I have a website that contains links in different places, each link takes the user to a specific document.
Those links are hard-coded, which makes every update to the site very difficult.
Recently the documents were updated and we would like to update each old link with the corresponding new one.
For example
(http://www.domain.com/OnlineDoc/default.aspx#ItemID=3551)
needs to be updated to
(http://domain.docfactory.com/#!doc/Toolkits/Item1-Administration-Doc)
Each item document is determined using the ItemID.
What I'm trying to do is programmatically redirect each old link to it's corresponding new one.
I've tried to use the URL Rewrite module but it seems like it's ignoring everything after the "#", that is important because it determines which document we need to direct to.
My questions are:
Would the URL Rewrite module work? (having a fragment with "#")
If not, would the Http module work?
I'm trying to find a way to easily update the links, without going to each web app HTML and do it manually.
The fragment isn't sent to the server. It's accessible only to the browser. So you need a solution which involves the client-side.
But you can use the URL Rewrite Module in combination with client-side scripting in OnlineDoc/default.aspx that puts the fragment in the path or query part of the URL using a temporary client-side redirect. This makes the document item ID visible to the URL Rewrite Module, which can perform a permanent server-side redirect to the correct URL.
To clarify:
User requests /OnlineDoc/default.aspx#ItemID=123
Client-side scripting on this page issues a "temporary client-side redirect" (in actuality, just an automatic navigation) to /OnlineDoc/default.aspx?ItemID=123
User automatically requests /OnlineDoc/default.aspx?ItemID=123
URL Rewrite Module intercepts requests, and responds with a permanent redirect to docfactory.com/#!doc/Toolkits/Item1-Administration-Doc
User automatically requests docfactory.com/#!doc/Toolkits/Item1-Administration-Doc
The first redirect is temporary because you cannot make permanent redirects with client-side scripting. The second redirect is permanent because the new URL should always replace the old one.
The overall experience for users using this method could be a bit unexpected though, since users going to OnlineDoc will get redirected up to twice before they reach the intended document. Most users probably won't notice the second redirect, but the first will likely be noticable, if only slightly.
Related
I am building an angularJs app and need to have application_beginrequest where I need to get current url in the browser.
E.g. localhost:60607/#/login : need to get /login
localhost:60607/#/activity : need to get /activity
Also whenever user hits a refresh or when page loads again and goes into beginrequest it should have the same response.
I tried with context.Request.Path but it gives "/" only.
bookmarks are not sent by browser to server, bookmarks are used for navigating inside the page. You have to get book mark using javascript and send it using different parameter to get that bookmark value at server side.
Data after "#" symbol is supposed to be client side only (usually browsers strip away those pieces, application servers usually ignore them).
If your intent is to provide users the ability to refresh the page using Angular you can:
Provide isomorphic behavior (load the page server side) but if you are using Angular JS ver 1.x is not as simple as you imagine
Provide double routing behavior (*):
avoid using the "#" symbol for url and provide user simple url like /login or /activity
manage your route client side using angular as you are supposed to do already
manage your route server side and provide the right view when requested
you can try to centralize the view management providing them using a controller instead of static content
Using the second approach is probably simpler, but you will find that:
keeping the view state is possible only for simple views (the things get complex quite quickly we introducing multiple UI element state)
to manage the double routing you have to find a compromise between client/server
I purchased the "real" domain name for my website and I'd like to re-direct all traffic that was going to the old site, to the new site.
Here's the scenario: I currently have http://www.wrestlestats.com, but I want to start having everyone use http://www.wrestlestat.com (note without the "s" on the end).
All of google (and I'm assuming all other search engines) return my results for the old site (with the "s").
From what I've read here, everything is just telling me to put a 301 re-direct either on the page (html meta), or in a web.config, or in the Page_Load code in the controller.
My problem is, these are assuming the old "code" is completely separate and sitting on a different server. No, I have 2 domains pointed to the same site/code. If I place the re-direct in the html meta section, then my page will just keep looping. I'm running ASP.NET Core so I don't have a web.config.
What to do for people running ASP.NET Core?
Just do it in 2 steps ---
Configure new domain (instead of old one)to your site.
Use Forward Domain from your domain control panel with the option of path forwarding.
Forward:-
http:-//www.wrestlestats.com > http:-//www.wrestlestat.com
Previously, when I tried to do an ajax call to an ashx as a non-superuser account (i.e. as portal specific user) my web server would return cookies to clear my authorization. I posted a question about this and it seemed the answer was to make sure that the portalid=xx was specified in my GET parameters.
However, I have just found out that if I add portalid=xx in a POST request, DotNetNuke seems to ignore and and log out any non-superuser account.
How can I keep authorization during DNN POST ajax requests?
