If i had the below in the web.config file, and in the code behind I was using Request.QueryString("category") would this still return the string or just return and empty string.
<rewriter>
<rewrite url="~/products/books.aspx?category=books" to="~/products.books.aspx" />
</rewriter>
If you change the URL in the web.config file the the query string can not be used. so adding the value into a Session["id"] as an example will allow you to pass the values through, where ihave hav id u can change to a more meaninfful name.
Related
I have a Webforms ASP.Net app that already has multiple rules defined for url rewriting and they are working. the app uses Intelligencia URl Rewriter, which unfortunately has no online/offline documentation whatsoever.
Due to one of these rules, a request for any aspx file is getting redirected to default.aspx, which is fine for all cases except when the aspx is Telerik.Web.UI.DialogHandler.aspx.
I tried to use the following configuration in rewriter config to NOT rewrite the url if it contains Telerik.Web.UI.DialogHandler.aspx, but it's not working.
Question
How would I exclude the url containing Telerik.Web.UI.DialogHandler.aspx from beinng handled by the Url Rewriter?
Config below is for excluding a url but it does not work
<rewrite url="^(.+)?Telerik.Web.UI.DialogHandler\.aspx(\?(.+))?$" to="$1"
processing="stop" />
An existing rule is causing rewriting when url conatins Telerik.Web.UI.DialogHandler.aspx and this rule is as below.
<if url="^((?!\.ashx|\.asmx|\.axd|\.gif|\.png|\.jpg|\.ico|\.pdf|\.css|\.js|install|error|auth\.aspx|default\.aspx|popup\.aspx|advanced\.aspx|digest\.aspx|ftb.imagegallery\.aspx|ckfinder).)*$">
<rewrite url="^~/(.+)?\?(.+)?$" to="~/Default.aspx?g=$1&$2" processing="stop" />
<rewrite url="^~/(.+)?\.aspx$" to="~/Default.aspx?g=$1" processing="stop" />
<rewrite url="^~/(.+)?$" to="~/Default.aspx?g=$1" processing="stop" />
</if>
I finally found the answer.
To exclude a URL containing the string Telerik.Web.UI.DialogHandler.aspx, the following rewrite rule must be placed as the first rule in the rewrite URL config section.
<rewrite url="^(/.*(Telerik\.Web\.UI\.DialogHandler\.aspx)(\?.*)?)$"
to="$1" processing="stop" />
It's important to place it as the first rule so that the chance of any existing rules applying to this URL is completely eliminated. The $1 used for to attribute makes sure that original URL is used as the value of to attribute.
I'm using ASP .NET MVC Beta and I get the HTTP 404 (The resource cannot be found) error when I use this url which has a "dot" at the end:
http://localhost:81/Title/Edit/Code1.
If I remove the dot at the end or the dot is somewhere in the middle I don't get the error.
I tried to debug but it I get the error from "System.Web.CachedPathData.GetConfigPathData(String configPath)" before ProcessRequest in MvcHandler.
Is "dot" not allowed at the end of a url? Or is there a way to fix the route definition to handle this url?
For an example: I have a table named Detail1 [Id(integer), Code(string), Description(string)] which has FK relationship with Master1 through it's Id column. Whenever I select a record of Master1, I also select it's Detail1 record to get it's Code field. In order to not to make this join everytime (since usually there isn't only one detail, there are more than one) I choose not to use Id column and I make Code PK of Detail1.
But when I get rid of Id and use Code as PK then my routes also start to work with Code field, like: Detail1\Edit\Code1
This Code can have anything in it or at the end, including DOT. There are cases where I can prohibit a DOT at the end but sometimes it's really meaningfull.
And I'have also seen this post that routes can be very flexible, so I didn't think mine is so weird.
So that's why I do something so non-standard. Any suggestions?
And also why it's so weird to have a DOT at the end of a url?
If you are using .NET 4.0, you can set this flag in the system.web section of your web.config and it will be allowed:
<httpRuntime relaxedUrlToFileSystemMapping="true" />
I've tested it and it works. Haack has an explanation of it.
This can be solved in a couple of ways in every ASP.NET version from 1.0 and up. I know it's two years after this thread has been created, but anyway, here it goes:
Cause
Creating your custom error handler, or configuring a custom page in IIS for redirecting the 404 will not work. The reason is that ASP.NET considers this URL dangerous. Internally in System.Web.Util.FileUtil, ASP.NET calls a private method IsSuspiciousPhysicalPath, which tries to map the path to a (virtual but legal) filename.
When the resulting legalized path is not equal to the original path, processing stops and the ASP.NET code returns a 404 (it doesn't ask IIS or the web.config for the custom 404, it returns one itself, which makes it so hard to do something about this).
Windows Explorer works the same way. Try to create a filename ending in one or more dots, i.e. test.txt.. You will find that the resulting name is text.txt.
Solution for ending URL in a dot in ASP.NET
The solution is simple (once you know it, it always is). Just before it sends out this 404, it will call Application_PreSendRequestHeaders, a simple event that you can register to in Global.asax.cs (or the VB equivalent). The following code will return a simple text to the browser, but a Redirect, or any other valid response is also possible.
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpResponse response = this.Context.Response;
HttpRequest request = this.Context.Request;
if (request.RawUrl.EndsWith("."))
