1

MY Asp.Net website alone works fine. We are now loading this website inside a thirdparty website's iFrame using HTTP GET & POST method. In most of the systems the webpage loads correctly inside an iFrame in IE. But some systems, first my website is loaded correctly inside iframe then throws "An Error occurred when trying to access this page" error when page is loaded inside an iFrame in IE. The error message is shown inside iFrame where Parent website continue to run correctly.

I have debugged the asp.net/C# code and looks like all the page loads code executes correctly and there was not exception but then suddenly errors is thrown.

I have compared IE settings in both the system tried to keep same settings in both the systems but no luck.

What might be the cause of this issue? If its possible to catch the parent website error? I don't have access to parent website code. Any help would be great.

Saikat Chakraborty
  • 271
  • 1
  • 3
  • 11
  • Check the X-Frame-Options header setting for your web site. See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options – Sergey L May 12 '16 at 08:29

1 Answers1

0

After breaking head a lot finally I am able to detect the actual error.

What I did In IE used Tools->F12 Developer Tools or press F12 in IE. Then use "Network" tab to track what is the last page/link which causing the issue. Found out that it was my website which was causing the error. Now its time to find the actual error.

I found that in Web.Config file 

<system.web>
<customErrors defaultRedirect="Error.htm" mode="RemoteOnly"/>

This was causing the redirection to "Error.htm" where a generic custom error message was displayed. So I replaced the above customErrors element as below 

<customErrors mode="Off"/>

reference: Web.config Custom Errors mode Conflict

Now I have received the actual error. The error is:

A potentially dangerous Request.Form value was detected from the client (ConfigurationRequest="http://go.microsoft.com/fwlink/?LinkID=212874.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ConfigurationRequest="

Now I need to find out why this issue is occurring and the root cause. Let's see what I can find. But its sure this issue is causing by HTTP GET (Request.Form) call from the 3rd party website

Then I found A potentially dangerous Request.Form value was detected from the client

I added <httpRuntime requestValidationMode="2.0"/> valid for .Net4.0 runtime

(If .Net runtime is 2.0 then add <pages validateRequest="false"> ) to web.config its started working.

But there were some more errors. Some how in few system IE was not saving Session and profile variables. This causes several issues while page loading as I was using session and profile variables.

I found Session Variables not saved when page is in an iFrame

and added P3P header in IIS:

Name = p3p Value = CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

enter image description here enter image description here

its started working file inside iFrame. Phew!!!

Community
  • 1
  • 1
Saikat Chakraborty
  • 271
  • 1
  • 3
  • 11