I have created web application.I am giving one of web page to client as api.Client can pass parameter to web page like below
Ex: www.domainname.com/Testpage.aspx?name=pinky&city=pune&number=xxxxxxxx
In same page Testpage.aspx,I am accessing/fetching querystring like below.
string s= Request.Querystring["name"];
I am not sure how client can call api.I mean to say from browser or code throught.Whether client use urlencode or not?
from code
www.domainname.com/Testpage.aspx?name=Server.UrlEncode("pinky")&city=Server.UrlEncode("pune")&number=Server.UrlEncode("xxxxxxxx")
will below code work ? or does i need to decode?If client did not use Encode then decode work fine?.I want user querystring value further processing and insert into table.
string s= Request.Querystring["name"];
You need not decode it. If they have entered special characters and not encoded then it will not reach your server-side code at all because it will throw a bad request error. If they have encoded at their end then it will be automatically decoded at your end.
Even If they have not encoded, Your decode will work fine.
Related
I'm currently writing an ASP.NET Core web API that has an action with a encrypted value as a parameter.
I'm trying to test this action and the URL won't even submit in the web browser, at first I thought it could be due to the URL being too long but I've found this answer and my URL is well below the 2000 character limit. I've changed the parameter to a trivial string ("hello") and it submits fine and runs the code. I've tried in both Edge and IE11 whilst debugging my application, in Edge nothing happens at all, in IE11 I get a message saying:
Windows cannot find 'http://localhost:5000/api/...' Check the spelling and try again
In either case the code in the application doesn't execute (I've put a breakpoint on the first line of the controllers constructor which isn't being hit).
I've included an example of one of the URLs that isn't working below, as well as the code I'm using to generate the encrypted string, it uses HttpUtility.UrlEncode to convert the encrypted byte[] array to a string.
Example URL (one that doesn't work):
http://localhost:5000/api/testcontroller/doaction/%95%d6%f8%97%84K%1f%d4%40P%f0%8d%de%27%19%ed%ffAR%9c%c6%d4%b1%83%1e%9fX%ce%9b%ca%0e%d4j%d3Rlz%89%19%96%5dL%b1%16%e9V%14u%c7W%ee%89p%3f%f7%e6d%60%13%e5%ca%00%e9%a2%27%cb%d3J%94%a6%e1%b9%9c%914%06y%7e%0bn%ce%00%e5%7d%98b%85c%fa6m%7d%f7%f1%7b8%26%22%5e%1et%5e%10%0c%05%dd%deFAR%bb%93L%b9-W%e1K%82%d8%cc8%ce%e0%0c%2b%bc%19
Action:
[HttpGet("[action]/{encrypted}")]
public string DoAction(string encrypted)
{
return "Executed";
}
Generate encrypted string:
private string GenerateEncryptedString()
{
RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider();
byte[] data = HttpUtility.UrlDecodeToBytes("AHMW9GMXQZXYL04EYBIW");
byte[] encryptedData = rsaProvider.Encrypt(data, true);
string encryptedString = HttpUtility.UrlEncode(encryptedData);
return encryptedString;
}
Not sure if I'm going wrong in my methodology for converting the encrypted data to a string but I would appreciate any feedback on how to fix this issue.
I think you should try to pass this data in the query string and not in the location (path) part of the url (some characters may be forbidden in paths as a security layer), so add a ?data= before the encoded data.
http://localhost:5000/api/testcontroller/doaction/?data=%95%d6%f8%97%84K%1f%d4%40P%f0%8d%de%27%19%ed%ffAR%9c%c6%d4%b1%83%1e%9fX%ce%9b%ca%0e%d4j%d3Rlz%89%19%96%5dL%b1%16%e9V%14u%c7W%ee%89p%3f%f7%e6d%60%13%e5%ca%00%e9%a2%27%cb%d3J%94%a6%e1%b9%9c%914%06y%7e%0bn%ce%00%e5%7d%98b%85c%fa6m%7d%f7%f1%7b8%26%22%5e%1et%5e%10%0c%05%dd%deFAR%bb%93L%b9-W%e1K%82%d8%cc8%ce%e0%0c%2b%bc%19
i read about httphandler and they use rawurl and then they said :
For example, suppose you rewrote the HTTP handler that processes image requests so that
it is based on the query string instead of the file name
When you make a url rewrite the Request.RawUrl is shown the url that user see on the bar, there you do not have the query strings that you have rewrite.
For example if you rewrite the www.site.com/2/product to www.site.com/product.aspx?id=2 to been able to read the id you need to use the Query string, because the RawUrl did not have it.
HttpRequest.RawUrl Property Gets the raw URL of the current request.
see more http://msdn.microsoft.com/en-us/library/system.web.httprequest.rawurl(v=vs.110).aspx
html addresses use QueryString property to pass values between pages
http://www.localhost.com/Webform2.aspx?name=Atilla&lastName=Ozgur
Webform2.aspx this is the page your browser will go.
name=Atilla you send a name variable which is set to Atilla
lastName=Ozgur you send a lastName variable which is set to Ozgur
I have an MVC3 Action that takes a parameter (a URL) that may have a query string in it. My action signature looks like this:
GetUrl(string url)
I expect to be able to send it urls, and it works every time unless there is a query string in the url. For example, if I navigate to:
MyController/GetUrl/www.google.com
the url parameter comes accross as "www.google.com" -Perfect. However, if I send
MyController/GetUrl/www.google.com/?id=3
the url parameter comes accross as "www.google.com/" How do I get MVC3 to give me the whole URL in that parameter? -Including the query string?
It's simple enough to just URL.Encode the passed in URL on the page but you're opening your self to some possible security problems.
I would suggest you encrypt the url then encode it then pass that as your value, the protects you from having people just passing in anything into your app.
That's because system considers id=3 as its own query string. When you construct the link in the view, you need to use #Url.Encode to convert raw url string to encoded string to be accepted as parameter of the controller.
I am creating a site in asp.net with URL rewriting.
My initial url is like
/mypage/languagename/ASP.NET
it is working fine when I am excepting taking the language name with
HttpApplication app = (HttpApplication)sender;
app.Request.RawUrl // this is giving me ASP.NET
but when the initial URL is
/mypage/languagename/C#
I am getting only C from the rawURL instead of C#.
How can I get the same?
Use UrlDecoder becasue # is URL Encoded Character
You need to encode that url because it contains html special character, ie the #
Check this class, System.Web.HttpServerUtility. Use that class UrlEncode method to encode the url before using and it will solve your problem.
I am creating a web site in .Net 3.5 , I am converting the string into Base64String to send it through querystring. The Response.Redirect works fine for smaller string. But if the original string size is 1670, the response.redirect results in error "Page can not be found".
item is the string in below code snippet.
byte[] data = Encoding.Default.GetBytes(item);
return Convert.ToBase64String(data)
Can any one please help in resolving this?
A query string shouldn't be used for long values - while it depends on the browser and web server exactly what the maximum safe length is, it's certainly not safe above about 2000 characters, and I'd be wary about relying on it above 255. The solution is to use a POST request instead, or possibly to save the data on the server and pass a key to it in the query string.
There is a limit on characters sent as a query string - it varies from browser to browser:
http://support.microsoft.com/kb/q208427/
I'd save it to a DB and retrieve it on the other end with a key.