property in the request has no special meaning.
Normally when a form is submitted one of two things will happen
The server does some process then return an HTTP Response. This will show the action url in the address bar of the browser
The server does some processing then redirects the user to a new page. This is usualy programmed by you the programmer and does not happen automagicaly. In php you would use http_redirect(someURL). The next hidden field could be used to hold this URL but it won't do anything with it by itself.
On a technical note, http redirects, be they with asp, php, etc cause, an additional round trip to the browser. So in the case of the redirect above, an HTTP Response is send to the broswser with a header indicating to redirect and where to direct to. The browser will then send a new request to the new location. This is why the new address appears in the browser address bar.
Action url is where the page will be redirected to, by default. The value of next has no effect unless you have server side code to do that. Even if you do write code, the redirect will first go to action url and then to any other url you have changed.

Double action on HTML form submit button

I am currently trying to submit form data to a third party site from our own wordpress based website.
I need it to open in a new blank window or tab. I am able to do this so far using a target="_blank" on the form itself.
The tricky part is I also want the data to save on my own site.
The only way I know how to do this double action is to hook in after the post is saved on my site but this means the form is submitted to my own site and then I use javascript or something to redirect to the third party site but this creates pop up warnings which I can't have in this case...
Does anybody have any ideas around this and if I have not been detailed enough please don't hesitate to ask me more info.
Thanks
Perhaps submit by AJAX first to the local site, then -- on success -- submit the form & navigate them whole page to the other domain?
With jQuery:
<form id='form' method='post' action='http://remote.website.com/send-data-here'>
<input ...>
<input ...>
...
<button type='button' onclick='doubleSubmit();'>Submit</button>
</form>
<script type='text/javascript'>
var LOCAL_URL = "/myForm-receiver.php";
function doubleSubmit() {
var data = $('#form').serialize();
$.post( LOCAL_URL, data, new function(response){
// Successfully posted by AJAX to Local Website;
// -- now POST the form to the destination site,
// -- & navigate to that result page.
$('#form).submit();
});
}
</script>
I'm assuming you want to receive a copy of the data locally, but the user will navigate to the destination domain for the "result page".
Need to submit the data through ajax and saved the data in your data base then redirect to third party url or submit to there use like jQuery(selector).ajax(dataString:--);
may this help you thanks!