How to elegantly handle ReturnUrl when using UrlRewrite in ASP.NET 2.0 WebForms

Question

How to elegantly handle ReturnUrl when using UrlRewrite in ASP.NET 2.0 WebForms

I have a folder with several .aspx pages that I want to restrict access to. I added web.config to this folder with <deny users="?"/>.

The problem is that ReturnUrl is automatically generated with the physical path to the .aspx file, while I am using UrlRewrite.

Is there a way to manipulate ReturnUrl without manual authentication and redirection? Is there a way to set ReturnUrl from code or from web.config?

EDIT . The application uses WebForms ASP.NET 2.0. I can not use 3.5 routing.

EDIT 2 : It seems that status code 401 is never written. It returns 302 for the secure page and redirects the login page using ReturnUrl. It does not return 401 for the secure page. Hmm ... Interesting ... Link: http://msdn.microsoft.com/en-us/library/aa480476.aspx

This complicates the work ... I may need to write rewrite rewriting rules for the regular expression match ReturnUrl and replace it if it does not return 401 ... If it returns 401, I can either set RawUrl to Response.RedirectLocation or replace ReturnUrl with RawUrl.

Does anyone have any other ideas?

+5

asp.net url-rewriting webforms forms-authentication returnurl

Brian kim Dec 01 '09 at 18:49

source share

4

. , .

#region [ Imports ]

using System;
using System.Web;
using System.Web.Security;

#endregion

namespace Foo.Handlers
{

    public class AuthModule : IHttpModule
    {

        #region IHttpModule Members

        public void Init(HttpApplication application)
        {
            application.PostReleaseRequestState += delegate(object s, EventArgs e)
                {
                    if (application.Response.StatusCode == 401)
                        application.Response.Redirect(FormsAuthentication.LoginUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(application.Request.RawUrl), true);
                };
        }

        public void Dispose() { }

        #endregion

    }

}

<modules>
  <add name="AuthModule" type="Foo.Handlers.AuthModule, Foo"/>
</modules>

+1

Mehdi Golchin 03 . '09 9:44

, action. ASP.NET 2.0 Intelligencia url-rewriter. Gu.

App_Code:

using System.IO;
using System.Web;
using System.Web.UI;

public class FormRewriterControlAdapter : System.Web.UI.Adapters.ControlAdapter
{
    protected override void Render(HtmlTextWriter writer)
    {
        base.Render(new RewriteFormHtmlTextWriter(writer));
    }
}

public class RewriteFormHtmlTextWriter : HtmlTextWriter
{
    public RewriteFormHtmlTextWriter(TextWriter writer) : base(writer)
    {
        base.InnerWriter = writer;
    }

    public RewriteFormHtmlTextWriter(HtmlTextWriter writer) : base(writer)
    {
        this.InnerWriter = writer.InnerWriter;
    }

    public override void WriteAttribute(string name, string value, bool fEncode)
    {

        // If the attribute we are writing is the "action" attribute, and we are not on a sub-control, 
        // then replace the value to write with the raw URL of the request - which ensures that we'll
        // preserve the PathInfo value on postback scenarios

        if ((name == "action"))
        {
            if (HttpContext.Current.Items["ActionAlreadyWritten"] == null)
            {

                // Because we are using the UrlRewriting.net HttpModule, we will use the 
                // Request.RawUrl property within ASP.NET to retrieve the origional URL
                // before it was re-written.  You'll want to change the line of code below
                // if you use a different URL rewriting implementation.
                value = HttpContext.Current.Request.RawUrl;

                // Indicate that we've already rewritten the <form> action attribute to prevent
                // us from rewriting a sub-control under the <form> control
                HttpContext.Current.Items["ActionAlreadyWritten"] = true;

            }
        }
        base.WriteAttribute(name, value, fEncode);
    }
}

.browser App_Browsers:

<browsers>
  <browser refID="Default">
    <controlAdapters>
      <adapter controlType="System.Web.UI.HtmlControls.HtmlForm" adapterType="FormRewriterControlAdapter" />
    </controlAdapters>
  </browser>
</browsers>

+1

craigmoliver Dec 04 '09 at 15:18

source share

If you are using ASP.NET 3.5, use ASP.NET UrlRouting instead. But you should check the authorization guide.

http://chriscavanagh.wordpress.com/2008/03/11/aspnet-routing-goodbye-url-rewriting/

0

Mehdi golchin Dec 01 '09 at 19:06

source share

Brian Kim · Accepted Answer · 2009-12-07T19:45:46+0000

ReturnUrl Url RawUrl EndRequest Global.asax. ...

.

protected void Application_EndRequest(object sender, EventArgs e)
{
    string redirectUrl = this.Response.RedirectLocation;
    if (!this.Request.RawUrl.Contains("ReturnUrl=") && !string.IsNullOrEmpty(redirectUrl))
    {
        this.Response.RedirectLocation = Regex.Replace(redirectUrl, "ReturnUrl=(?'url'[^&]*)", delegate(Match m)
        {
            return string.Format("ReturnUrl={0}", HttpUtility.UrlEncode(this.Request.RawUrl));
        }, RegexOptions.Singleline | RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture);
    }
}

How to elegantly handle ReturnUrl when using UrlRewrite in ASP.NET 2.0 WebForms

More articles: