accessing the logged in CRM user from custom page - javascript

We have Dynamics CRM and a webform which is loaded from the ribbon, essentially inside an iframe.
How do we get the logged on user? On the top right, is my name and image as logged in via Active Directory. However, if I do something like:
var UserID = window.parent.Xrm.Page.context.getUserId();
or in C#:
UserPrincipal user = UserPrincipal.Current;
lblUser.Text = user.SamAccountName;
then we get the generic user that CRM is configured to use.
If I do a right click on the entire form and go "View Source", I can see this:
var USER_NAME = 'Rodney Ellis';
In Chrome's developer tools I can run this from the Console, and my name appears:
alert(USER_NAME);
But when I try to access it from javascript in the code it says it can't be found:
Uncaught ReferenceError: USER_NAME is not defined
How can I get the Username from inside the aspx webform, either by c# or js? Cross-side scripting being blocked has stopped a lot of the easy ways, hence why we're looking for a work-around.

The below code should give you what you want. Read more
Xrm.Page.context.getUserName();
But based on popup or inline embedded iframe, you have append in front.
window.parent.Xrm.Page.context.getUserName();
window.opener.Xrm.Page.context.getUserName();

In one of the all time great hacks ... we got around the problem by embedding another iFrame into a web resource!
So the web resource can call Xrm.Page.context.getUserName() and then concatenate that to the querystring which we then pass into an iFrame. because CRM thinks the iframe is just one control, it allows all the webform commands taking place inside of it and doesn't give any 500 errors.

Related

How to Scrape a popup page using python and selenium and beautiful soup

I'm trying to scrape off info from a pop up page. It has names of the NGOs in a table format and on clicking on each name gives way to a pop up page. In my code below, I'm extracting the onclick attribute for each NGO and storing it in a variable. I want to use this variable to make a post request to get the pop up page. (I've also tried accessing it using selenium. It didn't work.
How should I get my code to open these pop up links for scraping data off them?
HTML behind the page
Name
Code portion is below
html = requests.get("http://ngodarpan.gov.in/index.php/home/statewise_ngo/31/35/1")
soup = BeautifulSoup(html.text, 'lxml')
first_div = soup.find ('div', class_ = "ibox-content")
get_tr = first_div.find_all('a', onclick=True)
for ngoinfo in get_tr:
try:
if re.match('show_ngo_info',ngoinfo['onclick']):
k = ngoinfo['onclick']
p = re.sub("\D", "", k)
except:pass
When you have dynamic information loaded on the web page, you should inspect what calls the page do to get this dynamic information. You can use the Inspection Tools from your web browser to find that.
Inspecting the page I saw that when you click on one of the links to show the popup, the page does two requests, the first got a CSRF token and the second got information that will have displayed in the popup.
I think you should try to simulate these calls with Python. I couldn't test this, but I think this is the approach.
First: GET http://ngodarpan.gov.in/index.php/ajaxcontroller/get_csrf
Second: POST http://ngodarpan.gov.in/index.php/ajaxcontroller/show_ngo_info
You should send the id that you got before
I discovered this when I inspected the network in browser inspection tools.
You will need to do these calls for each link you are extracting.
I hope that can help you.

Detect if page was opened from app

This applies both to Android and iOS. My web page may be sometimes opened by an app (you go to the app, and click a link there which opens the page).
I want to know if the page was accessed through an app or if the user got to it, let's say, by typing the address on the browser.
If accessed through an app, I don't need to know which app it was.
The only thing I know of is document.referrer, but it seems to return "" when the page has been opened by the app. Unfortunately using "" as an indicator is not possible, as other ways of getting to the page may also show "" (for example typing the address). The history object does not seem to contain the info I'm looking for either.
I am using a Zendesk Help Center, so I only have access to the javascript of the page in order to detect this. I can't make changes on the server-side of my page.
Alternatively, I may be able to talk to the people in charge of the app so that they include something when the app opens the browser which would allow me to access that info on the browser, but I am not sure what that could be. Any ideas?
Thank you!
It seems to me like your best bet would be to have specific links for your site that will let you know that the link came from the app.
Like so: http://www.yoursite.com/?openedFromApp
You will use those links inside the app that will be directing users to your website.
That way, if you were using PHP as your server-side language you'd be able to check if the openedFromApp URL parameter was set like so:
<?php
if(isset($_GET['openedFromApp'])) {
echo "The website was opened by an app";
}
else { echo "The website was opened normally"; }
?>
If you want to check if the openedFromApp URL parameter is set using Javascript you'd have to create your own function for accessing URL parameters as Javascript does not have a built-in way of accessing them.
But this link could help you access the URL parameters with Javascript: https://stackoverflow.com/questions/...

Can I get the address bar url from the javascript console when the page has failed to load?

