Url Redirection

Discussion in 'ASP .Net' started by Nick, Jul 25, 2008.

  1. Nick

    Nick Guest

    Hi there,

    I'm passing an HTML encoded string to an URL in the query parameter.
    This query string works perfect in the website if you are already logged on,
    if you are not logged on the application calls
    FormsAuthentication.RedirectToLoginPage() then the URL becomes malformed.

    I then recieve the following error,

    "The return URL specified for request redirection is invalid."

    for example

    ?inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc

    then becomes

    ?ReturnUrl=%2fDSP%2fsecure%2fdefault.aspx%3finputfile%3dF%3a%255CFacebook%255CDocuments%255CDocuments%255CUser's%2520Guide.doc&inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc

    Which is rather screwed. Any ideas how how I can work around this?

    Thanks a million for your time in advance.

    Nick.
    Nick, Jul 25, 2008
    #1
    1. Advertising

  2. Nick

    Marc Guest

    "Nick" <> wrote in message
    news:...
    > Hi there,
    >
    > I'm passing an HTML encoded string to an URL in the query parameter.
    > This query string works perfect in the website if you are already logged
    > on,


    Try UrlEncode instead of HtmlEncode.
    Marc, Jul 25, 2008
    #2
    1. Advertising

  3. Hi Nick,

    As Marc has suggested, you can try using UrlEncode since that will make
    sure the output characters are valid and safe one in http url string.
    Generally if you have multiple querystring parameters, it should be
    separated via "&" char.

    BTW, why are you using querystring to store large data as querystring has
    length limitation, is there any paritcular requirement here? You can
    provide some further info about the application code logic or requirement
    so that we can look for any other potential solutions.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    >From: "Nick" <>
    >Subject: Url Redirection
    >Date: Fri, 25 Jul 2008 16:31:31 +0100


    >
    >Hi there,
    >
    > I'm passing an HTML encoded string to an URL in the query parameter.
    >This query string works perfect in the website if you are already logged

    on,
    >if you are not logged on the application calls
    >FormsAuthentication.RedirectToLoginPage() then the URL becomes malformed.
    >
    > I then recieve the following error,
    >
    > "The return URL specified for request redirection is invalid."
    >
    > for example
    >
    > ?inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc
    >
    > then becomes
    >
    >

    ?ReturnUrl=%2fDSP%2fsecure%2fdefault.aspx%3finputfile%3dF%3a%255CFacebook%25
    5CDocuments%255CDocuments%255CUser's%2520Guide.doc&inputfile=F:%5CFacebook%5
    CDocuments%5CDocuments%5CUser's%20Guide.doc
    >
    > Which is rather screwed. Any ideas how how I can work around this?
    >
    > Thanks a million for your time in advance.
    >
    >Nick.
    >
    >
    >
    Steven Cheng [MSFT], Jul 28, 2008
    #3
  4. Nick

    Nick Guest

    Hi Marc,

    Sorry what I meant to say was I am using the UrlEscape method in a C++
    application that is invoking the url.

    http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

    Nick.

    "Marc " <> wrote in message
    news:...
    > "Nick" <> wrote in message
    > news:...
    >> Hi there,
    >>
    >> I'm passing an HTML encoded string to an URL in the query parameter.
    >> This query string works perfect in the website if you are already logged
    >> on,

    >
    > Try UrlEncode instead of HtmlEncode.
    >
    Nick, Jul 30, 2008
    #4
  5. Nick

    Nick Guest

    Hi Steven,

    I wouldn't say that a 256 character max path is too long for an URL
    surely?

    It needs to be invoked this way unfortunately as it's being called via
    an add-in for another application.

    I got the name of the method I am using incorrectly, it is UrlEncode,

    http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

    Basically what is happening is the query is being re-escaped when the
    server bounces it so it's escaping the escape characters.

    Surely if the URL is working before being bounced, then it is not badly
    formed?

    Nick.

    "Steven Cheng [MSFT]" <> wrote in message
    news:Qm%...
    > Hi Nick,
    >
    > As Marc has suggested, you can try using UrlEncode since that will make
    > sure the output characters are valid and safe one in http url string.
    > Generally if you have multiple querystring parameters, it should be
    > separated via "&" char.
    >
    > BTW, why are you using querystring to store large data as querystring has
    > length limitation, is there any paritcular requirement here? You can
    > provide some further info about the application code logic or requirement
    > so that we can look for any other potential solutions.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > --------------------
    >>From: "Nick" <>
    >>Subject: Url Redirection
    >>Date: Fri, 25 Jul 2008 16:31:31 +0100

    >
    >>
    >>Hi there,
    >>
    >> I'm passing an HTML encoded string to an URL in the query parameter.
    >>This query string works perfect in the website if you are already logged

