changing url for security reason asp.net - asp.net

I am writing an asp.net web application for internal automation.So, I am not thinking about SEO or user-friendly URLs. Just I want to change URLs for hide path and file name and query string. For example I want this URL "http://test.com/Admin/Create.aspx?id=345&name=pin" be shown for user something else that is not understandable like an encrypted URL "http://test.com/enc=nidfvegvbervmxvpazxczxcwefve" or show all URLs in all formats in a same way like "http://test.com/".
I read some articles about URL rewriting and URL routing. However, I think their method work reversely. I mean when user write "http://test.com/products/book", these method could assume it as "http://test.com/products.aspx?type=book" but I want that user couldn't see real URL ever.
Any idea?

I think what you might be looking for is Server.Transfer - check out:
http://msdn.microsoft.com/en-us/library/540y83hx.aspx

Just Encrypt the query string and decrypt on calling it
Something like
http://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-QueryString-Parameter-Values-in-ASPNet-using-C-and-VBNet.aspx

Related

Does Kentico allow query strings with question mark?

I'm trying to migrate my ASPX site to Kentico, and as part of my task I'm migrating URLs. I need to preserve my URL structure, so I need to keep URLs which look like : "foo.com/bar.aspx?pageid=1".
I checked page's "URLs" property tried to use wildcards, some patterns like /bar/{pageid}- /bar/{?pageid?}-, etc but Kentico always replaces question marks.
Is there a way to achieve that via the admin interface?
You don't need to do anything in order to use "foo.com/bar.aspx?pageid=1" url.
Create a page under the root and call it bar, so you'll get a page # foo.com/bar.aspx. Kentico and/or .net does not care what you add to a url after question mark, so foo.com/bar.aspx?pageid=1 will work as well as foo.com/bar.aspx?someparam=sdf, or foo.com/bar.aspx?id=1&p=3&t=3.
You may (or may not) implement some functionality based on query string (e.g. paging), so it will parse query string and act in appropriate way.
By default Kentico UI does not handle adding URL aliases with URL parameters like you show. There is an article on the DevNet for a URL Redirection module which has code you can import into your site to allow you to perform these redirects within the Kentico UI. I'd suggest using this approach.
Unfortunately, I can't share a code sample since it's an article but it also has a link to download the code too. This appears to only be coded for Kentico 8.2 right now but I'm guessing you could do some work to make it work for other versions if you needed.
I think there are few concepts that you are clubbing here. I will start with your line code here
/bar/{pageid} - {pageid} is a positional parameter in Kentico's language if you choose to use dynamic URLS based on patterns. SO if you have a code that relies on pageid parameter to fetch some data then Kentico will pass that value. E.g in case of /bar/420, it will pass pageid as 420 different web parts on your template
/bar/{?pageid?} - This will search for query string parameter "pageid" on the request URL and replace its value here. So if you passed foo.com/bar.aspx?pageid=366, the resulting URL will be /bar/366
The #1 is positional parameter and #2 is the way in which Kentico resolves query string macros.
I hope this clarifies.

ASP.NET MVC URL query string parameter renaming

I have looked through SO and the internet in General and I can't seem to understand whether the following is possible
I have a link to an action:
Link to Subject
This works fine, I can use the id, to get the Subject and all other info I need for the model.
In the browser it shows:
http://www.example.com/Main/Subject/1
This is just fine, but it is not pretty or very helpful for the user.
I would like to be able to look up the subject from the Id in the Action and modify the URL to look like:
http://www.example.com/Main/Subject/Science
Is this possible and if so, could someone give me a steer on where to find out how to do it.
I cannot change the parameter to a string because the subject name is not unique, only the id.
well you can use the dBprovider feature in urlrewrite 2.0 forr iis 7 and above. what you have to do is create a table in database that store both urls i.e
'http://www.example.com/Main/Subject/Science'
and
'http://www.example.com/Main/Subject/1'
it will match with the url you want to show 'http://www.example.com/Main/Subject/Science' and redirect to the actual url i.e is to 'http://www.example.com/Main/Subject/1' for more info check this
http://www.iis.net/learn/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module

URL parameters and backbone routing

Backbone.js maintains routing information in a URL after the hash mark, e.g.:
http://localhost:3000#page/hardware/table/?action=details&actionTargetId=5&actionTargetName=10.3.177.185&actionTarget=host
Even though the routing information is in the format ?p1=v1&p2=v2&p3=v3, this portion is not technically part of the url query string since it comes after the hash mark.
My question is if I add an actual query string to our app's urls like this:
http://localhost:3000?newparam=newvalue#page/hardware/table/?action=details&actionTargetId=5&actionTargetName=10.3.177.185&actionTarget=host
is there any possibility of the "newparam" url parameter interfering with the backbone portion?
the problem is your not actually creating a legit query string. your mixing your route with your parameters.
your example is formatted as:
domain ? param # route ? other params
as soon as a questionmark appears in a url everything after it is interpreted as a query string. (in this case) even your route.
personally i suggest using the html5 pushstate.
Backbone.history.start({pushState: true})
this will give you clean(er) urls
http://localhost:3000/page/hardware/table/?newparam=newvalue&action=details&actionTargetId=5&actionTargetName=10.3.177.185&actionTarget=host
that will help your routes to not interfere with your parameters.