Just say I typed in a bad hostname in the address bar.
For example, say I wasn't running a local web server, and I load:
http://localhost/callback_url
In Chrome, this will give me a "This webpage is not available" message.
Is there anyway I can find out what the url is in the address bar from the Javascript console, even though the page failed to load?
I know I can normally use window.location.href to get this, but that returns "data:text/html,chromewebdata" in this instance.
So in this example, I'd like to know if there's some javascript that returns http://localohost/callback_url
EDIT: The main reason I'd like to do this is so I know if server side redirect failed when using ChromeDriver with Selenium. So I'd prefer to avoid using extensions if possible, and am open to Chrome and ChromeDriver specific solutions if applicable! The callback_url may have extra info in it, added by the server, and I'd like to see what this info is. I'd like to avoid running another server to get this data if possible.
The loadTimeData object included in the ERR_CONNECTION_REFUSED page has the failed URL:
> loadTimeData.data_.summary.failedUrl
"http://localhost/foo?request_url=bar"
You can get it from the title of the page.
By typing document.title and doing some regex you can get the URL.
Another way I found is by using the following
var data = loadTimeData.createJsEvalContext();
console.log(data.a.$top.summary.failedUrl);
If you open the developer tools and search for a part of the URL in source code, you will see that Chrome creates the loadTimeData in the "not available page".

JavaScript working in Acrobat but not Reader

I have created a form in Acrobat that includes a submit button. When the user clicks it I want certain fields to be exported as tab delimited text. In Acrobat, when the button is clicked the window opens, allowing me to select the folder to export into, and the data is exported. In reader nothing happens. The debugger gives me this error:
RangeError: Invalid argument value.
Doc.exportAsText:2:Field Submit:Mouse Up
I've looked and can't seem to find information on this error. My original script is this:
var aSubmitFields = new Array ( "Name", "Address")
this.exportAsText ({aFields: aSubmitFields})
As you can see it's very basic. I don't understand why it will not work.
EDIT: after removing the "a" from ({aFields I get the error:
NotAllowedError: Security settings prevent access to this property or method.
Doc.exportAsText:2:Field Submit:Mouse Up
To achieve this in Acrobat Reader first user will open tools>preferences, there user will see the security settings. Here first need to allow active contents to run
After doing this your code should work, the active contents like JavaScript are exploited by malicious users so this feature is disabled by default.
New versions with HotFix installed will not allow JavaScript, every time security hot fix applied it will disable the JavaScript/Active Content option..
I hope this will give you some insights towards solution..
To be able to call exportAsText() in Adobe Reader you need to have "Advanced Forms Features rights" on document. You can see it in documentation pages 32 and 251. If you do not have this right on document you are calling JavaScript code on you will get "Security settings prevent access to this property or method." error.
This rights can be set when the document is created in Adobe Acrobat.
And the active content must be allowed in reader as the MarmiK already tell you.

Permission issues checking if parent site is my parent domain within iframe

I've read several of the questions on this but am still a little confused.
For example: OK, I can't post examples because of hyperlink limitations
Here is my exact situation.
I have a site at mydomain.com
One of the pages has an iframe to another page at sub.mydomain.com
I am trying to prepare an onload script that if the page is not in an iframe or the parent domain of the page containing the iframe is not mydomain.com then redirect to mydomain.com.
After the initial permission issues I realised the problem with sub domains counting as separate domains.
One of the posts above says that "could each use either foo.mydomain.com or just mydomain.com"
So I tried (for testing):
onload="document.domain='mydomain.com';alert(parent.location.href);"
This produced the error (http replaced with lar
Error: Permission denied for <http://sub.mydomain.net> (document.domain=<http://mydomain.net>) to get property Location.href from <http://mydomain.net> (document.domain has not been set).
Source File: http://sub.mydomain.net/?pageID=1&framed=1
Line: 1
Removing the alert produces no errors.
Maybe I am going about this the wrong way since I do not need to interact with the parent just read its domain if there is one.
A nice simple top.domain. For read only there must be a way so that people can prevent their own pages being used within other people's sites.
You can't (easily) do this because of security restrictions.
This answer from #2771397 might point you in the right direction.
OK, while looking at the error console I still had open when I got home a wee lightbulb lit up. I am pretty new to javascript (can you tell ;) but I thought "If it has try/catch"...
well here is a hack at least to get the name of the top domain and an example of how I will use it in my site to show content only if the page is a frame in the correct domain.
Firstly the header will have the following partially PHP generated function:
function getParentDomain()
{
try
{
var wibble=top.location.href;
}
catch(err)
{
if (err.message.indexOf('http://mydomain.com')!=-1)
{
createCookie('IAmAWomble','value')
}
}
}
Basically the value will be something based on the PHP session I think. This will be executed at page load.
If the page is not within the proper site or if javascript is not enabled then the cookie will not be created.
PHP will then attempt to read the correct value from the cookie and show the content or an error message as appropriate.
I do see a slight flaw in this for first visit since page load will run after PHP has generated the content but I'm sure I can work around this somehow. I thought I'd post because this is at least what I was initially asking for and that is a way to read the URL of a parent site if it is in a different domain to the site in the frame.
IIUC you want to use the window.parent attribute: “A reference to the parent of the current window or subframe.”
Assumably, window.parent.document.location.host contains the container page URL domain name.

Categories