I have this senario where my site www.skinb5.com should redirect to www.skinb5.com/au/
and www.skinb5.com/au should directly go to the www.skinb5.com/au and www.skinb5.com/us
should go to www.skinb5.com/us.
www.skinb5.com is a parent site which pretty much does nothin but to redirect. /au/ and /us/ are child sites sitting under it.
Please have a look at my Global.asax file in my parent site where the only redirect happens.
The problem is when i go www.skinb5.com/us/ it returns 200 which is good. But
www.skinb5.com/au/ it returns 302 to www.skinb5.com/au/. Though it doesn't go in an infinite loop, I am concerned why it returns 302.
you might want to test here at http://www.internetofficer.com/seo-tool/redirect-check/
My questions is, when I invoke www.skinb5.com/au/ directly, will the application_beginRequest in parentsite be invoked? Shouldn't it directly go to the child site? If so how does the 302 redirect happen.
protected void Application_BeginRequest(object sender, EventArgs e)
{
var redirectSite = "au";
HttpCookie languageCookie = HttpContext.Current.Request.Cookies.Get("Customer.SelectLanguageID");
if (languageCookie != null)
{
redirectSite = languageCookie.Value.Split('-')[1];
}
string rawUrl = HttpContext.Current.Request.RawUrl;
if (string.IsNullOrEmpty(rawUrl))
{
rawUrl = "/";
}
rawUrl = redirectSite + rawUrl;
bool useSsl = IsCurrentConnectionSecured();
var storeHost = GetStoreHost(useSsl);
if (storeHost.EndsWith("/"))
storeHost = storeHost.Substring(0, storeHost.Length - 1);
string url = storeHost + '/' + rawUrl;
url = url.ToLowerInvariant();
HttpContext.Current.Response.Redirect(url, true);
HttpContext.Current.Response.End();
}
A redirect tells the browser to load a different URL. The browser does this just as though the new URL was typed in the address bar. It is a request like any other.
So all requests and redirects will cause Application_BeginRequest() to fire.
If you don't want it to do anything on the redirected request, you'll need to test the target URL and decide if any action is to be taken.
Related
I am using the Authorize.net Accept Hosted "Get Hosted Profile Page" action using redirect instead of iframe. Everything is working so far, redirect is happening, token is getting passed . . . but there is literally no button to proceed and/or go back to my site after the customer is redirected to this page (?). Am I missing something? I am passing a redirect URL in to get my token, so I'd expect there to be something happening.
I'm using the .NET SDK on my backend.
string token = null;
var settings = new settingType[]
{
new settingType
{
settingName = settingNameEnum.hostedProfileReturnUrl.ToString(),
settingValue = model.ReturnUrl.AbsoluteUri
// ^^^ here's why my redirect url goes
}
};
var profileReq = new getHostedProfilePageRequest();
profileReq.customerProfileId = model.CustomerProfileId;
profileReq.hostedProfileSettings = settings;
var controller = new getHostedProfilePageController(profileReq);
controller.Execute();
var resp = controller.GetApiResponse();
// ^^^ this all works fine, token is returned
Here's the page to which I'm redirected at https://test.authorize.net/customer/manage (the sandbox), below. There's no button to advance or go backwards. I've tried clicking everywhere.
How do I get back to my site?
I have overridden the HandleUnauthorizedRequest method in my asp.net mvc application to ensure it sends a 401 response to unauthorized ajax calls instead of redirecting to login page. This works perfectly fine when I run it locally, but my overridden method doesn't get called once I deploy to IIS. The debug point doesn't hit my method at all and straight away gets redirected to the login page.
This is my code:
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new JsonResult
{
Data = new
{
success = false,
resultMessage = "Errors"
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
filterContext.HttpContext.Response.End();
base.HandleUnauthorizedRequest(filterContext);
}
else
{
var url = HttpContext.Current.Request.Url.AbsoluteUri;
url = HttpUtility.UrlEncode(url);
filterContext.Result = new RedirectResult(ConfigurationManager.AppSettings["LoginUrl"] + "?ReturnUrl=" + url);
}
}
}
and I have the attribute [AjaxAuthorize] declared on top of my controller. What could be different once it's deployed to IIS?
Update:
Here's how I'm testing, it's very simple, doesn't even matter whether it's an ajax request or a simple page refresh after the login session has expired -
I deploy the site onto my local IIS
Login to the website, go to the home page - "/Home"
Right click on the "Logout" link, "Open in a new tab" - This ensures that the home page is still open on the current tab while
the session is logged out.
