ExamGuru IT/.Net Guru : IFrame problem in aspx page on microsoft.public.dotnet.languages.jscript

.NETGURU

IFrame problem in aspx page

Messages

Related Types

This message was discovered on microsoft.public.dotnet.languages.jscript.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.

Post a new message to this list...

tony

Hi,
I'm using win2000, .Net 1.1, IE 6.0
My 'main.aspx' page contains an IFrame that is in turn another 'calendar.aspx' page.
When I try to invoke the Iframe (calendar.aspx), from main.aspx, in the developement environment, everything works fine.
However in production environment, some users can invoke the IFrame without error, and some other users cannot,
Their browser display that there is an error in its status bar; Double click the error, it says: "Access denied" on the page 'calendar.aspx'.

I tried to debug the error on the client .(View-->Script Debugger-->Break at Next statement)
When I step through the code in the script debugger, the Iframe invoked succefully, but when I try to run it again without debugging it failed.

I assigned both accounts; 'everyone' and 'ASPNET' full control on this file, and on the parent folder and still getting the same error message.

thanks for help

Reply to this message...

[MSFT] (VIP)

Hello,

I am not vey clear about what you mean "invoke", is it to access some
components in the frame through client Jscript? If so, are main.aspx and
calendar.aspx is in same virtual folder? When a client failed with such a
error, will it always failed with a web form with Ifame or only with the
particular 'main.asp"?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this message...

tony

Hi Luke,
Here is more detail about the problem:
both page: main.aspx and calendar.aspx are in the same virtual and physical folder .

C: ... .... wwwroot --> folderParent--> folderChild

'main.aspx' and 'calendar.aspx' are in folder 'folderChild'

main page structure:

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="main.aspx.vb" Inherits="myProject.main" %><html>
... .... ..... (ususal html tag & code)

<IFRAME SRC="calendar.aspx" STYLE="DISPLAY:none;Z-INDEX:100;WIDTH:100px;POSITION:absolute;HEIGHT: 100px" ID="calframe" ></IFRAME><form method="post" runat="server">
... .... ..... (some html code)
<IMG onclick="PositionCalendar();" src="cal.gif" >
... .... ..... (some html code)
</form><script language="javascript">
function PositionCalendar(){
( some javascript code to position the calendar (IFrame) in a specified position)
... .... ..... ......
(and those last 2 lines to set some control on the calendar to some values):
parent.document.frames("calframe").document.calendarForm.calendarTextBox1.value=someValue;
parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someValue;
}
</script></html>

Calendar.aspx structure:

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Calendar.aspx.vb" Inherits="myProject.Calendar" %><html>
... .... .....
<form id="calendarForm" method="post" runat="server"><input type=text name='calendarTextBox1'><input type=text name='calendarTextBox2'><asp:Calendar id=...... .... ....

... .... ..... (some usual html tag and code)

</form></html>

and here what is happening:
when 'main.aspx' page load, ('calendar.apx' is supposed to load automaticaly since it's contained in an IFrame on main.aspx), at this point, no error happens and the status bar of IE 6.0 does not display any error.
When I click on the image that position the calendar on the page, make it visible, and in the same time, write some values on 'calendar.aspx' , IE status bar display 'Error occured'.

Now,
some end users do not get this error and the IFrame get visible on their page and every thing work fine, while with some other user, the IFRAME don't get visible on their page and IE status bar display the mentioned error.

If I try to step through the code on the USER MACHINE THAT GET THE ERROR, through ... ... Break at Next statement ... ...., when I step through each line of code, every thing works fine and no error is generated at all, but if I let IE run without debugging, the IFRAME do not get visible and the error happens again.

When I click The error in the status bar for more detail, it only says : 'Access denied'.
I beleived that the error happens when 'main.aspx' try to write someValues on 'calendar.aspx', therefore I granted full control to 'ASPNET' and 'EVERYONE' account, on 'folderParent' level and 'folderChild' level, but that didn't solve the problem.

And I'm wondering, if it's a permissions problem, why some users have this error and some others not ???

Thank you for your help

Reply to this message...

bruce barker

the client code:

parent.document.frames("calframe").document.calendarForm.calendarTextBox1.va
lue=someValue;

parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someV
alue;

is executing what is refered to as "cross-frame scripting" and is being
denied by the users security setting.

-- bruce (sqlwork.com)

"tony" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]

ID="calframe" ></IFRAME><form method="post" runat="server">
[Original message clipped]

lue=someValue;
>
parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someV
alue;
[Original message clipped]

name='calendarTextBox2'><asp:Calendar id=...... .... ....
[Original message clipped]

no error happens and the status bar of IE 6.0 does not display any error.
> When I click on the image that position the calendar on the page, make it
visible, and in the same time, write some values on 'calendar.aspx' , IE
status bar display 'Error occured'.
[Original message clipped]

get visible on their page and IE status bar display the mentioned error.
[Original message clipped]

line of code, every thing works fine and no error is generated at all, but
if I let IE run without debugging, the IFRAME do not get visible and the
error happens again.
[Original message clipped]

'EVERYONE' account, on 'folderParent' level and 'folderChild' level, but
that didn't solve the problem.
[Original message clipped]

Reply to this message...

[MSFT] (VIP)

Yes, As Bruce, the access denied error is not caused by server security
issue. It is caused by client security. You may refer to following article
to see if they will help:

About Cross-Frame Scripting and Security
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe
_scripting_security.asp

Security Considerations: Dynamic HTML
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/sec
_dhtml.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this message...

tony

the cross-frame scripting security apply on frame calling another frame from different domains,
but in my situation all files and frames and ..... are in the same folder.

I noticed when changing the security level for IE6 from high to medium the script works, but that's would be impossible to ask every user come accross the site to change his browser security setting.

Is there any work arround this issue other than changing IE security level ???

Reply to this message...

[MSFT] (VIP)

Hello,

IE security setting also take effects on the cross frame scripting. The
security level High will block it. (There is no way to change client
security setting on server side or with some script. If this is possible,
there will be some security hole here. For example we may run some bad code
after modify the security level.

I suggest you may have your client user add your site to Trust sites. Or,
you may consider creating an ASP.NET USERControl instead of the Iframe.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this message...

Vidar Petursson

Hi

some stuff to try in case frame is not ready etc...

var theValue = 0;
function doIframe(sVal){
theValue = ( typeof(sVal) != "undefined") ? sVal : theValue;
try{if(parent.document.frames["FRAMENAME"].document.readyState){}}
catch(e){setTimeout("doIframe()",1000);return;} // Error Check again in 1
sec
if(parent.document.frames["FRAMENAME"].document.readyState == "complete")
{
parent.document.frames["FRAMENAME"].document.forms[0].INPUTNAME.value =
theValue;
// etc
}
else setTimeout("doIframe()",1000); // Not ready try in 1 sec again
}

And perhaps add a counter that on x count will inform user to modify
settings

More info
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe_scripting_security.asp
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/sec_dhtml.asp

--
Best Regards
Vidar Petursson
==============================
Microsoft Visual: Scripting MVP 2000-2004
http://www.icysoft.com/
http://www.deus-x.com/ Instant e-commerce
http://www.microsoft.com/technet/scriptcenter/
Playground: http://213.190.104.211/ ( IE 5.5+ only )

No matter where you go there you are
==============================
"tony" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]

Reply to this message...

System.Globalization.Calendar

ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification

Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews

.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT

Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project

FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.

Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials

	Copyright © ExamGuru, Inc. 2001-2006
	Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification