I wanted to know if there is a solution using IIS6 for an application to get rid of the default.aspx text in the url. so for example if a user hits:
www.website.com/default.aspx
the browser only shows:
www.website.com/
No matter what.
It's just for SEO.
I already use UrlRewriting.NET for some rewrites in my app but for I'm not that clever to create a rule for that.
Any help is much appreciate.
Thanks.
Jose
I think ScottGu already has the topic of rewriting in ASP.NET covered: http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx.
He covers things such as:
Rewriting using UrlRewriter.net, ISAPI Rewrite
ASP.NET Tricks, posting back (hitting the friendly version of the url)
With your problem I think you need to use a combination of, never linking to 'default.aspx' ie. ONLY link to '/'. Then use Scott's Form Postback browser file to ensure postbacks always hit that same friendly version of the url.
Redirecting 'default.aspx' to '/', which then gets served by 'default.aspx' sounds like a recipe for disaster to me. Just fix your links to ensure you never end up on 'default.aspx' explicitly.
I think the simplest way to change the search results index (assuming it knows about HTTP 301) is to write a little function in your default.aspx's Page_Load that redirects the browser using a 301 Moved Permanently (or 302 Moved Temporarily).
void Page_Load(...) {
if(Request.Path.EndsWith("default.aspx", true/*case-insensitive*/, null)) {
Response.StatusCode = 301;
Response.StatusDescription = "Moved Permanently";
Response.Headers.Add("Location", "/");
HttpContext.Current.ApplicationInstance.CompleteRequest(); // end the request
}
// do normal stuff here
}
If you have something to do URL rewriting, then all you need to do its ensure that your links point to the correct URL.
If you don't fix your links, its up to the browser to decide if it wants to display the actual link it requested.
If you would really like to do a dodgy job, you can use some javascript to make the address bar of the browser display whatever you like, even if its invalid.
If default.aspx is set as the default document to serve in IIS, and all your internal site links contain URL's without the default.aspx then I think that should do the trick.
Although the user can still type in default.aspx, search engine spiders should just pick up the friendlier URL's from your link href attributes.
The way I would do it is to use Application_BeginRequest in public class Global : System.Web.HttpApplication and check the HttpContext.Current.Request.URL for default.aspx, and then use HttpContext.Current.Response.Redirect from there if you find it.
The downside is having a redirect is not always so great and this isn't going to work if you are posting data to that default.aspx page. But you can't simply trick the browser into showing a different url, though you can tell ASP.NET to serve whatever page you want for any request.
Related
I am using the following code to redirect to the referrer in my controller:
return Redirect(this.HttpContext.Request.UrlReferrer.AbsolutePath);
During a scan with an application security tool it pointed out that the above code enables phishing attacks.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link to generate a redirect. This enables phishing attacks.
Is there any way to safely redirected to the referrer?
This sounds like a general-purpose error, that is probably harmless in your case. The app sec tool doesn't realize that you're sending people back to the exact page they came from, but rather it sees the potential for you to do something like:
return Redirect(
is_trusted_site( this.HttpContext.Request.UrlReferrer.AbsolutePath )
? sensitiveURL
: otherURL
);
If the redirected URL changed depending on the content of the UrlReferrer, then you could fall prey to referrer spoofing.
Just the same, if you want to fix the "error", you can perhaps use JavaScript's history.back().
I don't see any problems with this, given that what you actually want, is to redirect to whoever puts a link to your site on the whole Internet. You have no control over how the "referrer" ends up in the HTTP header. It might be legit, it might be forged. If this is OK with you, I see no problems.
Be aware that someone CAN use your site to redirect to anything, and that opens up for possible attacks. I.e., send an email that acutally links to your site, but in a query parameter specifies a phishing site.
What are you planning to use this for?
I have a subdomain that is http://trade.businessbazaar.in . I am dynamically creating urls from database something in this manner http://trade.businessbazaar.in/mycompany. To display details, I have an index.aspx file there,thinking that on every request the index.aspx page will load and display data accodingly. Also, There is a masterpage on the index.aspx page from where i am capturing the text mycompany and query it in database to fetch result. But nothing seems to work.
A genuine link is http://trade.businessbazaar.in/Symparlife. But its unable to load index.aspx. I need a clean approach without any third party dll or rewriters. Directly to push some lines in config and start working. That is url will be the same but index page will get loaded...
In short, i want to say
I need the StackOverflow type clean url mechanism to fetch pages
Thanks in Advance
You can handle the Begin_Request event in Global.asax and add custom code to redirect to index.aspx and convert the parts of the URL into query string arguments. You should use Server.Transfer to keep the URL in the browser.
I'd recommend upgrading to 4.0 and using the Routing enine though. You should check if the standard routing is available as a download for ASP.NET 3.5. I am sure your code will get messy very soon. Been there, done that.