Refresh Home page. Now here, the debug point should hit my overridden HandleUnauthorizedRequest method and go through the
if/else condition and then redirect me to login page. But it
doesn't! it just simply redirects to login page straight away. I'm
thinking it's not even considering my custom authorize attribute.
When I run the site from visual studio however, everything works fine, the control enters the debug point in my overridden method and goes through the if/else condition.
When you deploy your web site to IIS, it will run under IIS integrated mode by default. This is usually the best option. But it also means that the HTTP request/response model isn't completely initialized during the authorization check. I suspect this is causing IsAjaxRequest() to always return false when your application is hosted on IIS.
Also, the default HandleUnauthorizedRequest implementation looks like this:
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
// Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs.
filterContext.Result = new HttpUnauthorizedResult();
}
Effectively, by calling base.HandleUnauthorizedRequest(context) you are overwriting the JsonResult instance that you are setting with the default HttpUnauthorizedResult instance.
There is a reason why these are called filters. They are meant for filtering requests that go into a piece of logic, not for actually executing that piece of logic. The handler (ActionResult derived class) is supposed to do the work.
To accomplish this, you need to build a separate handler so the logic that the filter executes waits until after HttpContext is fully initialized.
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new AjaxHandler();
}
}
public class AjaxHandler : JsonResult
{
public override void ExecuteResult(ControllerContext context)
{
var httpContext = context.HttpContext;
var request = httpContext.Request;
var response = httpContext.Response;
if (request.IsAjaxRequest())
{
response.StatusCode = (int)HttpStatusCode.Unauthorized;
this.Data = new
{
success = false,
resultMessage = "Errors"
};
this.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
base.ExecuteResult(context);
}
else
{
var url = request.Url.AbsoluteUri;
url = HttpUtility.UrlEncode(url);
url = ConfigurationManager.AppSettings["LoginUrl"] + "?ReturnUrl=" + url;
var redirectResult = new RedirectResult(url);
redirectResult.ExecuteResult(context);
}
}
}
NOTE: The above code is untested. But this should get you moving in the right direction.
I have an ASP.Net Web API that is posted to from an external source. The values that are posted to the web api are used to determine the user's rights on our website. So the web api then passes the result object of my business logic as a bunch of cookies to our asp landing page. The problem is that the cookies are no longer available in the web page that the web api routed the response to.
Here is web api:
[HttpPost]
public HttpResponseMessage Reports(ReportRequest reportRequest)
{
if (reportRequest != null)
{
var reportAccess = new SwitchBL().CheckUserAccess(reportRequest);
var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(BaseUrl() + "/menu.aspx");
var json = JsonConvert.SerializeObject(reportAccess);
Dictionary<string, string> biscuitTin = JsonConvert.DeserializeObject<Dictionary<string, string>>(json);
foreach (var biscuit in biscuitTin)
{
var cookie =
new CookieHeaderValue(biscuit.Key, biscuit.Value ?? "")
{
Expires = DateTimeOffset.Now.AddDays(1),
Domain = Request.RequestUri.Host == "localhost" ? null : Request.RequestUri.Host,
HttpOnly = true
};
//cookierJar.Add(cookie);
response.Headers.AddCookies(new CookieHeaderValue[] {cookie} );
}
return response;
}
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
And so far my very simple aspx page always shows count = 0:
public partial class menu : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
var cookieCount = Request.Cookies.Count;
}
}
The web api and aspx pages are in the same project thus hosted in one site. I do not want to use session variables and do not want to pass values in querystrings. Is there another way of passing data to the routed page from the web api or am I missing something here?
BTW, if I post to the api using Postman, the cookies are visible in the response header of the web api, so cookies are created. If I post using another web page, using Fiddler, I can see the cookies in the response of the api but then there are no cookies in the (receiving) asp page.
UPDATE
Thanks to the answer of Kai, I can now get the cookies in my route asp page as set in response.Headers.Location. I have a breakpoint in that page so I know it is being hit and cookie count is now as expected. However, the browser does not render the routed page. It remains on the original posting page. Here is the code I'm using in my post emulator page to call the web api:
protected void Page_Load(object sender, EventArgs e)
{
}
protected async void DoIt_OnClick(object sender, EventArgs e)
{
var reportRequest = new ReportRequest();
reportRequest.EmailAddress = Email.Text;
reportRequest.UserNumber = UserCode.Text;
reportRequest.MobileNumber = MobileNumber.Text;
reportRequest.Password = Password.Text;
reportRequest.Country = Country.Text;
reportRequest.AccountNumber = AccountNumber.Text;
reportRequest.AccountType = AccountType.Text;
reportRequest.ReportType = ReportType.Text == "" ? 0 : Convert.ToInt32(ReportType.Text);
reportRequest.PhoneInfo = PhoneInfo.Text;
await GoThereAsync(reportRequest);
}
public async Task<Uri> GoThereAsync(ReportRequest reportRequest)
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("http://localhost:7789/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("text/plain"));
var response = await client.PostAsJsonAsync<ReportRequest>("api/switch/reports", reportRequest);
if (response.IsSuccessStatusCode)
{
return response.RequestMessage.RequestUri;
}
return null;
}
}
To summarise: Emulator.aspx does POST to web api. Web API sets cookies and location to home.aspx. Home.aspx receives cookies (debug steps into code-behind) but browser remains on Emulat.aspx and does not render home.aspx.
