When you have done your url rewrite for a url what happens when you use your code behind file and use request.querystring when there aren't any cos you url has been re-written. I haven't implemented url re-writing yet and want to.
Well, not sure if I understand your question...
If you use url rewriting the user sees on the browser a url like this one
www.yourdomain.com/category1/product1
While you see on the code behind something like this
www.yourdomain.com?cat=1&prod=1
The friendly url is converted to the "ulgy" format before reaching your page logic, so the querystring will be there and ready to be processed.
Related
Which of them is correct definition of URL rewriting?
Shortening of URL for end-user as elaborated here
Appending extra arguments to URL sent to server for session management
I am confused over which one was invented first, and which one should be correct definition of URL re-write?
URL rewriting is simply what its name implies: rewriting/modification of URLs.
This can be used for shortening URLs, and it can be used for appending query parameters, but it’s not restricted to these two use cases.
To make the URL more readable
Example www.abc.com?id=1 rewrite it to www.abc.com/1
I have the need to redirect back to the current page minus any query arguments.
I just found Request.Url.AbsolutePath, which looks like it provides just the ticket to pass to Response.Redirect().
It seems to work on my dev machine okay. Does anyone know of any potential problems redirecting to the value of this property? It's hard to confirm it's "safe" in all cases.
It could be a problem if you "re-written" the URL internally. For example, the user request "/team.aspx" but internally you transfer execution or rewrite the url as "/page.aspx?id=137".
Personally, I prefer to use the Request.RawUrl (which is always local) and you can strip the query-string.
Getting rid of the host part of a request is not an issue because HTTP Redirect can be path on Absolute Paths ("/foo/bar") and the browser will preserve the protocol, port and hostname.
I would use Request.Url.OriginalString.
Absolute path gets rid of the host part of the URL.
Take a look at this: http://wdevs.blogspot.com/2009/03/url-properties-of-request-to-aspnet.html
Is it possible to rewrite URL on the fly, only when a part of the server code has already been processed for the "raw" URL and it becomes clear the parameters must not be revealed to the user? Like, I want to proccess all the GET parameters in my page code on the server and create a tracking record in the database, then serve the user the page but change URL to parameterless in the browser.
I guess all the web.config referred module techniques won't work as they offer URL rewriting before request is passed to the page code on the server. But it comes in my case that I receive an ugly URL from google adwords clicks and I do like it tracked 'as is' in my database, and I do certainly not like it show to user in her brower's bar.
At the same time I would like to keep URL unchanged without applying the URL rewrite most of the time unless some particular parameter shows up in it (like ref=adwords) so that any paramter written by hand or posted back would be displayed in the address bar.
Is it possible to do so by any means?
Have you considered writing an ActionFilter that would (if your controller or method is decorated with it) intersect your initial request, do all the necessary processiong and then redirect back to the requested page only indicating, that processing has been done?
This would be my first thought.
I heard of sites using other site to redirect users either to their own site or to hide behind another site. In my code i redirect in a few places such as post a comment (its easier to use a return url then figure out the page using data given).
How do i check if the return URL is my own url? I think i use absolute paths so i can easily check if the first character is '/' but then i will lose relative flexibility. This also disallows me from doing http://mysite.com/blah in the redirect url. I could patch the url by adding mysite + string but i'll need to figure out if string is a relative url or already a mysite.com url.
Whats the easiest way to ensure i am only redirecting to my site?
How about, if the redirectUrl contains "://" (which includes http://, https://, ftp://, etc.) then it must also start with "http://mysite.com". If it does not contain "://" then it is relative and should not be a problem. Something like this:
if (!(redirectUrl.Contains("://") ^ redirectUrl.IndexOf("http://mysite.com") == 0))
{
Response.Redirect(redirectUrl);
}
I hadn't thought of this before, but how about using an encrypted version of the URL in the query string parameter?
Alternatively, you could keep a list of the actual URLs in some persistent store (persistent for a couple of hours, maybe), and in the query string, just include the index into the persistent store of URLs. Since You'd be the only code manipulating this persistent, server-side store, the worst a malicious user could do would be to redirect to a different valid URL.
This seems to be an odd question, and it should not be a concern if you are in full control over the redirect process. If for some reason you are allowing input from the user to be actively involved in a redirect (as in the code below)
Response.Redirect(someUserInput);
Then, yes, a user could have your code send them off to who knows where. But if all you are ever doing is
Response.Redirect("/somepage.aspx")
Then those redirects will always be on your site.
Like I said, it seems to be an odd question. The more prominent concerns in terms of user input are typically SQL Injection attacks and cross-site scripting. I've not really heard about "malicious redirects."
I'm using code in the Application_BeingRequest() handler of my Global.asax to do some very primitive URL Rewriting. That works fine, however, I'm having issues fetching the rewritten URL in JavaScript.
So using URL Rewriting www.mydomain.com/dothis becomes www.mydomain.com/?action=dothis on the server-side. Using ASP.Net and Request.QueryString["action"], I get the expected result of dothis. JavaScript, of course, still sees www.mydomain.com/dothis because that's what is displayed in the browser.
I don't suppose there is a way for JavaScript to see the actual page URL, even though it's not displayed in the address bar?
What happens on the server beyond the http interface is not visible to the UA if you don´t tell it explicitly.
The rewrite is happening on the server before the server forward the request to the appropriate handler.
You can tell the UA this in many ways (ask Tim Toady ^^). Hidden form control, a JavaScript variable to mention a few. This is ofc if your framework/server supports this.