I am working with an MVC 4 app running on IIS 7.5. I want to create a rewrite rule but I am not familiar with it so assistance is required.
The following URL will called by my application
/image/[language]/category/[id]-[size]-[priority]_Some+Random+Text.[extension]
I want to rewrite this in to the following as this is where the file will exist on disk.
/image/[language]/category/product/pr_[id]_[size]_[priority].[extension]
Any ideas of the rule I could use to achieve this?
URL Rewrite in IIS will accept RegEx rules. I believe the following rule would be appropriate here (YMMV, I can't test it at the moment - you can test it yourself using the 'Test Pattern' button available when editing a rewrite rule in the IIS Manager.
^image/[a-zA-Z]+/category/[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+[_a-zA-Z\+]\.[a-zA-Z0-9]{,3}
and the rewrite action
images/{R:1}/category/producer/pr_{R:2}_{R:3}_{R:4}.{R:5}
This may be more general than you need (IDs might only be (hexa)decimal, size might only be decimal, etc.) but should give you the general gist of how it should be written.
This reference should provide any other information you need and the syntax for writing the rules directly into a web.config.
Related
Problem:
I'm developing in ASP .NET with C# and I want to validate e-mails.
For that I'm using a regular expression (let's call it EmailRegularExpressionValidator) and my problem is where schould I put the regex to easily change them if I want/need to with no need to recompile the code.
The validation is made in "IntermediateServices", in business layer, where all the things come to do theirs things.
Solution 1: web.config
I have lots of windows services and wich one have theirs own config. If I put EmailRegularExpressionValidator in that I have to write in all and when I change one I have to change all. Not good.
Solution 2: DB
Sometimes, I have to validate 1000 mails (or even even more), and if I put EmailRegularExpressionValidator in database I have to do 1000 querys to know EmailRegularExpressionValidator value. I think put it in memory but I have webservices. Not a good idea soo.
Solution 3: Resources
Resources can only be easily changed if in website. When I put them in business layer I cannot change them easily.
Solution 4: BD + Session
Like I say after, I'm using webservices....
Hope I was been explicit and hope you can help me.
Sorry about my english (greetings from Portugal).
Thanks a lot.
In your case i would recommend config files.
.NET configuration files have an hierarchy, and it all starts in the machine.config, and all .NET applications read settings from that config.
If you don't override the keys on the applications config files, the application will use the settings from the machine.config. It is the most central point and can be used for all applications, change once, it changes for all.
It can be found here:
C:\Windows\Microsoft.NET\Framework\
Then after that depends on the framework you are using,
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
or here:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
Example:
Just place this after the <configuration> tag in the machine.config.
<appSettings><add key="myParameter" value="myValue"/></appSettings>
then in your code,
Configuration con = ConfigurationManager.OpenMachineConfiguration();
ConfigurationSection consec = con.Sections["myParameter"];
You must add a reference to System.Configuration
Hope it helps.
I used a smarter way...
Instead edit machine.config as suggested I simply use cache who do the magic I want!
You can find a good article about how you can use it here: http://codemaverick.blogspot.pt/2007/01/caching-in-windows-application-i-was_8639.html
I apologize in advance for the generic nature of my question, but I was unable to find any helpful advice from people trying to do the same thing as me on the web. Let me describe my scenario:
I am providing end users/designers of a website the ability to customize their views by storing the views (using Razor) in the database. I have all of this working, but my question is the following; From a security standpoint, how can I ensure and enforce that unwanted code doesn't get executed in the user-defined view? There are two basic approaches that I think will work conceptually, but am not sure which one is more possible or feasible.
Option 1: Create a validation method in the administration tool that allows the user to input the view code. This would need to either take a whitelist or blacklist approach to what is allowable or not.
Option 2: Prevent unwanted code from being able to execute when rendering of the view occurs.
As a quick example of something that would need to be blocked, we wouldn't want to allow access to read or write files, access any data access functions, or even access configuration settings, etc. in the web.config. There will likely be a decently-sized list of things that probably shouldn't be allowable, but I'll need to sit down and try to think of as many security-related concerns as possible.
My question then is, which method would be the best bet? Also, can any direction be provided on how to go about either? I thought I might be able to make trust-level based change which would be Option 2, but couldn't find any way to make that work in a per-view based manor (the administration code is allowed to execute whatever it wants). I'm thinking Option 1 will end up being the best bet and I'll have to check for the input of certain framework functions that shouldn't be allowed. Does anyone have any experience doing anything like what I'm trying to do? ANY feedback is much appreciated!
This would be extremely difficult.
You could run the the template through the Razor preprocessor, then use Roslyn (still in early beta) to parse the generated file and look through all method calls (or constructors) and return an error if it calls something you don't like.
I strongly recommend that you use a whitelist for that, since the .Net framework is big enough that you are bound to overlook something in a blacklist.
However, I would instead recommend that you not use Razor at all and instead use a templating engine that does not allow real C# code.
This is the scenario: I have a list of about 5000 URLs which have already been published to various customers. Now, all of these URLs' location has changed on my server side. The server is still the same though. This is a ASP.NET website with .NET3.5/C#.
My requirement is : Though the customers use the older source URL they should be redirected to the new URL without any perceived change or intermediate redirection message etc.