    > on,
    >>if you are not logged on the application calls
    >>FormsAuthentication.RedirectToLoginPage() then the URL becomes malformed.
    >>
    >> I then recieve the following error,
    >>
    >> "The return URL specified for request redirection is invalid."
    >>
    >> for example
    >>
    >> ?inputfile=F:%5CFacebook%5CDocuments%5CDocuments%5CUser's%20Guide.doc
    >>
    >> then becomes
    >>
    >>

    > ?ReturnUrl=%2fDSP%2fsecure%2fdefault.aspx%3finputfile%3dF%3a%255CFacebook%25
    > 5CDocuments%255CDocuments%255CUser's%2520Guide.doc&inputfile=F:%5CFacebook%5
    > CDocuments%5CDocuments%5CUser's%20Guide.doc
    >>
    >> Which is rather screwed. Any ideas how how I can work around this?
    >>
    >> Thanks a million for your time in advance.
    >>
    >>Nick.
    >>
    >>
    >>

    >
    Nick, Jul 30, 2008
    #5
  6. Thanks for the followup Nick,

    Would you post some of your page's code such as how to concatenate the
    querystring (just the code snippet that is sufficient to repro the
    behavior)? I'd like to have a test on my side.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "Nick" <>
    >References: <>

    <Qm#>
    >Subject: Re: Url Redirection
    >Date: Wed, 30 Jul 2008 13:53:40 +0100


    >
    >Hi Steven,
    >
    > I wouldn't say that a 256 character max path is too long for an URL
    >surely?
    >
    > It needs to be invoked this way unfortunately as it's being called via
    >an add-in for another application.
    >
    > I got the name of the method I am using incorrectly, it is UrlEncode,
    >
    > http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx
    >
    > Basically what is happening is the query is being re-escaped when the
    >server bounces it so it's escaping the escape characters.
    >
    > Surely if the URL is working before being bounced, then it is not

    badly
    >formed?
    >
    >Nick.
    >
    >"Stev
    Steven Cheng [MSFT], Jul 31, 2008
    #6
  7. Nick

    Nick Guest

    Hi Steven,

    Sure no probs, the code that I'm using to create the URL is,

    ----

    HRESULT hr;
    TCHAR* pChrFileName = pStrFileName.GetBuffer();
    DWORD pDWdSize = INTERNET_MAX_URL_LENGTH;
    TCHAR* pChrEncoded = (TCHAR*)calloc(pDWdSize, sizeof(TCHAR));
    ZeroMemory(pChrEncoded, pDWdSize);
    UrlEscape(pChrFileName, pChrEncoded, &pDWdSize, NULL);
    pStrFileName.ReleaseBuffer(0);
    CString pStrEncoded = pChrEncoded;
    free(pChrEncoded);

    CString pStrURL = _T("http://www.myurl.com/default.aspx?inputfile=");
    pStrURL += pStrEncoded;
    CString pStrParams = _T("url.dll,FileProtocolHandler ");
    pStrParams += pStrURL;

    ----

    pStrParams is then fired off to ShellExecuteEx which correctly opens the
    URL in the default web browser.

    Nick.



    "Steven Cheng [MSFT]" <> wrote in message
    news:w%23K$...
    > Thanks for the followup Nick,
    >
    > Would you post some of your page's code such as how to concatenate the
    > querystring (just the code snippet that is sufficient to repro the
    > behavior)? I'd like to have a test on my side.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    > --------------------
    >>From: "Nick" <>
    >>References: <>

    > <Qm#>
    >>Subject: Re: Url Redirection
    >>Date: Wed, 30 Jul 2008 13:53:40 +0100

    >
    >>
    >>Hi Steven,
    >>
    >> I wouldn't say that a 256 character max path is too long for an URL
    >>surely?
    >>
    >> It needs to be invoked this way unfortunately as it's being called via
    >>an add-in for another application.
    >>
    >> I got the name of the method I am using incorrectly, it is UrlEncode,
    >>
    >> http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx
    >>
    >> Basically what is happening is the query is being re-escaped when the
    >>server bounces it so it's escaping the escape characters.
    >>
    >> Surely if the URL is working before being bounced, then it is not

    > badly
    >>formed?
    >>
    >>Nick.
    >>
    >>"Stev

    >
    Nick, Jul 31, 2008
    #7
  8. Thanks for the reply Nick,

    I haven't expected that the client code is for unmanaged cpp. Have you
    tried some .NET based webrequest or webbrowser control based code to see
    whether it can repro the same behavior?

