Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / JScript / May 2004

Tip: Looking for answers? Try searching our database.

IFrame problem in aspx page

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
tony - 07 Apr 2004 19:21 GMT
Hi
I'm using win2000,  .Net 1.1, IE 6.
My 'main.aspx' page contains an IFrame that is in turn another 'calendar.aspx'  page
When I try to invoke the Iframe (calendar.aspx),  from main.aspx,  in the developement environment, everything works fine
However in production environment, some users can invoke the IFrame without error, and some other users cannot
Their browser display that there is an error in its status bar;  Double click the error, it says:  "Access denied" on the page 'calendar.aspx'

I tried to debug the error on the client .(View-->Script Debugger-->Break at Next statement
When I step through the code in the script debugger, the Iframe invoked succefully, but when I try to run it again without debugging it failed

I assigned both accounts;  'everyone' and 'ASPNET'  full control on this file, and on the parent folder and still getting the same error message

thanks for hel
Reply to this Message
[MSFT] - 08 Apr 2004 04:33 GMT
Hello,

I am not vey clear about what you mean "invoke", is it to access some
components in the frame through client Jscript? If so, are main.aspx and
calendar.aspx is in same virtual folder? When a client failed with such a
error, will it always failed with a web form with Ifame or only with the
particular 'main.asp"?

Luke
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this Message
tony - 08 Apr 2004 14:31 GMT
Hi Luke
Here is more detail about the problem
both page: main.aspx and calendar.aspx are in the same virtual and physical folder

C: ... .... wwwroot --> folderParent--> folderChil

'main.aspx' and 'calendar.aspx' are in folder 'folderChild

main page structure

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="main.aspx.vb" Inherits="myProject.main" %><html
 ... .... .....  (ususal html tag & code

<IFRAME SRC="calendar.aspx" STYLE="DISPLAY:none;Z-INDEX:100;WIDTH:100px;POSITION:absolute;HEIGHT: 100px" ID="calframe" ></IFRAME><form  method="post" runat="server"
 ... .... .....  (some html code
<IMG onclick="PositionCalendar();" src="cal.gif"
 ... .... .....  (some html code
</form><script language="javascript"
        function PositionCalendar()
                          ( some javascript code to position the calendar (IFrame) in a specified position
                                         ... .... .....  .....
                         (and those last 2 lines to set some control on the calendar to some values)
                        parent.document.frames("calframe").document.calendarForm.calendarTextBox1.value=someValue
                        parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someValue
                                     
</script></html>  

Calendar.aspx structure

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Calendar.aspx.vb" Inherits="myProject.Calendar" %><html
 ... .... .....
<form id="calendarForm" method="post" runat="server"><input type=text  name='calendarTextBox1'><input type=text  name='calendarTextBox2'><asp:Calendar id=...... .... ...

 ... .... .....  (some usual html tag and code

</form></html

and here what is happening
when 'main.aspx' page load, ('calendar.apx' is supposed to load automaticaly since it's contained in an IFrame on main.aspx), at this point, no error happens and the status bar of IE 6.0 does not display any error
When I click on the image that position the calendar on the page, make it visible, and in the same time, write some values on 'calendar.aspx' , IE status bar display 'Error occured'

Now,
some end users do not get this error and the IFrame get visible on their page and every thing work fine, while with some other user, the IFRAME don't get visible on their page and IE status bar display the mentioned error

If I try to step through the code on the USER MACHINE THAT GET THE ERROR,  through ... ... Break at Next statement ... ...., when I step through each line of code, every thing works fine and no error is generated at all, but if I let IE run without debugging, the  IFRAME do not get visible and the error happens again

When I click The error in the status bar for more detail, it only says :  'Access denied'
I beleived that the error happens when 'main.aspx' try to write someValues on 'calendar.aspx', therefore I granted full control to 'ASPNET' and 'EVERYONE'  account, on 'folderParent' level and 'folderChild' level, but that didn't solve the problem

And I'm wondering, if it's a permissions problem, why some users have this error and some others not ??

Thank you for your hel
Reply to this Message
bruce barker - 09 Apr 2004 04:34 GMT
the client code:

parent.document.frames("calframe").document.calendarForm.calendarTextBox1.va
lue=someValue;

parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someV
alue;

is executing what is refered to as "cross-frame scripting" and is being
denied by the users security setting.

