Need some help here :P
What im trying to do is simply get some data from an xml page located on a server.
However, the server first requires a username/password combination before i even get to see the xml content. What it does, is present a login form, that requires a user to provide credentials. Once the user hits the login, a js function is run, which logs the user in and then presents XML content to the user without ever redirecting the user to a different page.
So what im trying to ask is, is there a way (and if so, how) can i retrieve the XML of a page that first requires me to provide login details to the server?
Cheers
i'm assuming the XML data on the server is dynamic, otherwise you could simply copy and bundle the data into your own website - obviously.
i'm not sure of the nature of this data, but sometimes data can be accessed thru a website's backdoor, legally. you could try a quick search to see if this data is available publically, or even contact the data holder to find out for sure. in any case, you'll need to have a cross-domain policy file to access data that is not hosted on your own domain.
You cannot load variables or XML data
into a Flash movie from another
domain. For example, a Flash movie
loaded from
http://www.yourserver.com/flashmovie.swf
can access data residing at
http://www.yourserver.com/data.txt.
The text file is located within the
same domain as the SWF.
However, an attempt to load data from
http://www.NotMyServer.com/data.txt
will fail and no error messages are
displayed. The load action will cause
a warning dialog to appear.
Note: This security feature does not
affect Flash movies playing in
stand-alone projectors.
if the data is publicly available, there is probably a way to bypass this security restriction by using JavaScript and ExternalInterface to capture the data, but i'm not well versed with such routines.
this security restriction is not applicable to AIR applications.
more: Cross-domain policy for Flash movies
Related
I want when some code in plugin execute, then call or trigger on some way a web resource, so is it even possible and how I can call it?
NOTE: its important that first execute a plugin and then web resource!
A plugin cannot directly communicate with form script. However communication can be achieved through the data model. Based on your comments, I would suggest the following approach.
Create a plugin to create and store the document against the case record. (Perhaps set a flag field on the case to indicate the document is available).
In your web resource have JavaScript which queries CRM using OData to see if the document is available (perhaps based on the flag field). Then provide the document for download. You may also need to make some consideration around when to offer the download, as form script will run every time the form is loaded, constantly offering the document for download could be annoying for the user.
Alternatively, just do step 1. Then the user can download the document manually like every other attachment. If you have a flag field its easy to show a message that the document is ready.
I am currently making a processing program, where a part of it will be to acess some information from at website. The website will be an HTML file, where some information is stored, which i need to acess and parse. I know how to open a html file, but my problem is that it is supposed to acess a list, which is generated after a login on the website. How do i do that?
This is the website, right after loading the HTML file:
http://i.imgur.com/kGIkyle.png
After a login, the website will begin to spit out data every two seconds.
I wanna acess the data in the ordered list, and i wanna acess it every two seconds in my processing program. How do i do that?
This is the website, after a login, after a moment.
http://i.imgur.com/O743fNJ.png
When you use a web browser to submit a login, you're really interacting with the server. Usually the web browser submits a POST request containing the login information (like a username and password), and the server responds with the next webpage to load.
The details of this are going to depend on the website you're interacting with. Some websites might use AJAX to submit the data and then trigger some JavaScript to run.
The point is, you're going to have to understand exactly how the underlying web server and webpage works. Then you're going to have to use the rules of those interactions to issue the appropriate requests from your Processing code.
It might be as simple as submitting the login credentials in the url itself and then just scraping the information from the webpage.
More likely, you're going to have to interact with some kind of web API and do the requests yourself. Google "Java post request" for more info.
Of course, all of this assumes that the website is open to people using it. If this website isn't yours, it could also be locked down and unavailable to you.
I have a web app with multi HTML file (example index.html, page1.html, page2.html). I don't know how the browser identifies my app as a unique web page for me can use only one indexedDB database. So, what need I do?
For details, When I load the app, index.html will be load, and when I want to open a child page (i.e page1.html), I load it by using window.location. I think that do not a right way to open child page. So, the browser can't understand my app as one unique page, and I can't use one indexedDB database for it.
IndexedDB is limiting the database access with the same origin policy, which scopes it to the pages with same protocol :// domain : port, so you should have access to the same databases from multiple pages under the same scope.
The indexedDB database is local to the browser and only available to the user. IndexedDB databases follow the same rules as cookies and local storage. A database is unique to the domain it was loaded from. So for example, a database called "Foo" created at foo.com will not conflict with a database of the same name at goo.com. Not only will it not conflict, it won't be available to other domains as well. You can store data for your website knowing that another website will not be able to access it.
I have a logo at the top of all my reports that I have as an embedded image.