    Sincerely,

    Steven Cheng
    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    >From: "Nick" <>
    >Subject: Re: Url Redirection
    >Date: Thu, 31 Jul 2008 09:21:23 +0100


    >
    >Hi Steven,
    >
    > Sure no probs, the code that I'm using to create the URL is,
    >
    > ----
    >
    > HRESULT hr;
    > TCHAR* pChrFileName = pStrFileName.GetBuffer();
    > DWORD pDWdSize = INTERNET_MAX_URL_LENGTH;
    > TCHAR* pChrEncoded = (TCHAR*)calloc(pDWdSize, sizeof(TCHAR));
    > ZeroMemory(pChrEncoded, pDWdSize);
    > UrlEscape(pChrFileName, pChrEncoded, &pDWdSize, NULL);
    > pStrFileName.ReleaseBuffer(0);
    > CString pStrEncoded = pChrEncoded;
    > free(pChrEncoded);
    >
    > CString pStrURL = _T("http://www.myurl.com/default.aspx?inputfile=");
    > pStrURL += pStrEncoded;
    > CString pStrParams = _T("url.dll,FileProtocolHandler ");
    > pStrParams += pStrURL;
    >
    > ----
    >
    > pStrParams is then fired off to ShellExecuteEx which correctly opens

    the
    >URL in the default web browser.
    >
    >Nick.
    >
    >
    >
    >"Steven Cheng [MSFT]" <> wrote in message
    >news:w%23K$...
    >> Thanks for the followup Nick,
    >>
    >> Would you post some of your page's code such as how to concatenate the
    >> querystring (just the code snippet that is sufficient to repro the
    >> behavior)? I'd like to have a test on my side.
    >>
    >> Sincerely,
    >>
    >> Steven Cheng
    >>
    >> Microsoft MSDN Online Support Lead
    >>
    >>
    >> Delighting our customers is our #1 priority. We welcome your comments and
    >> suggestions about how we can improve the support we provide to you.

    Please
    >> feel free to let my manager know what you think of the level of service
    >> provided. You can send feedback directly to my manager at:
    >> .
    >>
    >> ==================================================
    >> Get notification to my posts through email? Please refer to
    >>

    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >> ications.
    >>
    >> ==================================================
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> --------------------
    >>>From: "Nick" <>
    >>>References: <>

    >> <Qm#>
    >>>Subject: Re: Url Redirection
    >>>Date: Wed, 30 Jul 2008 13:53:40 +0100

    >>
    >>>
    >>>Hi Steven,
    >>>
    >>> I wouldn't say that a 256 character max path is too long for an URL
    >>>surely?
    >>>
    >>> It needs to be invoked this way unfortunately as it's being called

    via
    >>>an add-in for another application.
    >>>
    >>> I got the name of the method I am using incorrectly, it is UrlEncode,
    >>>
    >>> http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx
    >>>
    >>> Basically what is happening is the query is being re-escaped when the
    >>>server bounces it so it's escaping the escape characters.
    >>>
    >>> Surely if the URL is working before being bounced, then it is not

    >> badly
    >>>formed?
    >>>
    >>>Nick.
    >>>
    >>>"Stev

    >>

    >
    >
    >
    Steven Cheng [MSFT], Aug 4, 2008
    #8
  9. Nick

    Nick Guest

    Hi Steven,

    Indeed, it's part of an unmanaged addin for another application and
    invoking via the shell is the most efficient way of achieving the desired
    result as the browser will need to be opened if it isn't already.

    I don't seem to have any control over this as it's all handled
    internally and controlled via the web.config file afaik. So here is my
    current thoughts...

    1. The URL is created and escaped correctly.
    2. The URL works on the site if logged in already
    3. If not logged in ASP.NET screws with the URL and makes it invalid
    then kicks you back to the login page.

    So using my advanced powers of deduction. asp.net is screwing with my
    query string and making it unusable? Therefore I can't see how this can be
    worked around unless I can modify the query string during this process but
    unfortunately none of my code is hit in page load for me to be able to. Or
    am I able to perform the bounce manually somehow?

    Thanks for your time again!

    Nick.

    "Steven Cheng [MSFT]" <> wrote in message
    news:...
    > Thanks for the reply Nick,
    >
    > I haven't expected that the client code is for unmanaged cpp. Have you
    > tried some .NET based webrequest or webbrowser control based code to see
    > whether it can repro the same behavior?
    >
    > Sincerely,
    >
    > Steven Cheng
    > Microsoft MSDN Online Support Lead
    >
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > --------------------
    >>From: "Nick" <>
    >>Subject: Re: Url Redirection
    >>Date: Thu, 31 Jul 2008 09:21:23 +0100

