To implement security on the online exam web application

hi its my first post.........

i am making an  online exam  web application (c#)  which contains many features as follows

1)user,role management .

2)admin panel 

3)support for the hindi language 

4)report generation via report wizard

5)number , rank calculation  and many more will inlcude amny other features in the next release but as if for know limited features are implemented due to some timing constraints

but i am get stucked in b/n some of the security aspects.  my application structure is as under 

1)select the title of the test from the testpage.aspx , will redirect to the start.aspx which displays all the instruction and one button is placed just below the instructions when user click this button  , redirected to the test.aspx ...now here is my problem starts , want to block some of the options like disabling ctrl key so that no one can able to copy the test paper simulatiously print screen, mouse right click and many others all this was already done but i want to disable the toolbar on the test.aspx page, on the start  button onclickevent, used javascript  

window.open(url, _ parent,'toolbar=no,fullscreen=yes') 

but this will open a window in which test.aspx will open , but the page start.aspx on which that  button is present is still opened so this will create a problem user can very easiy start one more test just by clicking start button so i want when that window opens simultaneously start.page wil dissapear

in short respose.redirect to the window whose toolbar and menubar are disabled  how to accomplish this  i thnk one got my issue any advise

thanks in advance...............

Hi priyansh,

First of all, congratulations for your first post and I hope you will become an active member of this great community.

Now, lets get back to your problem...

Lets say we have the following JavaScript function that will open the new window:

    <script type="text/javascript">
        function openWindow() {
            alert("test");
            window.open("http://www.microsoft.com", '', 'toolbar=no,fullscreen=yes')

            return false;
        }
    </script>

Now, If I want to call this and to change the currnet page from where I have opened the specified page inside this JavaScript function, I can easily do in the following way:

<asp:Button ID="btnClick" runat="server" OnClientClick="openWindow()" OnClick="btnClick_Click" Text="Open" />

I have wired two functions to the button. First is the OnClientClick, which calls the openWindow JavaScript function, so this will open the window, and the other OnClick="btnClick_Click" which calls server-side method defined in code-behind. Inside this method, you can navigate the page to somewhere else (different page showing the test started) and you can write into DB that the test has already started. Using this value written into DB, you can control whether the user can start the test again in both the Start.aspx and Test.aspx pages.

    protected void btnClick_Click(object sender, EventArgs e)
    {
        Response.Redirect("TestInProgress.aspx");
    }

Hope this helps.

Best Regards,
Hajan

hey first of all thanks for your concern.....

understood your code an di had alreay dtried that this will  opan a window on client click and redirected to the url from the server side bu ti want to close that page as well in which that button is placed , the one onclient new winodw is opened see i tried this 

<asp:Button ID="parentButton" runat="server" Text="Button" 

             OnClick="Button1_Click" OnClientClick="window.close();" /> this button is placed in parent.aspx

Server side code for the button is ...

protected void Button1_Click(object sender, EventArgs e)

 {

string url = "child.aspx";

string fullURL = "window.open('" + url + "', '_blank', 'fullscreen=yes,status=yes,toolbar=no,menubar=no,location=no,scrollbars=yes,resizable=no,titlebar=no' );";

parentButton.Attributes.Add("OnClick", fullURL);

}

but this is not giving me the desired result... rather the window to whom the button1 is placed will gte s closed but no new window is creating......

That's true, the window will get closed because the client-code runs first, so the server-side code-behind does not make any effect on 'non-existing' page which is already closed.

So, the order of the commands should be first window.open and then window.close.

You can do that on the following way:

<asp:Button ID="parentButton" runat="server" Text="Button" OnClick="Button1_Click" />

        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                string url = "child.aspx";
                string fullURL = "window.open('" + url + "', '_blank', 'fullscreen=yes,status=yes,toolbar=no,menubar=no,location=no,scrollbars=yes,resizable=no,titlebar=no' ); window.close();";
                parentButton.Attributes.Add("OnClick", fullURL);
            }
        }

So, instead in button click, I'm adding this in page load. As you can notice, first window.open() is added and right after the ';' window.close();

The other problem you may have with this approach is with the 'tabbed' windows on your browser. You will find that when user has multiple tabs opened, you can't close the window really easy (first) and it's not a good feature for users... That's why I'm suggesting the 'redirect' approach. So you will redirect to some other page which will be used by default when the child.aspx page is opened. Before redirecting there, save the state that the page was opened, so this won't give user ability to reopen the child.aspx page again.

Hope this helps.

hey

yah

your approach did work in google chrome but with the browser mozilla firefox the parent window is not closing and in case of internet explorer on pressing the button the  parent window is asking fot he confirmation in the form of popup,message   "this webpage is trying to close this window '',and as desired the  child page will gets opened

but things are not working in mozilla and internet explorer

can one disable the toolbar of the browser on the page load without opening a new window

since i need to solve this security issue and if nothing happens than i will have no other choice rather than opening a new wondo on the student login time so that all the applucation will run in that particuar window....

priyanshu mittal said:

hey

yah

your approach did work in google chrome but with the browser mozilla firefox the parent window is not closing and in case of internet explorer on pressing the button the  parent window is asking fot he confirmation in the form of popup,message   "this webpage is trying to close this window '',and as desired the  child page will gets opened

but things are not working in mozilla and internet explorer

Things won't even work in IE since IE has a lot of security for running such client side scripts, that might be potentionally dangerous in some cases. So, you will have to hell write completely new approach to handle all these warnings... therefore, that message will be always displayed in IE. As I said, I think the best would be to redirect to other page and not close this parent window at all...

priyanshu mittal said:

can one disable the toolbar of the browser on the page load without opening a new window

since i need to solve this security issue and if nothing happens than i will have no other choice rather than opening a new wondo on the student login time so that all the applucation will run in that particuar window....

I think you should think another way to such problems. You can't really disable the toolbar of the client's browser since they (the client/consumer) is the one who controls is on his side. So, disabling toolbar on the browser is kind of like messing up with his browser settings which are permissible only by changing the settings in his browser options.

For example, user has few tabs opened and now he/she opens your website and it disabled the toolbar, statusbar, addressbar, tabs bar... so he cannot open his other sites because your site has disabled his bars... thus, it messes with user private and security settings. On the other hand, when you make window.open(...), it openes completely new window which is controlled by the parenter (parent) window where your application runs.

Again, if possible, make the way so that once the test is started (window.open(...) has been launched), your parent website (from where window has opened) to be redirected to another page saying 'test has already started...'... I think this way you will be definitely able to make things work with enough desired protection.

Hope this helps.

yah that i know but i am also stucked in such scenario where i need to think abt this security feature otherwise anyone can copy this test and since this app is used a commercail one so bit wrry abt this feature okay i figured out some of the thinks and also your suggestions help me a lot 

thnks for all of  your advices