In my Project i don't want to show query string values to users. For that case i used URL Rewriting in asp.net. So my URL Looks like below.
http://localhost/test/default.aspx?id=1
to
http://localhost/test/general.aspx
The first URL will be rewrites to second URL, but it will still executes the default.aspx page with that query string value. This is working fine.
But my question is that, is there any way the user can find that original URL in browser?
The answer is no.
The browser can't tell what actual script ended up servicing the request - it only knows what it sent to the server (unless the server issued a redirect, but then the browser would make a new request to the redirect target).
Since URL rewriting takes an incoming request and routes it to a different resource, I believe the answer is yes. Somewhere in your web traffic you are requesting http://localhost/test/default.aspx?id=1 and it is being rewritten as the new request http://localhost/test/general.aspx.
While this may hide the original request from displaying in the browser, at some point it did send that original URL as an HTTP GET.
As suggested, use Firebug or Fiddler to sniff the traffic.
I figured answer for my question. We can easily found the rewritten urls. If we saw the view source of that page in browser then we can see that original url with querystring values.
Related
Recently I have attended a training in mvc. The trainer said that - As per the security concerns we have to use HttpPost instead of HttpGet. Always use HttpPost.
Can anyone explain - what is the security issue when we use HttpGet?
When transmitting data over secure connection (https) body of the post request is encrypted and practically undreadable, you can only see address where data is going but not the data itself. Get on the other hand has no body and data has to be transmitted in either query string or as a path parameter. While it is true that query string does get encrypted as well, due to request logging on the server and browser it is possible to get hold of that data.
Anyone can insert image on public forum or stackoverflow with link to your web-site. Then happens next:
Browser looks at url in image tag
Browser find cookies corresponding to domain in url
Browser sends request to url with cookies of user
Your server performs action
Browser tries to parse response as image and fails
Browser renders error instead of image
But if you mark your action as Http Post only then this scenario isn't applicable for 90% of sites. But you should also consider that if hacker can create a form on other web-site then he still can make browser to perform request. So you need CSRF. Well, browsers made a lot to prevent cross-site requests, but it's still possible in some scenarios.
I used Response.Redirect in my code and it works fine but the url is not correct.It always shows the previous page url.
Here is my code.
Response.Redirect("Main.aspx?DocAddEdit=customer incident");
Please suggest.
I even tried server.transfer, but same thing happened.
I find it highly unlikely that the url is the same. According to the MSDN documentation on Response.Redirect
ASP.NET performs the redirection by returning a 302 HTTP status code.
That means the browser actually performs the redirect and requests the new url.
Server.Transfer, on the other hand, will render and return the url you specify, in which case the url in the user's browser will stay the same.
Are you sure you tried Response.Redirect and not just Server.Transfer?
Recently I came across the same issue with the previous URL remains after Response.Redirect and
I could solve it using Response.End() after the line Response.Redirect().
So I have a google shortened Url, and once I click on it and hit my controller, I want to be able to see what the original goo.gl url was before it got resolved. How on earth do I do this?
I've tried Request.UrlReferrer.AboluteUri and System.Web.HttpContext.Current.Request.Url.AbsoluteUri but neither seem to work. They all simply return the resolved absolute uri. Any help on this would be greatly appreciated.
Here's an example of the shortened URL - http://goo.gl/WSrJ6
This would then take the user (in testing at least) to localhost:81/college/events/details/23
So basically, when I hit the Details Controller, how do I get the original shortened url back?
Ok, this feels like more of a workaround but...
I don't see any way to resolve the shortened url from the goog.gl service. However, you could send a web request to goog.gl that only uses the HEAD HTTP verb using the shortened url.
Then, in the response to the HEAD request, the location header will be the original url (because it will send back a redirect request 301).
You can check out the response by using this tool. Put in your shortened url and then choose the HEAD verb before posting.
https://developers.google.com/url-shortener/v1/getting_started
You do a get request with the following url and you get a Json with the long url
https://www.googleapis.com/urlshortener/v1/url?shortUrl=http://goo.gl/WSrJ6
Any normally configured browser sends the header HTTP_REFERER.
Doesn't a simple Request.UrlReferrer work? Or, something like HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] or ServerVariables["HTTP_REFERER"]?
That, depending on where you are coding, but the point is to grab the header from the request.
HTTP_REFERER should always contain the previous (referer) url. I don't see why you're getting the resolved url there, unless it's a second redirection (e.g. your shortener pointed to http://server.com and your web server is configured to redirect missing www to http://www.server.com).
HTH
Francisco
I am using server.transfer() method in my asp.net application to redirect the response. But I am running into the problem that it sets the previous page url (from where the original request for page was generated) at the browser url bar. I want to change the url in the browser. is it even possible??
I looked into it and i know that the Request has a url property but its read only. does any one know a way to change the url in the request?
Use Response.Redirect(); instead of server.transfer(); and it redirects in the browser.
If you can't do taht, you could use pushState (at least where it's aviable) to change the URL, but it seems a bit of a overkill...
The best way is clearly to change
server.transfer();
to
Response.Redirect();
EDIT
as you want to have the maximum performance, you could should use Response.Redirect with two parameters, and set the second to true.
so instead of
server.transfer(url);
you should have
to
Response.Redirect(url, true);
That causes the current request to abort and force a instant redirect.
Description
You can't change the Url of the Current request because it is already running.
I think you want to do a redirect.
The Redirect method causes the browser to redirect the client to a different URL.
Sample
Response.Redirect("<theNewUrl>");
Update
If you want to change the Url in the Browsers Address Bar without doing a requestion read this:
Can I change the URL string in the address bar using javascript
More Information
MSDN - Response.Redirect Method
Server.Transfer() is just changeing which content you send back.
Response.Redirect() is what you need to tell the browser to go to a new page
You cannot change the URL of a request - it would make no sense, the URL is what your client (the browser) has asked for.
No, you cannot change the URL in the browser like that. That would be a pretty massive security hole if you were able to do that. http://EvilDomain.com would be able to seamlessly masquerade as http://YourOnlineBank.com and no one would be any the wiser.
I am working on a "A proxy site" all the code is ready but i have a problem, when a user enters the url directly into my site it gets processed and loads from the proxysite but I if he clicks a hyperlink it from the website and not from mine, what i need is a way of how i can redirect the url through my site, is it possible ?
eg:
Foxyproxy when you enter www.google.com it loads the site through it, and when you search something it still loads the result page through foxyproxy, what i cant do is load the result page or any other sub-page through my site.
Thanks and Regards :)
You will need to read the entire response from third-party external site and replace all links, header Locations, and other external URLs with your proxy site URL appending the original URL as a URL parameter (or however you get the requested page from the HTTP request: GET param, URL routing, etc.). Then send the modified result to the client.