Url Redirection

  • Thread starter Thread starter Nick
  • Start date Start date
N

Nick

Hi there,

I'm passing an HTML encoded string to an URL in the query parameter.
This query string works perfect in the website if you are already logged on,
if you are not logged on the application calls
FormsAuthentication.RedirectToLoginPage() then the URL becomes malformed.

I then recieve the following error,

"The return URL specified for request redirection is invalid."

for example

?inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc

then becomes

?ReturnUrl=%2fDSP%2fsecure%2fdefault.aspx%3finputfile%3dF%3a%255CFacebook%255CDocuments%255CDocuments%255CUser's%2520Guide.doc&inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc

Which is rather screwed. Any ideas how how I can work around this?

Thanks a million for your time in advance.

Nick.
 
Nick said:
Hi there,

I'm passing an HTML encoded string to an URL in the query parameter.
This query string works perfect in the website if you are already logged
on,
Click to expand...

Try UrlEncode instead of HtmlEncode.
 
Hi Nick,

As Marc has suggested, you can try using UrlEncode since that will make
sure the output characters are valid and safe one in http url string.
Generally if you have multiple querystring parameters, it should be
separated via "&" char.

BTW, why are you using querystring to store large data as querystring has
length limitation, is there any paritcular requirement here? You can
provide some further info about the application code logic or requirement
so that we can look for any other potential solutions.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Hi Steven,

I wouldn't say that a 256 character max path is too long for an URL
surely?

It needs to be invoked this way unfortunately as it's being called via
an add-in for another application.

I got the name of the method I am using incorrectly, it is UrlEncode,

http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

Basically what is happening is the query is being re-escaped when the
server bounces it so it's escaping the escape characters.

Surely if the URL is working before being bounced, then it is not badly
formed?

Nick.
 
Thanks for the followup Nick,

Would you post some of your page's code such as how to concatenate the
querystring (just the code snippet that is sufficient to repro the
behavior)? I'd like to have a test on my side.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Nick" <[email protected]>
References: <[email protected]>
Click to expand...
 
Hi Steven,

Sure no probs, the code that I'm using to create the URL is,

----

HRESULT hr;
TCHAR* pChrFileName = pStrFileName.GetBuffer();
DWORD pDWdSize = INTERNET_MAX_URL_LENGTH;
TCHAR* pChrEncoded = (TCHAR*)calloc(pDWdSize, sizeof(TCHAR));
ZeroMemory(pChrEncoded, pDWdSize);
UrlEscape(pChrFileName, pChrEncoded, &pDWdSize, NULL);
pStrFileName.ReleaseBuffer(0);
CString pStrEncoded = pChrEncoded;
free(pChrEncoded);

CString pStrURL = _T("http://www.myurl.com/default.aspx?inputfile=");
pStrURL += pStrEncoded;
CString pStrParams = _T("url.dll,FileProtocolHandler ");
pStrParams += pStrURL;

----

pStrParams is then fired off to ShellExecuteEx which correctly opens the
URL in the default web browser.

Nick.
 
Thanks for the reply Nick,

I haven't expected that the client code is for unmanaged cpp. Have you
tried some .NET based webrequest or webbrowser control based code to see
whether it can repro the same behavior?

Sincerely,

Steven Cheng
Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Nick" <[email protected]>
Subject: Re: Url Redirection
Date: Thu, 31 Jul 2008 09:21:23 +0100
Click to expand...
 
Hi Steven,

Indeed, it's part of an unmanaged addin for another application and
invoking via the shell is the most efficient way of achieving the desired
result as the browser will need to be opened if it isn't already.

I don't seem to have any control over this as it's all handled
internally and controlled via the web.config file afaik. So here is my
current thoughts...

1. The URL is created and escaped correctly.
2. The URL works on the site if logged in already
3. If not logged in ASP.NET screws with the URL and makes it invalid
then kicks you back to the login page.

So using my advanced powers of deduction. asp.net is screwing with my
query string and making it unusable? Therefore I can't see how this can be
worked around unless I can modify the query string during this process but
unfortunately none of my code is hit in page load for me to be able to. Or
am I able to perform the bounce manually somehow?

Thanks for your time again!

Nick.
 
Thanks for your reply Nick,

For this case, since the server-side has forms authentication to protect
the page. How about this;

1 for your add-in shell code, you can always first establish a initial http
get request to check whether you're redirected or not(or can directly
access the target page).

2. if you're not login yet and redirected, you should programmtically login
first.

3. After make sure you're login, you can just send http post with the
correct querystring(need to add the cookie data also).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 
Back
Top