Use of Response.Redirect in C# - c#

I am working on a website that I inherited (ASP.NET and C#), and I noticed that in almost EVERY method in the code behind of the project pages (except some helper methods), the original author uses Response.Redirect() to redirect to a page (typically home.aspx, but not always).
What is the purpose of doing this? It seems unneeded to me - at least it doesn't appear to change anything the website is doing if I keep it in or remove it.
Thanks.

Response.Redirect() issues a 302 HTTP Redirect header to the browser, which causes the browser to request a new page from your web site.
If the author was using the POST-Redirect-GET pattern to stop the problem with users being able to hit the "refresh" button and repost forms, this might explain why it's used everywhere.

Redirects should really only be used when location is determined by something in the code behind. Redirects tend to cause ThreadAbortExceptions which are just further demand on a system when a simple href might be what the doctor ordered. Unless you can define some true architectural need for redirects, you might just want to begin phasing these things out.

It sends a response to the user agent/browser and tells it to redirect to the specified page. It can be put into any part of the code, but by default, the page will still execute to completion, then the redirect response will be set to the client...
It should only be needed at the last point in the code that you are running (generally)

ASP.NET Pages Post back to themselves, so some use the redirect method to open a new page. Use it when you need it. If you don't see a difference when you remove it. It might be the site uses links to navigate from one page to another, instead of doing it via the server.

Without more information it's hard to be definitive.
However, if home.aspx is an empty page, it may be that the original author may have been trying to terminate the processing of the page early in an effort to prevent subsequent processing.
Normally, Response.Redirect() is used to end the response and inform the browser to navigate to a new page. However, if the browser has that page cached, it may not actually perform a trip to the server. I've seen some cases where developers do this as a way of short-circuiting subsequent processing.
It's also possible that the code is doing something crazy, like making home.aspx the main display page for all data - and using session state or cache to communicate changes across pages. Sadly, I've seen this done too.... sigh. Often this is done to deal with the user being able to multiply submit forms.

Related

Hiding Querystring in ASP.NET 2.0

Our site consists of 3 main pages we call "Start.aspx" and then a content iframe inside of that where the user does nearly all of the site interactions.
Recently though, I've had to implement functionality that will jump between Start.aspx pages in different products and automatically change the content iframe to a specified page.
The actual functionality works just fine, but the issue we're having is that the full querystring is exposed. Because we load all pages in the content iframe, the page URL remains at "Product/Start.aspx" during regular site usage.
However, this new functionality is passing a querystring to Start.aspx (which has appropriate parsers to load the requested page in the content iframe), and we need that URL to remain as "Start.aspx".
So far, I've researched into URL Rewriting, which was throwing errors because the landing page for each product is "[Product]/Start.aspx". I've looked at a different URL Rewriting solution, as well as ScottGu's blog post on routing.
The issue is that these solutions seem to be used for simplifying navigation, such as taking "Blogpost.aspx?Year=2013&Month=07&Day=15" and turning it into "Blogpost.aspx/2013/07/14" which really isn't what we're going for. We're not trying to simplify navigation via URL, we're really just trying to completely hide our querystrings.
What we're going for is turning "[Product]/Start.aspx?frame=Company.aspx?id=1570" into "[Product]/Start.aspx" once the content iframe has what it needs from the initial querystring. We don't need to account for every single page. We just need that to be the overarching rule. 90% of the time it won't be an issue, as most of the work being done doesn't jump from product to product without the user just switching products (which is done in a fashion that specifically uses "Response.Redirect("[Product]/Start.aspx")".
Once the content iframe has loaded from the Querystring paramters, we don't need them anymore for anything. The rest of the functionality runs through the iframe without any issue.
Am I overthinking this, or am I asking for something that's not really feasible?
As far as literally "removing all of the query string characters" and still beg able to pass the querystring values to another page, I do not think that is possible. Unless you do it in a Session Variable or something like that.
IF you're simply worried about sensitive data being displayed in plain text in the query string, there is the option of "encrypting" the query string:
http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
The query string will still show but it will be "Product/Start.aspx?e0ayfefae0y0someencryptedmess108yfe0ayf0a". The page that receives the query string would decrypt it. So the functionality of the query string is there, but the values are not known to the end user.
Since you've tagged this as an ASP.NET question, I'd say the way to go is to keep navigation data in your Session variables.
Can you use a POST instead of a GET? That way, the data is in the form, rather than the Query String.
As a side note, hiding the parameters as a way of making the URL look nicer and be bookmark-able is fine. If you're doing it for any kind of security reasons, it's very shallow security. It's trivial for a user to see what's being passed in both the form and on the query string and to change and repost those. Security needs to be handled primarily on the server side.

C# Taking the html code of introduction site rather than the actual one, how to skip this?

I have the following problem. My C# application makes use of a webrequest and reades the html code of a url in order to do a bunch of things later on. While everything works fine, there are some websites that when visited they redirect you to another website (http://something.com/disclamer) for example and after you click yes you go back to the original website.
When I run my app it always only checks the html code of the disclaimer page and never gets to the actual page I asked for. I cannot really find a solution at this point since I can't find anything useful in the short html code of the disclaimer site (that comes before the one I want to check).
Any ideas on how I can skip that and take the code for the website I am actually interested in? Please note that I can't find any html redirection code indication (META HTTP-EQUIV etc) in any of the two websites.
Thank you
You can check the StatusCode to decide if you have been redirected. Status codes of 30x will tell you that you've been redirected, in which case you'll need to follow the link in the redirect.
http://msdn.microsoft.com/en-GB/library/system.net.httpwebresponse.statuscode.aspx
I believe you have to analyse the HTML code of such a page with a disclaimer to know which method is used there to make a redirect. Each case can be different: it can be either client-side or server-side redirection. If this disclaimer button submits a form, you will need to make a POST request imitating a button click.

