I am working in an ASP.NET mvc application. With regards to URL's I could see the Controller and action names in the address bar when user navigates between pages. Is there a way to hide them, such that the address bar always displays http://mywebsite.com without any action names or controller names suffixing them, or is there any other standard practices? Or is it ok to leave the URL as such which can contain action and controller suffixes?
Having the URL not change is very bad practice. Not only does it look confusing, but it makes it impossible to bookmark things, and copy and paste URLs.
Why would it not be OK to leave the descriptive names in the URL? (You are using descriptive names, aren't you?)
The url is supposed to be descriptive of the content.
http://www.mysite.com/ isn't descriptive of viewing product #22's details, however:
http://www.mysite.com/Products/Details/22 is. This is intended behaviour, you can obfuscate them a bit by messing with rotues but it's not wise as it makes your webpage harder to debug and is unneeded.
It's not so much of a security risk to expose controller/method names because you chose those names based on the functionality you want to expose to the user. There are many other security mechanisms in place to prevent them from messing with things, like user authentications, filters, etc...
Related
I have an Episerver site with a JobDetailsPageController with a Index method that takes a jobId parameter and creates a view with some details about that job. The urls looks something like this: https://hostname/<root-depending-on-site-tree>/jobs/?jobid=44.
What I would like is having urls on the form .../jobs/manager-position-telco-44, essentiallly creating a slug of the job title and appending the id. I have done this in the past using standard ASP.NET MVC Attribute Routing on a non-Episerver site, but EpiServer has a routing of its own that I don't know too well and can't figure out.
Also, adding non-query strings after the slash consistently sends me (no surprise) to a 404 page, so I would need to somehow customise this behaviour. I need to use EpiServers standard routing to end up at the right "parent", but ignore the latter part (the pretty bit).
Is it possible to create such urls on a normal page in page tree in EpiServer? I do understand it is possible to create static routes, but this node can be moved around like any other page so I cannot avoid EpiServer.
Please see this blog post. What you're looking for is partial routing.
#johan is right, partial routing is one way of doing this. Just wanted to add other possible solutions that might or might not match your needs.
Import data as content
Instead of serving content dynamically, you could consider importing your job ads from whatever source you have directly in content tree as separate pages below particular root page. That would give you a lot benefits - pages would be cached, it would support multiple languages, editors would see content directly in EPiServer CMS, data could be adjusted manually, etc.
This would be a good solution if your data does not change often and you need to provide a way for editor to create a new job ad manually as well.
Implement you own content provider
Another way to serve your dynamic data to EPiServer is to write your own custom content provider. You can find documentation here: http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/7/Content-Providers/Content-Providers/
This solution requires more coding and is more complex, but it has some benefits as well. If one wanted, it would be possible to not just serve content from external data source, but also update that data by changing values directly in EPiServer UI.
I am working on dictionary-like web page and I want to implement adding/changing phrases only by few people (my client - which is some small organisation wants to be able to do this by himself). The page does not have any login/registration mechanism etc. (for regular users at least) so I do not want It to have any login button. I wondered if making admin model ( few admins made in seeds for example) and adding login button that is invisible - I thought of using CSS opacity for this one. Is this a good solution ? Is there any other good practice in these sitations? Please dont be afraid to post suggestions. Additionally this is a serious page (my first job as freelancer), so I wonder if my solution is... acceptable? Thanks in advance for any answers!
This quite a standard thing in the web. Most of the websites consists of two parts, customer facing part (sometimes called frontend) and admin panel (called backend). In your case you don't need any login to access frontend part, but you need one for backend part.
Creating hidden button is not needed at all. There simply should be no button at all. If you want to log in as an admin, you simply navigate to http://my-website-url.com/admin.
I wouldn't bother with roles et unless your client specified clearly that he needs them.
Even though this is simple I would still suggest adding a role to a user model. After all he may want to have some user functionality later on. The simplest way to do this would be to use devise and add a role enum column.
Check out the article below and look under the "Enum" section.
http://railsapps.github.io/rails-authorization.html
Lets say you are developing an web app that requires that you are able to Add/Edit items. The item form contains several input control. Would you separate the add/edit pages or use the page for add/edit and control via querystring (i.e. ItemAddEdit.aspx?isEdit=1)
The advantage I see in separating is that it is easier for the (non-technical) user to type the page and to determine whether it is add or edit. Also, when there would be specific changes to each page (if ever), it would be easier to change.
