IIS 7 With Url Rewrite Module 2.0 - Setting 401 Status Codes And The ReturnUrl
Feb 2, 2011
I have a website hosted on IIS7 with the url rewrite module 2.0 installed. It is run by content management that looks at the url and returns a 401 error if the current user does not have permission to view the page. This gets picked up by the asp.net url authorization module which then kicks the page over to the loginUrl page as specified in the web.config (forms authentication).
This works perfectly on my local machine - which is IIS7 and windows7.
If the url is, say, /612/some-string the user gets directed to the login page at /66/login?ReturnUrl=/612/some-string
The url rewriting looks at the first part of the url for the document id. The real url would be this: index.aspx?documentId=612
Unfortunately, when I deployed this to our staging server, the ReturnUrl isn't the rewritten url, it's the original url. This causes all sorts of problems.
The staging server is also IIS7 with the url rewrite module 2.0 installed. It's Windows 2008 server SP2. Both are running asp.net 3.5.
My only guess is that the machine.config orders the default httpModules differently, and the .net forms authentication module is jumping in before the url has been rewritten.
I'll review that soon, but in the meantime has anyone experienced this problem and solved it?
Update
I also tried changing
Response.StatusCode = 401;
to
FormsAuthentication.RedirectToLoginPage();
Which gets me a bit ahead, but still directs the user back to the url that hasn't been rewritten.
I can also do this instead of setting the 401:
string currentPage = HttpUtility.UrlEncode(Request.RawUrl);
string loginUrl = FormsAuthentication.LoginUrl + "?ReturnUrl=" + currentPage;
Response.Redirect(loginUrl);
But this seems ugly.
View 1 Replies
Similar Messages:
Jan 26, 2010
I use IIS 7 URL Rewrite Module and it works fine.
But My javascript code doesn't work anymore on the page (details.aspx) where i use URL Rewrite Module.
Example :
<a href="#" target="popup" onclick="wopen('note.aspx?ID=<%#CType(FormView1.DataItem, System.Data.DataRowView).Item("NoteID")%>&S=<%#CType(FormView1.DataItem, System.Data.DataRowView).Item("IsS")%>','popup',480,480); return false;">
Write a note</a>
If i disable the rule in IIS, this link works as expected.
The Rewrite rule doesn't include the note.aspx page.
View 8 Replies
Sep 21, 2010
I'm probably going to use the URL rewrite module for IIS 7 eventually and I have a fairly straight forward question that I really can't find the answer to.
If you have a base case of:
http://yoururl.com/page.aspx?ID=7
You can obviously have it rewritten to:
http://yoururl.com/page/7 or whatever you want.
My question is this: When using this module can you still use Request.Querystring["page"] on the rewritten querystring. How does the Request.URL stuff work. Does asp.net still provide the un-rewritten url or does it provide the rewritten one.
I would assume that your C#/asp.net code is completely unaffected by the url rewriting, as that's more or less the point, but I want to be crystal clear.
Secondary question: What is the best practice for how you should code a website when using the rewritten. Should you code links in the written style, or continue using querystrings?
View 1 Replies
Apr 9, 2010
I would like to use the Helicon ISAPI_REWRITE module to rewrite a url:
123.45.67.89/folder
to
www.site.com
I need to mask the IP/folder due to an IIS structure change. The reason why I don't want to get into, but it's valid based on the setup.
View 1 Replies
Jun 11, 2010
The IIS URL Rewrite Module ships with 3 built-in functions:
* ToLower - returns the input string converted to lower case.
* UrlEncode - returns the input string converted to URL-encoded format. This function can be used if the substitution URL in rewrite rule contains special characters (for example non-ASCII or URI-unsafe characters).
* UrlDecode - decodes the URL-encoded input string. This function can be used to decode a condition input before matching it against a pattern.
The functions can be invoked by using the following syntax:
{function_name:any_string}
The question is: can this list be extended by introducing a Replace function that's available for changing values within a rewrite rule action or condition?
Another way to frame the question: is there any way to do a global replace on a URL coming in using this module?
It seems that you're limited to using regular expressions and back-references to construct strings - i.e. there's no search/replace mechanism to replace every instance of X with Y in {REQUEST_URI}, without knowing how many instances there are.
I've had a quick glance at the extensibility introduced in the 2.0 RTW and don't see any 'light' means of introducing this.
View 1 Replies
Feb 19, 2010
Is it possible to use iis7 url rewrite module for html pages?