Caching issue with Firefox

I am working on an ASP.NET/MVC4 app and I fetch data continuously and my problem is related to caching.
The problem is that when I click on a particular link in my application it works fine, but sometimes it automatically redirects to the INDEX page that is the default page.
I surfed around about this problem and found that it's a problem in Mozilla that it maintains caching of every link. But sometimes some weird things happen and it automatically redirects a particular link to the INDEX page (301 Permanently REMOVED) and also stores it in the cache such that now every time I click on that link it always redirects me to the INDEX page that's been cached.
So now I have to clear the cache in my browser every time I face this problem.
How can I make it not automatically redirect to the cached INDEX page?
You should really expand on what exactly is happening at that particular link you mention because well it should not 301 redirect unless your telling it to.
Also you say I fetch data continuously. What does this mean to us? Why is this important to know? Explain if this changes the link or the data? Are you 404ing the older data or something? That could possibly explain why you 301 back to your index.
Now with the limited information we have been given by you... if you want to prevent firefox from caching your urls/redirects simply make your url have a querystring that updates which each request. Like using a timestamp.
For example: http://example.com/return-data.asp?timestamp=1350668920
Then each time you continuously fetch data update the page's link accordingly
For example: http://example.com/return-data.asp?timestamp=1350669084

C#, post, redirect and Back Button

There's a weird behavior where I use a post and then make a redirect to another page.
Then, if the user press the Back Button of his browser, the browser make a GET instead of a POST, so I lose the "viewstate". Why is the browser not "reposting" (or asking to repost) the data?
As defined by Wikipedia, PRG is “Post/Redirect/Get (PRG) is a common design pattern for web developers to help avoid certain duplicate form submissions and allow user agents to behave more intuitively with bookmarks and the refresh button.”
If you are interested in viewing the viewstate data of the POST request, before GET happens, then try using this utility: http://blog.getglimpse.com/2011/11/01/glimpse-0-86-released/

Bookmarkabale ajax calls with MVC routing

I have a page with a menu that uses JQuery AJAX calls to populate the page with. To reflect any changes I update the URL with a #... instead of ?... or /... So an URL that originally reads : htpp://localhost/pages/index/id=1 would look like : http://localhost/#pages/index/id=1. If a user bookmarks this, and later comes back to the page, I wonder if it's possible to use the second URL in my route decoding, or if I have to load it blank, then use the same JS/Ajax to populate the page?
In my mind it is problematic to use Ajax in these cases if a user copies the link and mails it to a friend with JavaScript disabled.
edit#1: Fixed some spelling.
edit#2: To clarify the question a bit: I want a site where I can do the following:
(a): with javascript turned on, use ajax calls to replace the content of a div (without reloading the page)
(b): with javascript turned on, bookmark the page as it is after the ajax call i (a)
(c): take the URL, send it to a person with noscript turned on, and have the same page as after the ajax call was made.
(a) and (b) works just fine on my page but (c) is seemingly impossible.
Currently, the only portion of a URL you can update without causing the browser to redirect is the hash. This portion of the URL is not sent to the server in a request and is only available for client-side processing, so it cannot be used to provide a javascript-free way of providing a link.
The issue you are facing is a common one amongst those using AJAX. The best solution I've encountered is to provide a way to view any AJAX-loaded state of every page through a "true" URL, one that will be passed to the server.
This means you have one URL which provides a "snapshot" of a page's state:
http://localhost/pages/index/1/someaction
And an AJAX-specific URL which provides the local state of the page in the client's browser:
http://localhost/pages/index/1#someaction
What you then have to do is provide some means of generating the "snapshot" link to the page from the AJAX version. A "Link to this Page" or "Permanent Link" button is a reasonable option.
This not possible simply because everything that comes after the # sign (fragment identifier) is never sent to the server and there's no way for the server to ever capture this value, so no routing with it.
You could try replacing the '#' with a '?' This will send the rest of it as a get variable, so you may need to do some tweeks, such as change the format to http://localhost/?pages=index&id=1
There are some fancy things you can set up with the web server so that localhost/article/fancystuff is re-directed to localhost/article.php?title=fancystuff
There are a lot of ways of allowing for an AJAX site to work with bookmarks and the back button. But you should ask your self, do you want people to do certain things. Generally, AJAX is used for more advanced web-applications that do not map well to the traditional back and forth model.
EDIT
What with you additions to the question. I will say that seeming as you want to fully support users who are scared of Javascript that you will need to make your site work perfectly with out any AJAX at all. But you should design it in such a way, that the content of pages are included from separate files. This means that when you add in the additional Javascript, it can load the file and place it more or less directly into the content holder on your page.
You do need to remember that you can't force some one to accept a bookmark or force a change to a book mark. What you are after may be best served suing cookies. Luckily, even less people are scared of cookies, hardly anyone disables them, unless they are either paranoid or up to something.

Categories

Resources