As #Mike Miller mentions in the comments the Routing engine ships with ASP.NET 3.5. You can check the documentation here - http://msdn.microsoft.com/en-us/library/system.web.routing(v=vs.90).aspx
Here is a tutorial on how to use it with Web Forms - http://weblogs.asp.net/scottgu/archive/2009/10/13/url-routing-with-asp-net-4-web-forms-vs-2010-and-net-4-0-series.aspx
For your case the code would be something like:
routes.MapPageRoute("company-index", "/{company}", "~/index.aspx")
And in index.aspx you can access the route value for company like this:
string company = (string)Page.RouteData.Values["company"];
Keep in mind that you'd better add something in the URL before your actual argument (the company name). If you don't you will have problems later on when because you may want to add a URL like "/Login" but then you will have to validate that users can't create a company named "Login". Not how Stack Overflow has "/questions/" before the actual question info in the URL.
I am working on an asp.NET 4.0 Web Application, using C#. I would like to redirect the user to the homepage of his browser. Is this possible?
This will be done because internally we are using an intranet, and we would like to make it redirect to that intranet without having to hard code it and since the homepage is by default the url of the intranet, it would be better if we could use the homepage instead of hardcoding it.
EDIT:
We are using IE here, and will not change most probably as that is the standard. So as long as it works with all IE Versions, it's fine.
Use Javascript to return to the user's home page,
e.g.
function goHome(){
if (window.home) {
window.home();
} else {
window.location = "about:home";
}
}
and then call the JS goHome() function somewhere on the page (or even on a hyperlink).
As stated above, use the about:home uri.
Another solution would be to store the intranet url in the web.config and use this value. Then if it ever changes you will only need to change it in one place.
As far as i know it is not possible (been researched alot). But if all homepages are the same why not simply use META REFRESH?
EDIT
Try linking to this: About:home
Go home!
worked for me in IE9
EDIT 2:
Sending user to their browser's Home Page using Javascript
This will get you started for firefox and safari
EDIT 3:
Response.Redirect("about:home", false);
You cannot redirect server side to a users homepage.
SERVER <> USER (server is not the user)
Therefore the server cannot know what the user's homepage is.
So if you you use some sort of javascript redirect, then you sort of can redirect to home, but its a little glitchy.
All in all there is no cross-browser way to redirect to a user's homepage.
You Can't!
You can't retrieve the user home page because of Security and Privacy issues, and there is no Cross-browser work around.
What you can?
You can redirect to any page, so you can simply redirect to your intranet home page.
its also more future proof so that if your intranet homepage changes you just have change to redirect to the new address instead of changing every single machines home page.
I have a scenario where the website user have a filter-bar, to set what content they want to see on the website. After selecting the options the user clicks on the .net submit linkbutton.
The problem is that I want to reload that current page, but I am using Friendly Urls, Intelligencia.UrlRewriter, so I can't use :
Request.Url or Request.ServerVariables.Get("PATH_INFO");
I have managed to use Request.UrlReferrer , but this may occur null in some cases (even though I am checking for null I don't want to use this solution).
Is there some unique/specific way of solving my problem?
You can use Request.RawUrl to get the original url. (The one the user sees in the browser).
you can try this: Request.ServerVariables("HTTP_X_REWRITE_URL");
I don't know about Intelligencia.UrlRewriter but it works with helicon ISAPI_Rewrite http://www.isapirewrite.com/
In an aspx C#.NET page (I am running framework v3.5), I need to know where the user came from since they cannot view pages without logging in. If I have page A (the page the user wants to view) redirect to page B (the login page), the Request.UrlReferrer object is null.
Background: If a user isn't logged in, I redirect to the Login page (B in this scenario). After login, I would like to return them to the page they were requesting before they were forced to log in.
UPDATE:
A nice quick solution seems to be:
//if user not logged in
Response.Redirect("..MyLoginPage.aspx?returnUrl=" + Request.ServerVariables["SCRIPT_NAME"]);
Then, just look at QueryString on login page you forced them to and put the user where they were after successful login.
UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it's variable.
I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.
Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.
UPDATE: As mentioned in the comments, it is probably a good idea to restrict the redirect from the GET parameter to only work for domain-less relative links, refuse directory patterns (../), etc. So still sanity check the redirect; if you follow the standard "don't use any user-supplied input blindly" rule you should be safe.
If you use the standard Membership provider, and set the Authorization for the directory/page, the code will automatically set a query parameter of ReturnUrl and redirect after a successfull login.If you don't want to use the Membership provider pattern, I would suggest manually doing the query string parameter thing as well. HTTP referrers are not very reliable.
The problem could be related on how you redirect the user to some other page. Anyways, the referer url is nothing you should take as absolute rule - a client can fake it easily.
What you're looking for is best done with a query string variable (e.g. returnURL or originURL). Referrer is best used for data mining operations as it's very unreliable.
See the way ASP.Net does redirection with logins for an example.