Like this:
http://www.site.com/index.html?x=newfolder =>
http://www.site.com/newfolder
View 2 Replies
Feb 25, 2011
Hello, I'm trying to implement URL rewriting for the first time. I must use URL Rewrite Module IIS7 per my hosting company. All of the examples I have found so far will rewrite a url such as:
www.domain.com/ShowProduct.aspx?ID=233&Title=Product-Title,
to: www.domain.com/ShowProduct/ProductTitle/233. The common scenario between these examples is that the rewrite chops off the .aspx & special characters and shuffles the query string parameters around. I get how that all works. However, I had something a little different in mind and I'm not sure if it can be accomplished.
My urls currently look like this: www.domain.com/ShowProduct?ID=233, and I would like them to look like this: www.domain.com/ShowProduct/Product-Title. The way I would imagine this working is, during the rewrite, pass the ID to the db and return the Title for the new url. You see, I currently don't need to pass the Title as a query string parameter and I'd prefer to not show the ID at all. This would be ideal. Can this be accomplished? Or
will I have to add the Title as a query string param and show the ID in rewritten url?
View 2 Replies
Jan 12, 2011
In our ASP.NET web application, we use our own class to act as a rewrite module. It takes all requests to the server, acting as a bootstrapper.
To access an image on our web application, the browser requests domain.com/ResourceItem.aspx?Id=74
Does not having a proper URI mean the server will never respond with 304 NOT MODIFIED?
how to get the 304 response, so the browser doesn't have to download each image every refresh?
View 2 Replies
May 6, 2010
I have web services built with ASP.NET and ASP.NET clients consuming them. When consuming the webservices, how would I to force the clients to use https?
I don't want to force the whole site to use https by turning on require SSL in IIS.
Can I use the IIS7 URL rewrite module to re-route http requests to https?
View 2 Replies
Jan 18, 2010
I have the following setting in my web.config to redirect to a default page:
<defaultDocument>
<files>
<clear/>
<add value="default.aspx"/>
</files>
</defaultDocument>
For example when a user enters www.homeforhire.com they should be redirected to default.aspx (for operational reasons the user is then redirected to
www.homeforhire.com/home.aspx).
Instead an error is caught in the Rewrite module (which should not be activated). I am using an http module to perform URL rewriting.
It appears as if the default document setup is not working correctly, and the requested page ~/ is being sent to the Rewrite module, causing an error (which is then caught by my error handler and the user is redirected to the home page).
Entering www.homeforhire.com/default.aspx works correctly.
Can anyone tell me why the default document settings in the web.config do not appear to be working?
View 1 Replies
Feb 16, 2011
I need to force every request to https://www.mysite.com (always with https and www)
The site is hosted in GoDaddy and I need to do it via IIS7 URL Rewrite Module.
I've been able to do the HTTPS redirect with the following code:
<system.webServer>
<rewrite>
<rules>
<rule name="Canonical Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^mysite.com$" />
</conditions>
<action type="Redirect" url="https://www.mysite.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
Test cases
http://mysite.com -> https://www.mysite.com OK
http://www.mysite.com -> https://www.mysite.com NOT WORKING
I guess the condition is not being satisfied when I enter www.mysite.com in the browser, so there's no redirect and the page serves as HTTP instead of HTTPS.
I think I just need to modify the condition pattern, but I have almost nothing regex knowledge and I need this asap.
View 1 Replies
Jan 9, 2011
I'm writing an HTTP handler in ASP.NET 4.0 and IIS7 and I need to generate a file-not-found condition.
I copied the following code from Mathew McDonald's new book, Pro ASP.Net 4 in C# 2010. (The response variable is an instance of the current HttpResponse.)
response.Status = "File not found";
response.StatusCode = 404;
However, I found that the first line generates the run-time error HTTP status string is not valid.
If, instead of the lines above, I use the following:
response.Status = "404 Not found";
Then everything seems to work fine. In fact, I even see that response.StatusCode is set to 404 automatically.
My problem is that I don't want this to fail on the production server. So I'd feel much better if I could understand the "correct" way to accomplish this. Why did the first approach work for Mathew McDonald but not for me? And is the second approach always going to be reliable?
View 1 Replies
Jun 16, 2010
MVC has a method LogOn in AccountControllers. It has parameter returnUrl to redirect after login. I used this method to redirect to login page and back to previous page after logined by returnUrl parameter.My code in form view
<%= Html.ActionLink("sign in", "LogOn", "Account", new { returnUrl = Request.RawUrl })%>
But it doesn't work
View 2 Replies
Sep 15, 2010
I want to remove "returnurl=/blabla" from address bar when a user want to access to a login required page. Because I'm trying to redirect the user to a static page after login to do some selections.
View 4 Replies
Jan 26, 2011
Is it possible clear ReturnUrl from the server? I have a login page where the user logouts and I want to direct them to a specific page but when ReturnURL is set it overrides my redirect page.
