Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Query string paramaters are not sent from an IFrame

Hello,

I am developing a c# asp.net web application.

When i'm trying to open the application from an IFrame (using post or pressing a link with parameters),
the parameters do not arrive to the aspx page i have sent them to.

The strange thing is that this changes when i change the security configuration of the explorer:
when set to 'medium - low' or higher the problem occurs, but when set to 'low' i can get the parameters in the aspx page they have been sent to and there isn't any problem.

Any ideas?

Thanks,
Dana
0
Relegence
Asked:
Relegence
  • 3
  • 3
  • 2
  • +1
1 Solution
 
CJ_SCommented:
Can you show some code:
1) initializing the iframe
2) how do you post
3) where do you post to, is the page within the same domain?

0
 
CJ_SCommented:
4) Are you using some kind of authentication or redirection?
0
 
RelegenceAuthor Commented:
yes, well:

this is the page that contains the IFrame, "IFrame.html":

<HTML>
      <IFRAME width="1200px" Height="1200px" src="Post.html"></IFRAME>
</HTML>

---------------------------------------------------
this is the content of the IFrame, "Post.html":

<HTML>

<body>

<form name="form1" id="form1" method="POST" action="http://MyDomain/AppName/index.aspx">
      <input type="text" name="param1" value="123">
      <input type="text" name="param2" value="dana">
      <input type="submit" name="submit" id="submit" value="submit">
</form>

<BR><BR>

OR - <a href="http://MyDomain/AppName/index.aspx?param1=123¶m2=dana">http://MyDomain/AppName/index.aspx?param1=123¶m2=dana</a>


</body>

</HTML>

-------------------------------------------------------

I am posting to another domain. This is the page where i get the parameters, "index.aspx":

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace MLPC
{
      /// <summary>
      /// Summary description for index.
      /// </summary>
      public class index : System.Web.UI.Page
      {      
            protected string param1;
            protected string param2;
            protected string TopTenHoldingsData;

            private void Page_Load(object sender, System.EventArgs e)
            {
                  param1= Request["param1"];
                  param2= Request["param2"];
            }

            #region Web Form Designer generated code
            override protected void OnInit(EventArgs e)
            {
                  //
                  // CODEGEN: This call is required by the ASP.NET Web Form Designer.
                  //
                  InitializeComponent();
                  base.OnInit(e);
            }
            
            /// <summary>
            /// Required method for Designer support - do not modify
            /// the contents of this method with the code editor.
            /// </summary>
            private void InitializeComponent()
            {    
                  this.Load += new System.EventHandler(this.Page_Load);
            }
            #endregion
      }
}


Thanks,

Dana
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
RelegenceAuthor Commented:
There was a little mistake when i copied the URL in the code, it should be:

http://MyDomain/AppName/index.aspx?param1=123¶m2=dana

Dana
0
 
CJ_SCommented:
Try reading the data from the querystring and form itself
Request.QueryString["item"];
Request.Form["item"];

Does it work when the page is not inside an iframe? Because the security levels of Internet Explorer do not allow to "Navigate SubFrames across different domains" when set to high or medium. So, you should actually try to avoid the domain change...

CJ.

0
 
RelegenceAuthor Commented:
I have found the following article that deals with the problem:

http://support.microsoft.com/kb/323752/EN-US/

It does talk about working with session variables within different domains and offers a fix for that, a P3P header that should be added to the child content.

Dana
0
 
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0
 
Jeremy DaleySenior DeveloperCommented:
Relegence should have been awarded these points, before a request for refund was made.

unfortunately, 4 days isn't always enough time for an objection.
0
 
Jeremy DaleySenior DeveloperCommented:
oh geez, i knew that... i didn't even notice it was the  Author... duh

nevermind...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now