ASP.NET: Get *real* raw URL

In ASP.NET, is there any way to get the real raw URL?
For example, if a user browse to "http://example.com/mypage.aspx/%2F", I would like to be able to get "http://example.com/mypage.aspx/%2F" rather than "http://example.com/mypage.aspx//".
I would of course like a clean way to do it, but I can live with a hacky approach using reflection or accessing obscure properties.
At the moment, I try to use the uri in the Authorization-header (which works), but I cannot rely on that always being there.
EDIT:
What I really want to do is to be able to distinguish between "http://example.com/mypage.aspx/%2F" and "http://example.com/mypage.aspx/%2F%2F".
It looks like ASP.NET first converts "%2F%2F" into "//" and then converts the slashes into a single slash.
So just re-encoding it is not going to work.
I wasn't able to test this because it only works in IIS and not the ASP.NET Development Server that is part of Visual Studio, but try:
Request.ServerVariables[ "HTTP_URL" ]
The following code works for me:
IServiceProvider serviceProvider = (IServiceProvider)HttpContext.Current;
HttpWorkerRequest workerRequest = (HttpWorkerRequest)serviceProvider.GetService(typeof(HttpWorkerRequest));
string realUrl = workerRequest.GetServerVariable("HTTP_URL");
Note that this only works when running on the IIS and not under f.x. ASP.NET Development Server!
Thanks to Lucero for the answer in another thread and Zhaph for pointing me to the thread.
See also:
Get the exact url the user typed into the browser
Server.HtmlEncode(Request.RawUrl);
The raw URL is defined as the part of the URL following the domain information. In the URL string http://www.contoso.com/articles/recent.aspx, the raw URL is /articles/recent.aspx. The raw URL includes the query string, if present.
see also:link text
I can't test here, but this might be what you need:
Request.Url.AbsoluteUri
Request.RawUrl will return the application relative path(including querystring info) while Request.Url will return the complete path(including querystring info).
For more information, see "Making sense of ASP.NET paths".
Well, you could just encode it back to the url-encoded version.
Get the url from the request and urlencode only the query string part and then concatenate them

What is the name for that thing that lets part of the URL be an argument?

For example:
http://stackoverflow.com/questions/698627/ms-access-properties
The number is part of the URL but is an argument to the web app as opposed to other options like:
http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
where all the args come after the '?'. I have used the second form before and I'm only trying to learn about the first form.
I'm sure I can find what else I need once I known what that's called so I can Google it.
URL Rewriting, generally.
Edit: Here is a good introduction to URL Rewriting.
Variables passed in the form of a URL are called the Query String. In a url like:
http://examples.com?a=b&c=d&e=f
The query string is ?a=b&c=d&e=f
In the Stackoverflow example, it uses URL Rewriting, specifically with MVC Routing to make 'pretty URLs'. There are other ways to do it in other languages. Some make use of Apache's mod_rewrite (example) while others parse the requested URI. In PHP a url like
http://example.com/index.php/test/path/info
can be parsed by reading $_SERVER['PATH_INFO'] which is /text/path/info.
Generally, they are using URL Rewriting to simulate the query string however. In the Stackoverflow example:
http://stackoverflow.com/questions/698711/what-is-the-name-for-that-thing-that-lets-part-of-the-url-be-an-argument
The important parts are the questions/698711. You can change the title of the question with impunity but the other two parts you cannot.
It's usually called the 'path info'.
That's just URL mapping. It lets you use pretty URLs instead of a large query string.
I believe the StackOverflow URL works that way because it is using MVC whereas your bottom example is using standard requests.
It is indeed done by URL rewriting.
Usually, web application frameworks do this automatically if you install it correctly on your server.
Check out CakePHP as an example.
It's called a URL parameter and uses the HTTP GET method. As others mentioned, it can be rewritten using URL rewriting so that the URL is easier to read and use. Some search keywords: "SEF URLs", "Apache Rewrite", "pretty URLs".

Resources