-- bruce (sqlwork.com)

> Hi Luke,
> Here is more detail about the problem:
[quoted text clipped - 10 lines]
>
> <IFRAME SRC="calendar.aspx" STYLE="DISPLAY:none;Z-INDEX:100;WIDTH:100px;POSITION:absolute;HEIGHT: 100px"
ID="calframe" ></IFRAME><form  method="post" runat="server">
>   ... .... .....  (some html code)
>  <IMG onclick="PositionCalendar();" src="cal.gif" >
[quoted text clipped - 4 lines]
>                                           ... .... .....  ......
>                           (and those last 2 lines to set some control on the calendar to some values):

parent.document.frames("calframe").document.calendarForm.calendarTextBox1.va
lue=someValue;

parent.document.frames("calframe").calendarForm.calendarTextBox2.value=someV
alue;
>                                        }
> </script></html>
>
> Calendar.aspx structure:
>
> <%@ Page Language="vb" AutoEventWireup="false"
Codebehind="Calendar.aspx.vb" Inherits="myProject.Calendar" %><html>
>   ... .... .....
> <form id="calendarForm" method="post" runat="server"><input type=text  name='calendarTextBox1'><input type=text
name='calendarTextBox2'><asp:Calendar id=...... .... ....

>   ... .... .....  (some usual html tag and code)
>
> </form></html>
>
> and here what is happening:
> when 'main.aspx' page load, ('calendar.apx' is supposed to load automaticaly since it's contained in an IFrame on main.aspx), at this point,
no error happens and the status bar of IE 6.0 does not display any error.
> When I click on the image that position the calendar on the page, make it visible, and in the same time, write some values on 'calendar.aspx' , IE
status bar display 'Error occured'.

> Now,
> some end users do not get this error and the IFrame get visible on their page and every thing work fine, while with some other user, the IFRAME don't
get visible on their page and IE status bar display the mentioned error.

> If I try to step through the code on the USER MACHINE THAT GET THE ERROR,  through ... ... Break at Next statement ... ...., when I step through each
line of code, every thing works fine and no error is generated at all, but
if I let IE run without debugging, the  IFRAME do not get visible and the
error happens again.

> When I click The error in the status bar for more detail, it only says :  'Access denied'.
> I beleived that the error happens when 'main.aspx' try to write someValues on 'calendar.aspx', therefore I granted full control to 'ASPNET' and
'EVERYONE'  account, on 'folderParent' level and 'folderChild' level, but
that didn't solve the problem.

> And I'm wondering, if it's a permissions problem, why some users have this error and some others not ???
>
> Thank you for your help
Reply to this Message
[MSFT] - 09 Apr 2004 07:46 GMT
Yes, As Bruce, the access denied error is not caused by server security
issue. It is caused by client security. You may refer to following article
to see if they will help:

About Cross-Frame Scripting and Security
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe
_scripting_security.asp

Security Considerations: Dynamic HTML  
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/sec
_dhtml.asp

Luke
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this Message
tony - 09 Apr 2004 21:51 GMT
the cross-frame scripting security apply on frame calling another frame  from different domains
but in my situation all files and frames  and ..... are in the same folder

I noticed when changing the security level for IE6 from high to medium the script works, but that's would be impossible to ask every user come accross the site to change his browser security setting

Is there any work arround this issue other than changing IE security level ??
Reply to this Message
[MSFT] - 12 Apr 2004 09:17 GMT
Hello,

IE security setting also take effects on the cross frame scripting. The
security level High will block it. (There is no way to change client
security setting on server side or with some script. If this is possible,
there will be some security hole here. For example we may run some bad code
after modify the security level.

I suggest you may have your client user add your site to Trust sites. Or,
you may consider creating an ASP.NET USERControl instead of the Iframe.

Luke
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this Message
Vidar Petursson - 28 May 2004 12:37 GMT
Hi

some stuff to try in case frame is not ready etc...

var theValue = 0;
function doIframe(sVal){
theValue = ( typeof(sVal) != "undefined") ? sVal : theValue;
try{if(parent.document.frames["FRAMENAME"].document.readyState){}}
catch(e){setTimeout("doIframe()",1000);return;} // Error Check again in 1
sec
if(parent.document.frames["FRAMENAME"].document.readyState == "complete")
 {
  parent.document.frames["FRAMENAME"].document.forms[0].INPUTNAME.value =
theValue;
 // etc
  }
  else setTimeout("doIframe()",1000); // Not ready try in 1 sec again
}

And perhaps add a counter that on x count will inform user to modify
settings

More info
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/om/xframe_scr
ipting_security.asp
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/sec_dht
ml.asp

Signature

Best Regards
 Vidar Petursson
==============================
Microsoft Visual: Scripting MVP 2000-2004
http://www.icysoft.com/
http://www.deus-x.com/ Instant e-commerce
http://www.microsoft.com/technet/scriptcenter/
Playground: http://213.190.104.211/  ( IE 5.5+ only )

No matter where you go there you are
==============================

> Hi Luke,
> Here is more detail about the problem:
[quoted text clipped - 76 lines]
>
> Thank you for your help
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.