Try CookieHeaderValue.Path = "/".
From the Microsoft Docs:
Path: Restricts the cookie to the specified path within the domain. If not specified, the path of the request URI is used.
On the button click I am calling a javascript function in the JS function I redirect to an aspx page and in the aspx page I want to redirect to another page (This part is not working).
response.redirect not re-directing, just posting back to current page. Any Idea why it is not working.
Here is my code :
Review.aspx:
<asp:Button ID="btnComplt" runat="server" Text="Complete" OnClientClick ="return compAsgn()" />
function compAsgn() {
if (window.confirm("Submit all images and complete the assignment?"))
window.location = "SendImages.aspx?insid=" + $("#IAssignmentId").val() + '&option=complete';
else
return false;
SendImages.aspx :
protected void Page_Load(object sender, EventArgs e)
{
assignmentId = Convert.ToInt32(Request.QueryString["insid"]);
string url = "Review.aspx?insid" + assignmentId.ToString() + "&viewOption=review";
string qstrVal = string.Empty;
qstrVal = Request.QueryString["option"].ToString().ToLower();
if (qstrVal != null && qstrVal == "complete")
{
using (ServiceClient client = new Proxies.ServiceRef.ServiceClient())
{
List<AssignmentInfo> ainfo = new List<AssignmentInfo>();
ainfo = client.GetAssignmentInfo(assignmentId);
if (ainfo.Count > 0)
{
if (ainfo[0].UploadedCount == 0)
{
// AfarSessionData class has a property called ProfileId, which is session variable.
if (AfarSessionData.ProfileId == "000000")
url = "Admin.aspx";
else
url = "HomePage.aspx";
}
}
}
}
Response.Redirect(url, false);
}
Note : When I debug I do see the control hitting the SendImages page but I see response.redirect not re-directing, just posting back to current page.
As far as I can tell, you're not doing anything to end the request. I'm not an ASP.NET guy, but I thought you should either:
Make the second argument true to effectively "hard abort" the request with an exception
Make the second argument false, but then call CompleteRequest to stop the rest of the pipeline
Some additional info related to John Skeets answer:
//ends request, no exception, calls Response.End() internally
Response.Redirect (url, true);
or
try
{
Response.Redirect (url, false);
}
catch(ThreadAbortException e)
{
//do whatever you need to
}
Here is some info on the issue:
PRB: ThreadAbortException Occurs If You Use Response.End, Response.Redirect, or Server.Transfer
the code to strip /Default.aspx and //www is not working (as expected):
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
string url = context.Request.RawUrl.ToString();
bool doRedirect = false;
// remove > default.aspx
if (url.EndsWith("/default.aspx", StringComparison.OrdinalIgnoreCase))
{
url = url.Substring(0, url.Length - 12);
doRedirect = true;
}
// remove > www
if (url.Contains("//www"))
{
url = url.Replace("//www", "//");
doRedirect = true;
}
// redirect if necessary
if (doRedirect)
{
context.Response.Redirect(url);
}
}
it works usually, but when submitting a form (sign in for example) the code above INTERCEPTS the request and then does a redirect to the same page. example:
try to arrive at page: ~/SignIn/Default.aspx
the requests gets intercepted and fixed to: ~/SignIn/
fill the form, click sign in
the current page url goes from: ~/SignIn/ to ~/SignIn/Default.aspx and gets fixed again, thus voiding the processing of the method SignIn (which would have redirected the browser to /SignIn/Success/) and the page is reloaded as ~/SignIn/ and no sign in was done.
please help. not sure what / how to fix here.
the main REQUIREMENT here is:
remove /Default.aspx and //www from url's
thnx
Your problem here is to do with GET and POST requests. When you call Response.Redirect, you instruct the client to make a new GET request to the URL you provide. So if you call this early in a request like a form postback that was actually a POST request, you lose the post. Since most POSTs should themselves redirect once the action is complete, it may be enough to just only apply the logic you have above to a GET request.
You can access the request method (GET or POST) using Request.HttpMethod.