What is the difference between "Request" and "Response" terminologies in ASP.net?
I am using ASP.net 3.5.
Suppose I have to make somebody understand about these terms. What should i say ?
The Request is what a web client sends to the web server. The Response is what the web server sends - well, in response. Both are defined in the HTTP specification. (How they are structured, what information and meta data they include, etc.)
ASP.Net encapsulates these concepts in respective classes to make them programmatically accessible.
Edit: Specific examples as requested in the comments:
Request.QueryString
If you have a URL like the following:
http://www.host.com/Page.aspx?name=Henry&lastName=Ford
The part after the ? is the query string. (name=Henry&lastName=Ford <= The query string)
This is one common way to pass arguments to the server as part of the Request. In your server code you can access these arguments by using Request.QueryString:
string name = Request.QueryString["name"];
string lastName = Request.QueryString["lastName"];
Response.Redirect
Your server received a Request for a page and you want to redirect to another location. With the Response.Redirect() method, you add a specific piece of information to the Response that causes the browser to immediately go to this other page.
// This tells the browser to load google
Response.Redirect("http://www.google.com");
There is a IIS (Internet Information Services) Server.. In ASP.Net, you can Request for data from the server, and what the server sends you is a Response
Related
No duplicate of “Server.Transfer from ASP to ASP.Net” ;-)
On an IIS web server (running Classic ASP), I have a local URL that a user is remotely redirected to. Presumably, this call is made with data in the query string or transmitted through POST data. When this request is made, I need to remove this data (especially the query string) server-side, so none will be visible to the client.
For example, the user is led to http://example.com/dir/?data=payload. This is what requested, and this is what the user’s browser will display. Now I need the request resource to strip QueryString and Form data, so that the user ends up in e.g. http://example.com/dir/.
On MSDN, they have HttpServerUtility.Transfer, which adds a boolean to the classic Server.Transfer method allowing to preserve or clear data. However, when I try this in an aspx file transfering to an asp file, I get a 0x80004005 HTTP exception (“No http handler was found for request type 'GET'”).
Is it possible at all to “redirect” from an ASP.NET file to a Classic one?
Is there another, better way to remove request data server-side?
My options would be:
Use a redirect on the page without querystrings: Response.Redirect() This will clear post data as well.
Do a HTTP Request to scrape the HTML of the other page, and view it in your current page.
I would probably do option #1
I have to prevent a Cross-Site Scripting vulnerability from being sent in an HttpResponse from data in the HttpRequest header to pass a webapp assessment.
For example, HttpRequest Header:
GET /%22%20%73%54%79%4c%65%3d%58%3a%65%58%2f%2a%2a%2f%70%52%65%53%73%49%6f%4e%28% 61%6c%65%72%74%28%35%37%31%33%35%29%29%20%22 HTTP/1.1
HttpResponse Location Value:
/" sTyLe=X:eX/**/pReSsIoN(%?3e3ea140
My site is an ASP.Net website written in VB.Net running on Windows Server 2003 with IIS 6.0. What are my options? Do I have to use ISAPI filters in IIS?
Proper way to do this is to make sure your data in database (or whatever source you’re using) is clean and also to make sure you’re validating all user input on the server side.
Once you confirm your data is clean and that all input is being validated you should be safe.
Not sure if there are any built in ways in IIS.
I'm using Response.Redirect to serve media files, but don't want people to see the direct url to the files nor the subdomain (host). Is it possible to fake a 'get', and hide host and referer?
Use a Server.Transfer to transfer the request processing to another page.
When you use the Transfer method, the state information for all the
built-in objects are included in the transfer. This means that any
variables or objects that have been assigned a value in session or
application scope are maintained. In addition, all of the current
contents for the Request collections are available to the .asp file
that is receiving the transfer.
Server.Transfer acts as an efficient replacement for the
Response.Redirect method. Response.Redirect specifies to the browser
to request a different page. Because a redirect forces a new page
request, the browser makes two requests to the Web server, so the Web
server handles an extra request. IIS 5.0 introduced a new function,
Server.Transfer, which transfers execution to a different ASP page on
the server. This avoids the extra request, resulting in better overall
system performance, as well as a better user experience.
Since the browser doesn't make another request, the url is totally hidden from the browser, but it still gets the file that will be served by your redirect url.
What you want is not possible - for a simple reason: To have the client download the file directly from another source, you need to communicate the information about the location to the client in some way: If the client doesn't know the location, it can't download from there.
Whatever you try in the way of obfuscation, if it is decodable for the client browser, it is decodable for a human being armed with firebug.
Is there a way to get the server url (ex: http://www.myapp.com:8080/applicationFolder) without having access to a Request object ?
I need the url at aplication_start and in some classes where the Request object with all the goodies is not available.
note: I know that getting the application folder can be done using
VirtualPathUtility.ToAbsolute("~/");
HttpContext.Current.Request is a static property that always returns the Request object currently executing for the session.
I think all you need a custom solution to know when first request is made after application starts, and then you can send any email you want.. this is the similar problem with solution here http://weblogs.asp.net/reganschroder/archive/2008/07/25/iis7-integrated-mode-request-is-not-available-in-this-context-exception-in-application-start.aspx this do first initialization check in BeginRequest event.
There can be many different addresses all pointing to the same ASP.NET website, like using IP address or name. There might be more than 1 DNS name pointing to the same ASP.NET application. Therefore, HttpApplication, the parent class of Global, does not know which URL a visitor will use. Even IIS doesn't know. Therefore, you have to wait for the first request and then check in the request what URL the visitor uses to access your site. Something like this:
string baseUrl = Context.Request.Url.GetLeftPart(UriPartial.Authority);
One has to use Context to get access to the Request during Global.Application_Start, because Global.Request is not initialised yet.
Is it at all possible to inject a request into IIS for a page, have IIS and ASP.Net handle it as normal, but get the response as html handed back to me programmatically?
Yes, I know that I could connect to port 80 using WebRequest and WebResponse, but that becomes difficult if you are accessing the IIS server from the same physical machine (loopback security controls et al).
Basically, I want to inject the request (eg for http://example.org/MyPage.aspx) between the points at which IIS would normally talk to the browser, and the point at which it would route it to the correct ASP.Net application, and get a response back from IIS between the points at which ASP.Net/IIS applies the httpfilters and hands the html back to the browser.
I'm predominantly working with IIS7 so if there is a solution that works just for IIS7 then thats not an issue.
You could implement a custom HttpModule, which would give you access to the IIS pipeline, including the final response. However, you would still need to initiate a request to IIS to actually kick off processing. Not sure if this would work for you.
From the MSDN documentation:
An HTTP module is an assembly that is
called on every request that is made
to your application. HTTP modules are
called as part of the request pipeline
and have access to life-cycle events
throughout the request. HTTP modules
therefore let you examine incoming
requests and take action based on the
request. They also let you examine the
outgoing response and modify it.
Gave you looked into the WebCkiebt class? You can make the request and get the response HTML.
http://msdn.microsoft.com/en-us/library/system.net.webclient.downloadstring(v=VS.100).aspx