{
response.ClearContent();
response.StatusCode = 200;
response.StatusDescription = "OK";
response.SuppressContent = false;
response.ContentType = "text/plain";
response.Write("You have dot at the end of the url, this is allowed, but not by ASP.NET, but I caught you!");
response.End();
}
}
Note: this code also works when "aspx" is not part of the URL. I.e., http://example.com/app/somepath. will call that event. Also note that some paths still won't work (ending with multiple dots, with a hash-tag, or a < -sign, for instance, causes a 400- Bad Request). Then again, it does work for ending on a quote, a space+slash, or multiple dots separated by spaces.
Well, in .NET 4.5 I fixed this problem by adding "/" to the end of the url.
So, in your case it would be "http://localhost:81/Title/Edit/Code1./". It was the only thing I did, I didn't have to add httpRuntime setting.
add this to handlers
<add name="ExtensionlessUrlHandler-Integrated-4.0-ForApi"
path="api/*"
verb="*"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
Perhaps http://localhost:81/Title/Edit/Code1%2E would work.
I escaped the period with a hex ascii code.
Why can't you have a dot-terminated URI?
Because a URI is a resource request and a historical imperitive exists on all relevant operating systems that the dot character is the extension separator. The last dot is treated as denoting a file extension, hence dot-terminating will make no sense.
Also worth reading:
RFC1738
RFC3986
I have an controller called Test Controller and the method name is Test
The Test Method accepts one parameter. But when the parameter contains value having space slash the web api is giving error. I am using WEB API 2.
[Route("Test/{companyName}")]
[AcceptVerbs("GET", "POST")]
[System.Web.HHttpGet]
public HttpResponseMessage Test(string companyName)
{
}
the parameter value is BTL / Force Motor Ltd.
I have tried but nothing happened.
<uri>
<schemeSettings>
<add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes" />
</schemeSettings>
</uri>
You need to URL Encode the values you are sending to your API, like this:
http://yourApiDomainName/api/yourControllerName/?companyName=BTL%20%2F%20Force%20Motor%20Ltd
[SPACE] when URL encoded beomes: %20
[Forward Slash] when URL encoded becomes: %2F
you dont need to http decode the values in your controller, as these values will be decoded by the framework as soon as they reach your controller. So you will see 'BTL%20%2F%20Force%20Motor%20Ltd' as 'BTL / Force Motor Ltd' inside your controller.
for full list of URL Encodings see this:
http://www.w3schools.com/tags/ref_urlencode.asp
Your issue has nothing to do with WebAPI itself but how ASP.Net handles some specific Urls. This may also affect any dots (".") that get passed in to your API. Here's what worked for me:
Add this line to your web.config under system.web
<httpRuntime relaxedUrlToFileSystemMapping="true" />
Phil Haacked has a great article that goes into more detail.
Is there an easy way to get the value of a Querystring after it has been rewritten to a nice looking url? (URL REWRITE)
For example:
www.example.com/Home?CatId=Shoes
Here I can use request.querystring which I can use to get data from the database.
www.example.com/shoes
But here I can't do that...
You can install url re-writer module on IIS 7.0 and then do the following within web.config to create friendly urls:
<rewriteMaps>
<rewriteMap name="CatsMaps">
<add key="www.example.com/Home?CatId=Shoes" value="/shoes" />
</rewriteMap>
</rewriteMaps>
And if you have all URL's stored in database then look into DBProvider:
http://www.iis.net/learn/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module
You could enumerate the rewrite map(s) and check each value but you could get more than one match obviously.
I am trying to use a controller as an image handler, but how do i pass in a path to it?
Right now it looks like this (works for images without a path):
public void GetImage(string parameter)
{
var imageHandler = UnityGlobalContainer.Container.Resolve<IImageHandler>();
imageHandler.ProcessRequest(parameter);
}
But if i try to send in the path folder1\folder2\folder3\picture.jpg then it fails.
#Html.ActionLink("Show", "GetImage", "Utility", new { parameter = #"folder1\folder2\folder3\picture.jpg" }, new { })
produces this:
http://localhost:58359/Utility/GetImage/folder1%5Cfolder2%5Cfolder3%5Cpicture.jpg
and that leads to:
HTTP Error 400 - Bad Request.
How can i pass in a path to the controller using the normal mvc approach?
(I am using backward slashes and not forward slashes)
I have also tested using HttpUtility.UrlEncode on the parameter.
According to your code: The produced link in the html page should be:
http://localhost:58359/Utility/GetImage?parameter=folder1%5Cfolder2%5Cfolder3%5Cpicture.jpg
and the parameter variable should be correctly set to "folder1\folder2\folder3\picture.jpg" in the action method.
Notice that you might be vulnerable to directory traversal here.
In .NET 4.0 beta 2, the CLR team has offered a workaround.
Add this to your web.config file:
<uri>
<schemeSettings>
<add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes" />
</schemeSettings>
</uri>
This causes the Uri class to behave according to the RFC describing URIs, allowing for slashes to be escaped in the path without being unescaped. The CLR team reports they deviate from the spec for security reasons, and setting this in your .config file basically makes you take ownership of the additional security considerations involved in not unescaping the slashes.
Can you not just decode the parameter?
http://msdn.microsoft.com/en-us/library/6196h3wt.aspx
Instead of calling the filename parameter 'parameter', and defining it in your route, call it 'filename' and DON'T define it in your route.
Your action code will be the same, but the filename will stop being part of the route and just be an ordinary URL parameter.
If you're afflicted by this season's fashion for disliking URL parameters, then you might find this repugnant, but that's just fashion and can safely be ignored.
Personally, I wouldn't pass paths like this into a web app, because I would be absolutely paranoid about creating traversal threats by mistake - I only ever pass in path-free filenames, validate them against a list and then fetch the file.