I think I have a good handle on the whole situation, and unfortunately it appears that the only true solution is to make sure each child portal has its own subdomain rather than a sub-url (e.g. portal.domain.com rather than domain.com/portal).
The problem is that when your portal 0 is domain.com but portal 1 is domain.com/portal everything works correctly until you need to access an .ashx file via ajax. What happens then is the URL that's requested is instead domain.com/DesktopModules/MyModule/Handler.ashx, which does not contain the /portal/ in it, thus causing DNN to think you are doing a request on portal 0 and logging you out.
While GET requests can overcome this with a portal=1 parameter, this does not seem to work for POST requests.
Therefore, the best solution it seems is to have your portal on a distinct subdomain (portal.domain.com), and then you don't risk missing something like this.
I've found a few things for you to check out and see if any of them solve your problem.
Make sure you are using a ScriptManagerProxy. This allows ascx pages to use AJAX while the parent page is also using AJAX.
There have been many reports of people not being able to run AJAX with DNN if Page State Persistence is set to "Memory". Those who experience this have been able to fix it by switching Page State Persistence to "Page". The easiest way to do this is to run this query:
update HostSettings
set SettingValue='P'
where SettingName='PageStatePersister'
After you run that, you'll need to recycle the application. If you don't have access to the server, just add a space or carriage return to your web.config file (that will force the app to recycle).
Lastly, you might see if you have this line in your web.config. Sometimes removing it will help:
<system.web>
<xhtmlConformance mode="Legacy" />
</system.web>
I give to google a sitemap with all my pages, when the crawler tries to access them he gets redirected to the login page.
In the login page I write an explanation of what the page does so the crawler can see that each page is different.
The problem now is that the bot is clever enough as to recognize that it is a redirect:
URLs not followed
When we tested a sample of URLs from your Sitemap, we found that some URLs redirect to other locations. We recommend that your Sitemap contain URLs that point to the final destination (the redirect target) instead of redirecting to another URL.
HTTP Error: 302
If instead of using a redirect in RedirectToLoginPage(String), Microsoft had used a Server.Transfer, google would never find out it is actually the same page.
Any Ideas?
As Carl said, if access to your content requires a log in, then there isn't a whole lot you can do.
However, if you can separate out a "teaser" of each content page and have a link to "read more" from those pages that requires a login, then you'll be good to go.
The teaser page should have enough searchable text that google will be able to successfully include it in search results.
There are a number of sites that do just this. You search for something, click on the link to go to their site. Once there you can see maybe two paragraphs worth of information. If you want more a link takes you to a login / register page.
Okey I found a not elegant solution, but it suits my needs:
http://forums.asp.net/t/1358997.aspx
""For now, I found a workaround: I capture the End-request event and see if the status code is "302 redirected"; if it is, I'll just alter the address from there and do whatever I need to do. Not the most elegant solution (and requires more processing for every page request; not just login redirects), but at least it works.""
I am developing an application in which I am displaying products in a grid. In the grid there is a column which have a disable/enable icon and on click of that icon I am firing a request through AJAX to my page manageProduct.aspx for enabling/disabling that particular product.
In my ajax request I am passing productID as parameter, so the final ajax query is as
http://example.com/manageProduct.aspx?id=234
Now, if someone (professional hacker or web developer) can get this URL (which is easy to get from my javascript files), then he can make a script which will run as a loop and will disable all my products.
So, I want to know that is there any mechanism, technique or method using which if someone tries to execute that page directly then, it will return an error (a proper message "You're not authorized or something") else if the page is executed from the desired page, like where I am displaying product list, then it will ecxecute properly.
Basically I wnat to secure my AJAX requests, so taht no one can directly execute them.
In PHP:
In php my colleague secure this PHP pages by checking the refrer of the page. as below:
$back_link = $_SERVER['HTTP_REFERER'];
if ($back_link =='')
{
echo 'You are not authorized to execute this page';
}
else
{
//coding
}
Please tell me how to the same or any other different but secure techique in ASP.NET (C#), I am using jQUERY in my app for making ajax requests.
Thanks
Forget about using the referer - it is trivial to forge. There is no way to reliably tell if a request is being made directly or as a response to something else.
If you want to stop unauthorised people from having an effect on the system by requesting a URL, then you need something smarter then that to determine their authorisation level (probably a password system implemented with HTTP Basic Auth or Cookies).
Whatever you do, don't rely on http headers like 'HTTP_REFERER', as they can be easily spoofed.
You need to check in your service that your user is logged in. Writing a good secure login system isn't easy either but that is what you need to do, or use the built in "forms authentication".
Also, do not use sequential product id's, use uniqueidentifiers, you can still have an integer product id for display but for all other uses like the one you describe you will want to use the product uniqueidentifier/guid.