The problem is that if the user changes the id from 7 or guesses what the next number is, the article or item is pulled up. I don't want the numbers or Item id to show so users Can not guess the next sequence. How do I fix the Url not to show this?
I don't want the numbers or Item id to show so users Can not guess the next sequence
I agree with Tom. Why is this a problem? You can stop people seeing news or other data they are not entitled to see by protecting it through roles and permissions, and if they want to manipulate the querystring, they will. That's why you should validate
the values. You should also have proper handling in place in case they change it to a value that doesn't exist in the database. That's more likely to happen if you make the value more complicated to guess.
yousaid
Participant
821 Points
334 Posts
How do I implement Url Routing in WebMatrix?
Jun 28, 2012 08:22 PM|LINK
Greetings,
Take a look at this url http://localhost:29299/Manager/NewsDetail.cshtml?Newsid=7. The QueryString looks like this:
The problem is that if the user changes the id from 7 or guesses what the next number is, the article or item is pulled up.
I don't want the numbers or Item id to show so users Can not guess the next sequence.
How do I fix the Url not to show this?
cheers,
yousaid
TOMCIO
Contributor
3636 Points
832 Posts
Re: How do I implement Url Routing in WebMatrix?
Jun 28, 2012 08:54 PM|LINK
how is that a problem ? if end user will enter different id he will simply see different news...
anyway you can find some info about routing here:
http://mikesdotnetting.com/Article/187/More-Flexible-Routing-For-ASP.NET-Web-Pages
if you want something unique and hard to guess you can use GUID , but it will look like this: 3F2504E0-4F89-11D3-9A0C-0305E82C3301
Web: Chicago Website Design
r@zorC - Open Source ASP.net CMS for WebMatrix
Mikesdotnett...
All-Star
154927 Points
19867 Posts
Moderator
MVP
Re: How do I implement Url Routing in WebMatrix?
Jun 29, 2012 05:02 AM|LINK
I agree with Tom. Why is this a problem? You can stop people seeing news or other data they are not entitled to see by protecting it through roles and permissions, and if they want to manipulate the querystring, they will. That's why you should validate the values. You should also have proper handling in place in case they change it to a value that doesn't exist in the database. That's more likely to happen if you make the value more complicated to guess.
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
beetledev
Member
750 Points
173 Posts
Re: How do I implement Url Routing in WebMatrix?
Jun 29, 2012 09:09 PM|LINK
Even if you use Url Routing you need something that tells you what article to bring up.
What Tom suggested will work better than using an integer Newsid if your goal is to not let users guess article ids. But may not be SEO friendly.
Another way is to keep a unique name for each article then you can call the page like this:
http;//localhost:29299/Manager/NewsDetail/My-Article-Name
Web Pages allows you to use Url parts instead of query string parameters.
Still you will need to validate the Url part since you would not want someone to try to pass in possibly malicious code through the url.
yousaid
Participant
821 Points
334 Posts
Re: How do I implement Url Routing in WebMatrix?
Jul 01, 2012 04:54 AM|LINK
All solutions presented here including the original perceived issue all work. I just thought there was a better way.
The best methos maybe to use seesions, but then they are sometimes resource intensive.
Cheers,
yousaid