Dangerous site - attackers on the site you're trying to visit might trick you

Anjali Agarwal 1,471 Reputation points
2024-04-19T18:56:41.28+00:00

I have an intranet site. This site is hosted on our internal server 2019 on IIS version 10.0. This website is just a web page that enables the employees to fill out their information and then populates a .pdf file from the information that they fill out. This .pdf file is embedded on the web page too. This is the code to embed .pdf file on web page:

using (MemoryStream stream = new MemoryStream())
     {
         string embed =  "<object data=\"{0}\" type=\"application/pdf\" width=\"1000px\" height=\"700px\">";
         embed += "If you are unable to view file, you can download from <a href = \"{0}\">here</a>";
         embed += " or download <a target = \"_blank\" href = \"http://get.adobe.com/reader/\">Adobe PDF Reader</a> to view the file.";
         embed += "</object>";
         TempData["Embed"] =  string.Format(embed, "/FilledPDFFiles/AckPack" + "_" + up.EmployeeId +".pdf");
         return View();
     }

Once the employee fills out the information on the web page and clicks the submit button, the entire blank .pdf file is populated and then shows the filled out information on the embedded .pdf file. Clicking on the submit button is show this error message:

User's image

Is there any way, I can avoid this message by some configuration on IIS side or in the application web.config file.

Internet Information Services
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,629 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,515 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,040 questions
0 comments No comments
{count} votes

Accepted answer
  1. Bruce (SqlWork.com) 67,016 Reputation points
    2024-04-20T16:44:19.59+00:00

    It’s probably your obsolete object tag. Use an iframe with src url, or just return a pdf.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.