    >
    >>
    >>Hi Steven,
    >>
    >> Sure no probs, the code that I'm using to create the URL is,
    >>
    >> ----
    >>
    >> HRESULT hr;
    >> TCHAR* pChrFileName = pStrFileName.GetBuffer();
    >> DWORD pDWdSize = INTERNET_MAX_URL_LENGTH;
    >> TCHAR* pChrEncoded = (TCHAR*)calloc(pDWdSize, sizeof(TCHAR));
    >> ZeroMemory(pChrEncoded, pDWdSize);
    >> UrlEscape(pChrFileName, pChrEncoded, &pDWdSize, NULL);
    >> pStrFileName.ReleaseBuffer(0);
    >> CString pStrEncoded = pChrEncoded;
    >> free(pChrEncoded);
    >>
    >> CString pStrURL = _T("http://www.myurl.com/default.aspx?inputfile=");
    >> pStrURL += pStrEncoded;
    >> CString pStrParams = _T("url.dll,FileProtocolHandler ");
    >> pStrParams += pStrURL;
    >>
    >> ----
    >>
    >> pStrParams is then fired off to ShellExecuteEx which correctly opens

    > the
    >>URL in the default web browser.
    >>
    >>Nick.
    >>
    >>
    >>
    >>"Steven Cheng [MSFT]" <> wrote in message
    >>news:w%23K$...
    >>> Thanks for the followup Nick,
    >>>
    >>> Would you post some of your page's code such as how to concatenate the
    >>> querystring (just the code snippet that is sufficient to repro the
    >>> behavior)? I'd like to have a test on my side.
    >>>
    >>> Sincerely,
    >>>
    >>> Steven Cheng
    >>>
    >>> Microsoft MSDN Online Support Lead
    >>>
    >>>
    >>> Delighting our customers is our #1 priority. We welcome your comments
    >>> and
    >>> suggestions about how we can improve the support we provide to you.

    > Please
    >>> feel free to let my manager know what you think of the level of service
    >>> provided. You can send feedback directly to my manager at:
    >>> .
    >>>
    >>> ==================================================
    >>> Get notification to my posts through email? Please refer to
    >>>

    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >>> ications.
    >>>
    >>> ==================================================
    >>> This posting is provided "AS IS" with no warranties, and confers no
    >>> rights.
    >>>
    >>> --------------------
    >>>>From: "Nick" <>
    >>>>References: <>
    >>> <Qm#>
    >>>>Subject: Re: Url Redirection
    >>>>Date: Wed, 30 Jul 2008 13:53:40 +0100
    >>>
    >>>>
    >>>>Hi Steven,
    >>>>
    >>>> I wouldn't say that a 256 character max path is too long for an URL
    >>>>surely?
    >>>>
    >>>> It needs to be invoked this way unfortunately as it's being called

    > via
    >>>>an add-in for another application.
    >>>>
    >>>> I got the name of the method I am using incorrectly, it is
    >>>> UrlEncode,
    >>>>
    >>>> http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx
    >>>>
    >>>> Basically what is happening is the query is being re-escaped when
    >>>> the
    >>>>server bounces it so it's escaping the escape characters.
    >>>>
    >>>> Surely if the URL is working before being bounced, then it is not
    >>> badly
    >>>>formed?
    >>>>
    >>>>Nick.
    >>>>
    >>>>"Stev
    >>>

    >>
    >>
    >>

    >
    Nick, Aug 6, 2008
    #9
  10. Thanks for your reply Nick,

    For this case, since the server-side has forms authentication to protect
    the page. How about this;

    1 for your add-in shell code, you can always first establish a initial http
    get request to check whether you're redirected or not(or can directly
    access the target page).

    2. if you're not login yet and redirected, you should programmtically login
    first.

    3. After make sure you're login, you can just send http post with the
    correct querystring(need to add the cookie data also).

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "Nick" <>
    >Subject: Re: Url Redirection
    >Date: Wed, 6 Aug 2008 14:27:07 +0100


    >
    >Hi Steven,
    >
    > Indeed, it's part of an unmanaged addin for another application and
    >invoking via the shell is the most efficient way of achieving the desired
    >result as the browser will need to be opened if it isn't already.
    >
    > I don't seem to have any control over this as it's all handled
    >internally and controlled via the web.config file afaik. So here is my
    >current thoughts...
    >
    > 1. The URL is created and escaped correctly.
    > 2. The URL works on the site if logged in already
    > 3. If not logged in ASP.NET screws with the URL and makes it invalid
    >then kicks you back to the login page.
    >
    > So using my advanced powers of deduction. asp.net is screwing with my
    >query string and making it unusable? Therefore I can't see how this can

    be
    >worked around unless I can modify the query string during this process but
    >unfortunately none of my code is hit in page load for me to be able to.

    Or
    >am I able to perform the bounce manually somehow?
    >
    > Thanks for your time again!
    >
    >Nick.
    >
    >"St
    Steven Cheng [MSFT], Aug 7, 2008
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TC
    Replies:
    0
    Views:
    676
  2. Bob Rock
    Replies:
    0
    Views:
    359
    Bob Rock
    Sep 17, 2006
  3. Replies:
    0
    Views:
    308
  4. Replies:
    0
    Views:
    358
  5. river13
    Replies:
    0
    Views:
    363
    river13
    Nov 14, 2006
Loading...

Share This Page