<< GamerLobby syndicatable frame | Home | Disable button on post back – working with validators >>

ASP.NET Website working within a frame

I recently was tasked with creating an ASP.NET Website that will run within a Frame on another domain.

Not realising the inherent problem with this method, I set about happily creating a website as I normally do oblivious to the impending problems about to be uncovered.
In development my website worked as expected, passed QA testing and was on it’s way up to production where it would finally be placed inside it’s frame for use.

So imagine the “Shock and Awe” when the application didn’t work what so ever. Like it couldn’t maintain a session.

So it turns out depending on Browser security settings, 3rd party cookies are disabled and websites within frames can not rely on cookies and can therefore not utilise session cookies.
Luckily however there is a simple solution for this.

All we need to do is add a p3p – Privacy Preferences Project - header which will indicate to the browser that this is in fact a site that can be trusted.
In essence this published a privacy policy which states what kind of information is collected and whether it will be used for forces of true evil or not.
Personally I don’t quite get it, because anyone intending on abusing this system can do just the same to get their pirate hacking sites to work.

But that’s not me, I behave, so I’m happy there’s a solution!
Well, enough pre-amble … let’s code!!

This is the header you have to:

HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

I utilise this by placing it into an HttpModule like follows:

    1 namespace WebDude

    2 {

    3     public class PrivacyPreferencesHeader : IHttpModule

    4     {

    5         public void Init(HttpApplication context)

    6         {

    7             context.BeginRequest += context_BeginRequest;

    8         }

    9 

   10         private void context_BeginRequest(object sender, EventArgs e)

   11         {

   12             HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

   13         }

   14 

   15         public void Dispose()

   16         {

   17 

   18         }

   19     }

   20 }

Reference this HttpModule in your Web.Config’s HttpModule section

<add name="PrivacyPreferencesHeader" type="WebDude.PrivacyPreferencesHeader, WebDude"/>

You can download the csharp source file here

Googling on the web, I found the same solution for some other languages thanks to this post

PHP
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

JSP
response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'")

Coldfusion
<cfheader name="P3P" value="CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'" />

posted @ Wednesday, January 21, 2009 7:43 AM

Print

Comments on this entry:

# re: ASP.NET Website working within a frame

Left by Frans at 4/28/2009 2:28 PM
Gravatar
Hi had the same problem one a website the other day took us whole day of going through posts to find the microsoft page that gives you the solution to the problem. Will check your site in future for the solution.

# re: ASP.NET Website working within a frame

Left by Coupon Codes at 5/15/2009 4:22 PM
Gravatar
This was useful in resolving my difficulties, thanks

# re: ASP.NET Website working within a frame

Left by ecar at 7/10/2009 10:15 PM
Gravatar
cheers ot that workin in the frames

# re: ASP.NET Website working within a frame

Left by Dinh Nguu Nguyen at 7/29/2009 6:18 AM
Gravatar
I embed roundcube login page in my website by put it in iframe. But IE block third party cookies.

I have tried with your code. But it don't work.
This is my code:

1. Module Code

using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
namespace HeaderModule
{
public class Application : IHttpModule
{
#region IHttpModule Members

public void Dispose()
{
}

public void Init(HttpApplication context)
{
context.BeginRequest += (new EventHandler(this.OnStartOfApplication));
}

#endregion

private void OnStartOfApplication(Object source, EventArgs e)
{
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
}
}

2. My website web.config
<httpModules>
<add name="HeaderModule" type="HeaderModule.Application, HeaderModule"/>
</httpModules>


Please help me. If have, contact me by email: dinhnguunguyen@gmail.com

Thanks so much

Your comment:



 (will not be displayed)


 
 
 
Please add 3 and 5 and type the answer here:
 

Live Comment Preview:

 
«March»
SunMonTueWedThuFriSat
28123456
78910111213
14151617181920
21222324252627
28293031123
45678910
About
Syndication:

RSS ATOM