Running separate ASP.NET projects on the same port - javascript

I have an ASP.NET MVC project that encompasses the bulk of a web application as well as a web API that is consumed by client-side code. The API component is beginning to sprawl and I would like to separate the API and MVC app into two projects. (MyAppMVC and MyAppAPI). However I am unsure how to get the MVC app to play nicely with the API when they are not part of one project.
Right now I have an API controller MyAPIController that answers POST and GET requests sent from client-side JavaScript to /api/MyAPI. When both the JS and API live under the same project, I run the solution from Visual Studio and hit the API with no issues.
However, when they run in different projects, this no longer cooperates. To avoid violating cross-domain security, the JS must be hitting the API within the same domain / port. However Visual Studio runs my API and MVC application on different ports, and attempting to hit the API from the Javascript file living inside the MVC file causes same-origin errors.
Is there any way to have these two different but complementary projects running on the same domain / port? For organization and modularity I would really like to be able to separate my web application into multiple projects rather than lumping them into a single massive one.

I can suggest this way
Create application for api in IIS
Create application for MVC application in IIS
Enable cross domain request in API
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="access-control-allow-headers" value="content-type" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<system.webServer>
In both projects use custom web server for debugging
VS 2012 it is: Right click on web project -> Web -> Select "Use custom web server" and provide the url of the project, it will be like localhost/api, localhost/mvc_client
From that moment your projects will have
Same address in debug mode or when you are browsing to the project without debugging.
Api project will allow cross domain requests.
Client will able to send request to the API cause it allows cross domain requests.
And you will able to debug the projects.
If you will do it, validate that you can brows to the projects before to run debug. You may have some problems like "access to the path denied" and so on.

So my fix, without using CORS ended up being to just give up on using IISExpress and create two separate applications under Local IIS, each with their own path, but both living under default web site (localhost) at port 80. That way I was able to reach http://localhost/MyAppUI and then make calls from MyAppUI to http://localhost/MyAppAPI/api without dealing with any cross-domain issues.

Go to Project Properties in Visual Studio and then go to Web, under servers change the project url to a different port number and Create Virtual Directory.

Related

How to include another SAP Cloud project resource into deployed SAPUI5 app?

I created several SAPUI5 web applications in Eclipse that have been deployed to a SAP NetWeaver PO 7.5 Application Server.
All these applications use generic components of a "common" project. I just made them available via the html header with this bootstrapping script-tag:
<!-- Bootstrapping UI5 -->
<script id="sap-ui-bootstrap"
src="/sapui5/resources/sap-ui-cachebuster/sap-ui-core.js"
data-sap-ui-libs="sap.m"
data-sap-ui-theme="path.to.custom.theme"
data-sap-ui-compatVersion="edge"
data-sap-ui-resourceroots='{"com.namespace.ui.specificapp": ".", "com.namespace.ui.common" :"/com.namespace~ui~common~web"}'
data-sap-ui-frameOptions="trusted"
data-sap-ui-appCacheBuster = "./,/com.namespace~ui~common~web/" >
</script>
This worked fine until I tiered to transfer these applications to SAP Cloud.
I imported the projects to WebIDE and first thing I discovered was that data-sap-ui-resourceroots attribute doesn't work anymore because application cannot find the components from the common project. So I deployed the common application to SAP Cloud and inserted the corresponding URL in the bootstrapping script-tag of the index.html like this:
<script id="sap-ui-bootstrap"
src="/sapui5/resources/sap-ui-cachebuster/sap-ui-core.js"
data-sap-ui-libs="sap.m"
data-sap-ui-theme="path.to.custom.theme"
data-sap-ui-compatVersion="edge"
data-sap-ui-resourceroots='{"com.namespace.ui.specificapp": ".", "com.namespace.ui.common" :"/https://common-aXXXXXXXX.dispatcher.hana.ondemand.com/"}'
data-sap-ui-frameOptions="trusted"
data-sap-ui-appCacheBuster = "./,/com.namespace~ui~common~web/" >
This allows browser to find the JS-files from the common project, but leads to this error:
Note: Your browser does not support JavaScript or it is turned off. Press the button to proceed.
This is message is thrown by the https://common-aXXXXXXXX.dispatcher.hana.ondemand.com/ host.
Analysing the HTTP request I see that the parameter Accept:text/plain, */*; q=0.01 is set.
I don't know why SAPUI5 is requesting plain text or where I can change this behavior. Does anyone know how to tranfer this application structure to the SAP Cloud?
The answer is pretty easy: The server blocks requests to other origins to prevent CSRF attacks. In the on premise solution all source files come from the same origin: the own server. In the SAP Cloud each application is deployed standalone with its own URL. Therefore the browser doesn't accept JavaScript files from other projects. The solution to access these files is to add the URL of the common project to the destinations in the SAP Cloud Cockpit.
FYI: Including the URL in the destinations enables you to use a relative URL for referring to external JavaScript files, so that they aren't blocked by the browser.