These reports are displayed in an ASP.Net web app via the SSRS web service interface - all pretty standard stuff but the image doesn't render - I just get a broken link.
There are a number of possible solutions for this problem and I've tried a few things including setting UseSessionCookies to false in the ConfigurationInfo table.
What I've noticed is that the image displays fine when I change the anonymous account of the consuming web app from a least privileged service account to my own user account.
I do not understand why this and can't work out what special permissions are needed by my web app's service account to be able to view embedded images in reports.
Can anyone help?
Ok, problem solved. Kind of. The problem isn't limited to embedded images and occurs because I am not using the reporting services viewer.
To summarise:
1) when your web application is making the call to the report server it is fully authorized to do so. A SessionID is generated that is ONLY available to the web application account (i.e. the Service account under which the app runs).
2) the web app outputs the RAW HTML4.0 to the screen.
3) the browser receives the HTML and tries to retrieve the images referenced in the HTML.
4) the browser is running as your user account (e.g. domain\username1)
5) the report server receives a request that looks like:
6) now the SessionID listed in the URL is not associated with domain\username1, so report server claims it does not exist.
When you set the app domain to use the domain\username1 account, then the SessionID happens to be associated with your the account so suddently things 'work'. But the moment real users try the system they complain that the images are missing, since their domain\usernameN does not match the app pool account.
The solutions to this problem are as follows:
1) use the Report Viewer control. This will ensure that the URLs received by the Browser will point back to your web app and your web app identity will be used to retrieve them from the report server.
2) in your web app code, parse the HTML4.0 that you get back from the Render call, fetch and cache all the images, re-write the HTML4.0 links to point to the cached images stored by your web app and then send it to the browser (if this seems complicated... then use the Report Viewer control since it make the scenario work)
3) you can try to use the MHTML output format, this will produce a fully qualified report with images embedded in the since binary stream. The consequence of this is it is harder to embed it within an application page... but not insurmountable
I chose to use a variation on 2) because I don't want to use the report viewer. The logo I'm trying to display is already hosted in the calling web app so I just replace the src attribute of the img tag in the response returned from the SSRS report execution service with the url to this location.
I really don't want to use the report viewer as suggested as the best solution to this issue. Why SSRS has to use session information to return something as simple as a logo that is displayed on all reports is beyond me.... It has taken ages to get to the bottom of this and the solution isn't especially pretty....
Is this an external image? Take a look at this MSDN article that explains the permissions needed for retrieving an image:
When the report is previewed in Report Designer, preview uses the
credentials of the user to display the image. When the report is run
on the report server, the report server uses the unattended execution
account to retrieve the image. If the unattended execution account is
not specified, the image is retrieved using no credentials (anonymous
user account). If either of these accounts have insufficient rights to
access the image, the image will not be displayed in the report.
I would check the permissions on the image in the Report Manager.
From my experiences so far, I've concluded that the HTML5 Manifest scheme was really terribly designed.
My site serves a manifest file when a user is logged in. Unfortunately, when they log out, they can still access the cached protected materials. Can anyone think of a way to fix this?
A manifest file is designed to take a website offline and still be able to navigate. It essentially just tells the browser to download and keep that stuff in cache. If your adding secret stuff to the manifest and the user goes offline, he needs to be able to still access it - or whats the point of having a special logged-in-manifest-file if he has to be loggedin (therefor online)?
You could add javascript that checks if the user is online again and if he is, tries to validate the "login state" and redirects or removes the secret stuff from localstorage (if you would use localstorage to save the "secret" stuff and javascript to display it instead of a manifest file )
Lets say the secret stuff is an image and you are not using a manifest file, but just displaying images when the user is logged in and its crusial, the user cant view that image after logout, you would need to set the http headers to no-cache and cache-expire to some random date of the past, so that a normal user would see it anymore. Problem then is, that the image is downloaded everytime somebody visits the website..
You need to approach the HTML5 Application Cache in a different way. It is not useful for caching server-side dynamically generated pages, especially those that require a login to reach. The Application Cache has no concept of logins, nor securing a page from somebody with a different/no login.
It is much more appropriate for an AJAX-based site, where all HTML/CSS/JavaScript is static and registered in the Application Cache, and data is instead fetched via AJAX then used to populate pages. If you need to cache data in the application for offline use, then use one of the offline data storage mechanisms such as Local Storage/Session Storage, or IndexedDB, for data.
You can then make your own judgement on how much data you want to cache offline, since there's no way to validate a login without making a call to the server that is naturally inaccessable whilst offline.
What if when the user logs out or is not logged in they get a manifest with only network:*