I'm trying to build up a proper routing scheme for my products section in MVC 2. I've got the following criteria:
Links of the format
/Products/(MX[0-9]+) and /Products/(BDL[0-9A-Z_])
Need to route to ProductsController.Show(Id = $1)
Links of the format
/Products/([a-zA-Z0-9/]+)
Example: http://www.mysite.com/Products/Cameras/Digital/
Need to route to ProductsController.List(Category = $1)
Then on top of this, I want links like
/Products/AddToCart/{1} to work normally.
So far I've been able to get the above two to work fine through a relatively hack-ish method (all past /Products/ is routed to show, where some conditional logic redirects to .List(Category) if the start of the input isn't MX or BDL
I'm not happy with the current implementation and am open to some help. Thank you in advance.
Use regular expression constraints for your routes and place them with AddToCart first, MX and BDL second, and the catch all products last. If you'd like even more control than that, you can create custorm routes.
I don't recall the syntax off the top of my head, but you can add regex constraints on your routes so that they route to different places.
Related
After the research published showing that .aspx routes are vulnerable to reflected XSS, what is the recommended alternative to using Page.ResolveUrl or Control.ResolveUrl? The linked article doesn't suggest any mitigations.
Summary of the linked research:
For .aspx pages (not MVC), even if you don't have cookieless sessions enabled, ASP.NET still parses those "special" URL formats such http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/orderform.aspx
it includes them in the page output whenever you use ResolveUrl.
Thus it creates an attack vector where a call like ResolveUrl( "~/Images/logo.png" ) will inject content of the attacker's choice into your page output, e.g.
/(S("onerror="alert`1`"))/Images/logo.png`
I've posted one possible answer below but am looking for better ideas.
Note that ResolveClientUrl is not a direct replacement since it generates a relative Url, e.g. ../Images/logo.png unlike ResolveUrl which generates a root Url e.g. /myapp/Images/logo.png
One approach is to use HttpRuntime.AppDomainAppVirtualPath instead of the special tilde syntax. So the example from above...
Instead of:
ResolveUrl( "~/Images/logo.png" )
We would have:
HttpRuntime.AppDomainAppVirtualPath.TrimEnd( '/' ) + "/Images/logo.png"
Slightly less concise but seems to accomplish the same thing without invoking the ancient "cookieless" route parsing.
Use ResolveClientUrl instead of ResolveUrl.
ResolveClientUrl will not allow XSS.
ASP.NET c# project... trying to do a very simple page route.
Please note that I know this is NOT actually doing any dynamic routing... I have the id hard coded like this for a reason.
Example:
RouteTable.Routes.MapPageRoute("Test", "ABC", "~/Test.aspx?id=101");
I can browse to http://www.mysite.com/ABC no problems, the page Test.aspx loads, the routing is working as expected.
BUT... where has my id=101 gone?
Request.QueryString["id"] \\ is null...
Page.RouteData.Values["id"] \\ is null...
How can I get hold of the hard coded id in my target resource for the routing?
I got it working by passing DataTokens.
In my real world scenario I don't know what the URL parameters will be (there could be just the "id" like in my question... or there could be others, sometimes none), so I have to do the following:
First check to see if there is a "?" character in the routing target... if there is, then:
Run the string after the "?" character through HttpUtility.ParseQueryString
Then, loop through that collection and add them to a System.Web.Routing.RouteValueDictionary
Then finally add the route, with the DataTokens property set to the RouteValueDictionary
I get url as
http://orders.mealsandyou.com/default.php
i dont want to use string functions to use it to get the main domain ie
mealsandyou.com
is there any function in c# to do that, UrilAuthority and all gives subdomain too...
Suggestions welcome, not workarounds
.Net doesn't provide a built-in feature to extract specific parts from Uri.Host. You will have to use string manipulation or a regular expression yourself.
The only constant part of the domain string is the TLD. The TLD is the very last bit of the domain string, eg .com, .net, .uk etc. Everything else under that depends on the particular TLD for its position (so you can't assume the next to last part is the "domain name" as, for .co.uk it would be .co.
In any case I think you're taking the wrong approach. URL rewriting is far more suited to this sort of thing. Have a read of this: learn.iis.net/page.aspx/460/using-the-url-rewrite-module
I'm using ASP.NET 4.5 and have the following routing rule in my Global.asax file:
RouteTable.Routes.MapPageRoute("defaultRoute", "{*value}", "~/default.aspx")
What I'm trying to accomplish is redirecting dynamically generated URLs that are formatted like this:
http://myurl.com/firstnamelastname
Here is what one might actually look like:
http://myurl.com/davemackey
My problem is that the above redirects all requests - e.g. to axd or jpg files. Now I could add exclusions for every other type of file like so:
RouteTable.Routes.Ignore("{resource}.axd/*pathInfo}")
But this would be error prone and tedious (e.g., what happens if someone adds another file type to the project?).
So, what I'd like to do is something like this:
RouteTable.Routes.MapPageRoute("defaultRoute", "{*value}(where no suffix)", "~/default.aspx")
Or, put into my clear English:
If URL does not have a suffix, then redirect using defaultRoute to ~/default.aspx
Any thoughts on how to accomplish this?
==
Update:
I found this MSDN article. It seems that using Constraints might work to implement what I am speaking of above...but I'm not exactly sure how...
==
Update 2:
I've got a passable solution for the moment. I added the following:
RouteTable.Routes.Ignore("{path}/{value}")
Since image and other files are kept in sub-directories, this forces them to be excluded. Still, I have two concerns with this
What if the path is longer than a single sub-directory, e.g. images/people/person.jpg?
What if a file is placed into the main root (shouldn't be, but it could happen) that is a jpg or etc.?
So I have an interesting problem here. I am using URL Routing to mask the URL but I want to take the spaces out.
For example:
/sanjuan/ but in the database it's San Juan.
An error is thrown when I type it in because clearly theres a space in the DB.
I don't want it conjoined in the DB though.
How can I accomplish this. I just need some ideas to look into.
What rob described is called slugging.
Have a look at this:
http://predicatet.blogspot.com/2009/04/improved-c-slug-generator-or-how-to.html
you could replace the space with - when rewriting the url, and change back the - back to space when reading it.