What are the security implications of using sandboxed mode and loading scripts from a trusted source?

We are building a chrome web app that connects to a remote server. The remote server will be serving custom javascript files that are stored in the database. These files will be injected into code for working.
To be specific we are using ReactJS framework and we are injecting custom React components into this application based on the given route.
The chrome app with a sandboxed window works normally. However, I am trying to figure out the security implications of using a sandboxed app that connects to a remote server. What kind of security problems can this approach create?
I also want to know if there is a way to make that chrome app only loads JS files that are coming from a specific IP address. In extensions it is possible but I haven't been able to find anything for chrome packaged apps.

Prerender angular2 pages as pure HTML

My problem is that facebook and twitter bots do not execute javascript, and I need metatags in my items, so that the right image/title/message is displayed when sharing on those platforms.
I have a nginx server serving angular2 content as static files.
Now I want to somehow prerender the pages for those bots. More specifically, I want to redirect the bots to an instance of for example phantomJS which would prerender the pages. I want that instance to run as a separate service on a different IP so that I can perhaps re-use it for something else too.
I have no idea where and how to start. Are there any nodejs server packages, who would already know how to do that for me?
Ended up installing a self-hosted version of prerender (https://github.com/prerender/prerender) and routed the bots to it through nginx. Works great!

Lauching .bat or .exe client-side

I face an issue for a client who need to launch an application from a ASP.Net website client side. For the moment the solution is using ActiveX, but we all want to find an other way to do this action.
I read this links to find informations :
Is it possible to run an .exe or .bat file on 'onclick' in HTML
https://msdn.microsoft.com/en-us/library/aa767914%28v=vs.85%29.aspx
I know that for security issues, browsers don't allow the launch of client applications, but did someone find a hack to do something like that and have a sample to post ?
Have a good day
The technology exists for YEARS and it's called ClickOnce.
https://msdn.microsoft.com/en-us/library/142dbbz4%28v=vs.90%29.aspx
It requires the .NET Framework at the client side and a support from a browser (some browsers require a plugin to correctly handle ClickOnce apps).
Applications are deployed either in a form of a self-extracting installer (setup.exe) or a link to an XML document, the manifest, that describes location of other components (appname.application). In any case, a client just clicks a link, the app is downloaded and run locally, using local client permissions.
In particular, the app can read/write local files, use certificates from the local store, print documents using local printers, call other services ever if they are cross-domain etc.
And note that such ClickOnce application can run client local processes without any restrictions. We use this feature for years and it sounds like this is exactly your scenario.
Theoretically it could happen if a service was listening on some predefined port and the application simply sent a specific request to that port.
Other than that, I don't think it's possible to directly execute an application on the user's computer.

Content is not shown at angular.js web application while Hosting

I'm new at this,
I built an angular.js app and now I want to host it,
I tried both on google drive or firebase but in both cases the html
is shown, but the information that loads on angular dosen't show..
Do I Have to develop a server side on node.js?
What can I do?
Thanks.
Yes, you need a http server to host your angular.js app, since angular.js need dynamically load the js file but it is not allowed to access the js file on file system directly. Suggest using this http-server to host. It's very convenient. Or simply copy your angular.js code to IIS or Nginx, Apache, Tomcat, etc ...

Categories