I am trying to make sense of the whole scenario:
Where would I put the actual mapping of Old URL to New URL -- in a database or some config. file or is there a better option?
How would I actual implement a redirect:
Should I write a method with Server.Transfer ot Response.Redirect?
And is there a best practice to it like - placing the actual re-routing in HTTPModules..or is it Application_BeginRequest?
I am looking to achieve with a best-practice compliant methodology and very low performance degradation, if any.
If your application already uses a database then I'd use that. Make the old URL the primary key and lookups should be very fast. I'd personally wrap the whole thing in .NET classes that abstracts it and allow you to create a Dictionary<string,string> of all the URLs which can be loaded into memory from the DB and cached. This will be even faster.
Definitely DON'T use Server.Transfer. Instead you should do a 301 Permanently Moved redirect. This will let search engines know to use the new URL. If you were using NET 4.0 you could use the HttpResponse.RedirectPermanent method. However, in earlier versions you have to set the headers yourself - but this is trivial.
Keep the data in a database, but load into ASP.NET cache to reduce access time.
You definitely want to use HTTPModules. It's the accepted practice, and having recently tried to do it inside Global.asax, I can tell you that unless you want to do only the simplest kind of stuff (i.e. "~/mypage.aspx/3" <-> "~/mypage.aspx?param1=3) it's much more complicated and buggy than it seems.
In fact, I regret even trying to roll my own URL rewriting solution. It's just not worth it if you want something you can depend on. Scott Guthrie has a very good blog post on the subject, and he recommends UrlRewriter.net or UrlRewriting.net as a couple of free, open-source URL rewriting solutions.
Good luck.
I'm probably going to use the URL rewrite module for IIS 7 eventually and I have a fairly straight forward question that I really can't find the answer to.
If you have a base case of:
http://yoururl.com/page.aspx?ID=7
You can obviously have it rewritten to:
http://yoururl.com/page/7 or whatever you want.
My question is this: When using this module can you still use Request.Querystring["page"] on the rewritten querystring. How does the Request.URL stuff work. Does asp.net still provide the un-rewritten url or does it provide the rewritten one.
I would assume that your C#/asp.net code is completely unaffected by the url rewriting, as that's more or less the point, but I want to be crystal clear.
Secondary question: What is the best practice for how you should code a website when using the rewritten. Should you code links in the written style, or continue using querystrings?
When using this module can you still use Request.Querystring["page"] on the rewritten querystring.
Yes, you will be able to access the re-written QueryString in that way.
How does the Request.URL stuff work. Does asp.net still provide the un-rewritten url or does it provide the rewritten one.
Request.Url will be the re-written URL, but Request.RawUrl will be the original URL.
Should you code links in the written style, or continue using querystrings?
Yes, code your links in the way you want them to be seen by end users, and then in your code ensure you're aware of and document the changed format.
There is loads of information and tutorials on the IIS website here:
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
I'm trying to use jQuery to make some AJAX calls, but because I have wild card mapping (to .NET) in IIS 6 turned on, it doesn't seem to work. Disabling the mapping makes everything magically work.
I've put the web method attribute on methods in both an .aspx page and an .asmx web service, but neither work. Here is the sample URL that I am using for the AJAX calls:
localhost/UserChecker.aspx/CheckIfUserEmailsExists
localhost/UserChecker.asmx/CheckIfUserEmailsExists
I figure it must be something with the way .NET is interpreting the URL's but I'm not entirely sure why. More importantly, I'm not sure how to fix it, other than to disable wild card mapping! Is there any other way???
UPDATE
The CMS I am using (Kentico) does some URL routing, but even if I skip over the routing in the global.asax.cs code, I still get a 404.
Thanks in advance!
With the wildcard mapping on IIS will run the initial request via the wildcard handler first. This will be done BEFORE any URL rewriting (or URL routing) by your CMS.
I think that is why you are getting 404.
You can also try to disable "verify file exists" checkbox on the wildcard mapping to cater for the scenario when the actual URL will be later rewritten to something else.
This is not a complete answer but I hope it points you in the direction of a solution.
Have you tried accessing the url directly in a browser and using some well placed breakpoints to track down the problem?
If you're getting 404s it sounds like your rules for routing aren't working.
[I'll update this if you can give a little more info about the behaviour you're seeing]
UPDATE
I think what might be happening is this:
You're providing a seperate mapping for your files with extensions (in these cases .aspx and .asmx):
localhost/UserChecker.aspx/CheckIfUserEmailsExists
localhost/UserChecker.asmx/CheckIfUserEmailsExists
These mappings are being used when you turn the wild card mappings off, and the '/CheckIfUserEmailsExists' is handled used or ignored.
When you turn on the wildcard mappings your routing isn't informing your app how to 'route' correctly.
If you removed the extensions (with wildcard mappings turned on) does the following work?
localhost/UserChecker/CheckIfUserEmailsExists
Add the appropriate URLs to the exclusion list: Use the "Excluded URLs" setting in the Site Manager->Settings tab. (basic help documentation)
I suggest checking the URl outside of your CMS framework; Issue has to be with the URL routing. No tsure how it was working without the wild card mapping.
Questions to understand:
1.Did you have your CMS running when trying without wild card mapping?
2. How does this CMS system interact with IIS; IASPI dll ? or HTTP Handlers/modules?