Update:Ideally, I will only redirect a user who has just logged out versus someone who has bookmarked OR I will redirect regardless in special cases.So these are the cases:A link or bookmark -> should redirect to specified page in most case.A logout that has a returnurl -> should NOT redirect to the page,A special case -> should always redirect to my special case, i.e when a user needs to see something important
Is there a way to remove the returnurl from the logout/login status control?
View 2 Replies
Dec 16, 2010
my AccountController has this action :
[Code]....
currently, if the login succeds, it redirects to the homepage, but i want to redirect to the string returnURL.
View 2 Replies
Apr 8, 2010
For a testproject I use two Login pages. I order to do that I use a dispatcher page:
Dispatcher:
[Code]....
I then just redirect in the dispatcher to the real login-page according to the ReturnUrl. So far so good. The only problem I have is that I don't get redirected to the ReturnUrl once I'm logged in... Of course I add the ReturnUrl to the forwarded Login-Page (/Admin/Login.aspx?ReturnUrl=...).
View 5 Replies
Apr 4, 2011
I have such URL
localhost/Login/LogOn?ReturnUrl=/#&q=my%20search%20word&f=1//447044365|2//4
I need to get hash parameters to navigate in the application after authentication.
I try to catch it like this
<input name="returnUrl" value="<%= ViewContext.HttpContext.Request.Url.PathAndQuery %>" type="hidden" />
But result is
/Login/LogOn?ReturnUrl=/
I tried to take away "/#" in the URL, then I get whole URL. But I need to use this URL as it is.
View 1 Replies
Aug 24, 2010
I'm building my asp.net 4.0 website with url routing. It works great, except that I have stumbled upon one problem. The problem is that when a logged in user is on one of the non-public pages and gets loged out, the return url is set to the page he or she was previously visiting. When logging in again, the ReturnUrl is non routed url (something like login.aspx?ReturnUrl=somethingsomething). This poses a problem for some of my pages where I have a default value stored in the route; it simply doesn't get picked up with the non routed url of the ReturnUrl.The result is a broken page (404).
View 2 Replies
May 28, 2010
I am writing an application with UrlRewriter.net and I would like it to be able to redirect from login pages to ReturnUrl's.
What I would like to do is something on the lines of http://www.website.com/loginpage/[EncodedURL] but when I try it, it says "Bad Request".]
View 2 Replies
Dec 16, 2010
I am creating MVC e-commerce website.
There is an "Add to Cart" button on product detail page, and If I click the button, it should be directed to login page.
After I login, it should be re-directed to the product detail page.
"Add to Cart" button is a CartConroller action.
In CartController.cs :
[Code]....
In AccountController.cs :
[Code]....
the product should not be added into the cart before login, so I put [Authorize] on AddToCart action.
however if I click the "add to cart" button, it directs to the login page, and if I login, it gives me an error because it lost all the AddToCart action's parameter information(e.g. Cart cart, int productId, string returnURL)
View 3 Replies
Mar 30, 2010
I am having an endless problem with the following.When a user logs in I want him directed to a spesific page an not the ReturnURL. How do I enforce this?I am coding in C#
View 1 Replies
Feb 19, 2010
I'm using ASP.NET Membership and Form Authentication and before redirecting to the returnURL I wanted to validate it. For those unfamiliar with the workflow, basically if you request a page that requires that you are authenticated, you are redirected to a login page. In the URL string you'll see a parameter called returnURL, e.g. [URL]
Whether you use this in a redirect such as Response.Redirect(returnURL) or indirectly through the FormsAuthentication.RedirectFromLoginPage method, it passes without validating returnURL.
FormsAuthentication.RedirectFromLoginPage does have a security check that it is isn't leaving the domain, but that still doesn't stop someone from putting enough random characters to cause an error.
I tried using System.IO.File.Exists(Server.MapPath(returnURL)) but given enough illegal characters it cause Server.MapPath to error.
Note: URLEncoding doesn't work because we are not cleaning a parameter, but the primary URL.
View 1 Replies
Sep 16, 2010
I'm having trouble with the ReturnUrl property using forms authentication. If my URL is [URL], the ReturnURL value in the querystring is ignored and it always sends me to the defaultUrl value default.aspx.
login.aspx:
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked)
web.config:
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
View 1 Replies
Oct 21, 2010
I've got a couple pages in my web app that are used by external applications. They will link to the pages, and pass in various querystring values to allow my app to do the searching and return the results in the page. The problem is, if the user is not yet logged into the web app, they are sent to the login page, and the ReturnURL is truncated to include only the first QueryString value. I lose the rest of the values. So far I haven't figured out a solution to this. Here's a quick example:
The external application links the user to:
[URL]
If the user is not logged in they are sent to the login page, and the current URL looks like this:
[URL]
View 4 Replies