For the single page, well, you reuse code which eliminates some duplicate code and avoid possible problems.
And no, I can't use routing.
This is generally something which could be a subjective thing, because there's as many ways of doing things as there are coders, and a lot of it can be depending on how your system is set up generally.
But, if I were to recommend, I'd say the way you should do it if working with asp.net web-forms is to make two web pages (add/ edit) and then you use a user-control on those to group up the shared logic between the two pages. After all - that's why we have user controls.
In this way you can have both of your situations, by keeping logic in one file/class, but still have two entry points.
This would also mirror more how MVC does it, which could be considered a plus.
That being said - if your administration functionality is behind login etc, there's nothing to hinder for actually doing it in one and separate with the query string approach, and then just load the data if editing or display "empty"/base data when creating.
You shouldn't have the user type the addresses anyway, but click through the links to follow your flow, so the query string should be a minimal issue.
But for the sake of keeping your functionality clean and divided, I'd personally recommend going for two page / usercontrol approach.
This question may seem a little bit stackoverflow-implementation specific, but I have seen a similar pattern on other websites that are using REST-friendly URL rewriting as well.
For example, a link to a particular question looks like this:
ASP.NET MVC - Passing redundant arguments to actions
1388703 apparently being some kind of unique ID and the rest being the Title of the question.
The ID itself should be enough, so what may be the advantage of putting the question title (in this particular case, one can see that stackoverflow uses this almost everywhere, e.g. for badges, user profiles etc.) as second parameter?
When you remove the last part of the URL, the same page is displayed, which is expected. But when you change the last part to any other string, the same result is still displayed.
Is this only a cosmetic issue, allowing easier management of links (e.g. when storing bookmarks?) or does it have any other advantages?
It's for search engine optimization.
The link ASP.NET MVC - Passing redundant arguments to actions doesn't mean much to a search engine but ASP.NET MVC - Passing redundant arguments to actions allows a search engine to match the words "asp net mvc" etc which they will normally give more weight to as it's in the URL.
It's also more user friendly as it gives more meaning to the content of the page form the URL.
It is cosmetic and it's also better search engine optimization to keep easily readable names in the url as that will make the search engines find it easier.
The biggest advantage that the extra text has is for SEO. The extra text in the link gives google a lot more help understanding what's in the page.
I'd also mention that if a title is changed (i.e. for spelling, etc), the ID number still works.
Quick question.
There is a legacy website (that is not under my control and cannot be modified), that gives users a form to fill in data and then the user 'submits' the form for processing. There is virtually no error checking on this form, and very little help for the user (i.e. it was very poorly designed about 12 years ago and hasn't been updated since).
None-the-less, the back-end of this application performs a critical function.
My question is, is it possible (without having any ability to modify the legacy website), to write my own new front-end in asp.net (with proper pre-submit validation) living on a different server & domain, and then simulate the 'submit' to another webserver as long as I reproduce the form/data that is being sent?
The key question here I guess, is it possible to submit a form produce on one website, to another, and can this be done with ANY changes to the legacy site?
Comments appreciated.
The key question here I guess, is it possible to submit a form produce on one website, to another, and can this be done with ANY changes to the legacy site?
Yes, I've done this before - provided that the target site doesn't do any referer checking. A POST request is a POST request, no matter where it originates from.
You just need to make sure that all the fields are exactly the same in your request as they would be coming from the original page, i.e. - same field names, same encoding etc.
The short answer is "yes", the long answer is "it depends". The basics of HTML and HTTP allow for it, but without knowing a little more about the implementation of the legacy site you can't know for sure that it will work.
In theory you just need to make sure that the name of the fields are the same and set the target of the form to the legacy site's page URL.
In practice the legacy site could be doing various things that make it difficult or impossible to achieve (it could require cookies set correctly or hold internal state for example).
The best thing would be just to try it. It shouldn't take long just to mock up the basic fields and post the form to see if it works. Once you know it works then you can worry about adding your extra validation etc
Beware that if the existing site is authenticating users you'll need to find a way to also collect and pass that info along. Otherwise, though, Phill's point is spot-on.