tags:

views:

219

answers:

2
+1  Q: 

ASP.Net How to enforce the HTTP get URL format?

[Sorry about a messy question. I believe I am targeting .Net 2.0 (for now)]

Hi, I am an ASP.NET noob. For starters I am building a page that parses a URL string and populates a table in a database. I want that string to be strictly of the form:

http://<server>:<port>/PageName.aspx?A=1&B=2&C=3&D=4&E=5

The order of the arguments does not matter, I just do not want any of them missing, or any extras. Here is what I tried (yes, it is ugly; I just want to get it to work first):

#if (DEBUG)
        // Maps parameter names to their human readable names.
        // Used for error checking.
        private static Dictionary<string, string> paramNameToDisplayName = new Dictionary<string, string> {
            { "A", "a"},
            { "B", "b"},
            { "C", "c"},
            { "D", "d"},
            { "E", "e"},
            { "F", "f"},
       };


        [Conditional("DEBUG")]
        private void validateRequestParameters(HttpRequest request)
        {
            bool endResponse = false;
            // Use foreach var
            foreach (string expectedParameterName in paramNameToDisplayName.Keys)
            {
                if (request[expectedParameterName] == null)
                {
                    Response.Write(String.Format("No parameter \"{0}\", aka {1} was passed to the configuration generator. Check your URL string / cookie.",
                        expectedParameterName, paramNameToDisplayName[expectedParameterName]));
                    endResponse = true;
                }
            }
            // Use foreach var
            foreach (string actualParameterName in request.Params)
            {
                if (!paramNameToDisplayName.ContainsKey(actualParameterName))
                {
                    Response.Write(String.Format("The parameter \"{0}\", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.",
                        actualParameterName));
                    endResponse = true;
                }
            }
            if (endResponse)
            {
                Response.End();
            }
        }
#endif

and it works ok, except that it complains about all sorts of other stuff:

http://localhost:1796/AddStatusUpdate.aspx?X=0

No parameter "A", aka a was passed to the configuration generator. Check your URL string / cookie.No parameter "B", aka b was passed to the configuration generator. Check your URL string / cookie.No parameter "C", aka c was passed to the configuration generator. Check your URL string / cookie.No parameter "D", aka d was passed to the configuration generator. Check your URL string / cookie.No parameter "E", aka e was passed to the configuration generator. Check your URL string / cookie.No parameter "F", aka f was passed to the configuration generator. Check your URL string / cookie.The parameter "X", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "ASP.NET_SessionId", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "ALL_HTTP", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "ALL_RAW", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "APPL_MD_PATH", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "APPL_PHYSICAL_PATH", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "AUTH_TYPE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "AUTH_USER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "AUTH_PASSWORD", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "LOGON_USER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "REMOTE_USER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_COOKIE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_FLAGS", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_ISSUER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_KEYSIZE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_SECRETKEYSIZE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_SERIALNUMBER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_SERVER_ISSUER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_SERVER_SUBJECT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CERT_SUBJECT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CONTENT_LENGTH", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "CONTENT_TYPE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "GATEWAY_INTERFACE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTPS", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTPS_KEYSIZE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTPS_SECRETKEYSIZE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTPS_SERVER_ISSUER", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTPS_SERVER_SUBJECT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "INSTANCE_ID", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "INSTANCE_META_PATH", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "LOCAL_ADDR", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "PATH_INFO", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "PATH_TRANSLATED", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "QUERY_STRING", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "REMOTE_ADDR", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "REMOTE_HOST", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "REMOTE_PORT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "REQUEST_METHOD", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SCRIPT_NAME", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SERVER_NAME", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SERVER_PORT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SERVER_PORT_SECURE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SERVER_PROTOCOL", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "SERVER_SOFTWARE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "URL", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_CACHE_CONTROL", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_CONNECTION", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_ACCEPT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_ACCEPT_CHARSET", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_ACCEPT_ENCODING", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_ACCEPT_LANGUAGE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_COOKIE", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_HOST", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.The parameter "HTTP_USER_AGENT", was passed to the configuration generator, but it was not expected. Check your URL string / cookie.Thread was being aborted.

Is there some way for me to separate the implicit and the explicit parameters, or is it not doable? Should I even bother? Perhaps the philosophy of get is to just throw away that what is not needed.

Thanks!

+1  A: 

Your Dictionary should have a string key, your code doesn't have "" around the keys:

private static Dictionary<string, string> paramNameToDisplayName = new Dictionary<string, string> {
    { "A", "a"},
    { "B", "b"},
    { "C", "c"},
    { "D", "d"},
    { "E", "e"},
    { "F", "f"},

};

For the rest of the errors, try using this, your code was looking for all posted params, not just the querystring params (request.QueryString.AllKeys):

if (!request.QueryString.AllKeys.Contains<string>(expectedParameterName))
                {
                    Response.Write(String.Format("No parameter \"{0}\", aka {1} was passed to the configuration generator. Check your URL string / cookie.", expectedParameterName, paramNameToDisplayName[expectedParameterName]));
                    endResponse = true;
                }
derek  2010-04-19 22:29:49
Thanks! Turns out that I need generics and Linq for this to work.
Hamish Grubijan  2010-04-20 17:18:56
QUESTION: how do I get Contains<string> to work with case-insensitive comparer? I saw the option for the second parameter; I just do not know which generic class implements that interface and does what I want. thanks!
Hamish Grubijan  2010-04-20 22:37:25
Request.QueryString.AllKeys.Contains<string>(expectedParameterName, StringComparer.InvariantCultureIgnoreCase)
derek  2010-04-20 23:24:52
+1  A: 

As drousseau mentions, you'll need to use the QueryString collection instead of Params. Params includes ALL data passed on the request, which means cookies, form POST data, querystring parameters and servervariables.

It looks like you're checking the cookies as well, so you'll either need to do a separate check through that collection, or merge the two by using something like this:

        var both = (
            from key in Request.QueryString.AllKeys
            select new { Key = key, Value = Request.QueryString[key] }).Union(
            from key in Request.Cookies.AllKeys
            select new { Key = key, Value = Request.Cookies[key].Value }).ToDictionary(entry => entry.Key, entry => entry.Value);

It's also worth noting that you're also going to be getting a cookie dropped by ASP.NET session state. You can either code around it by explicitly ignoring cookies named "ASP.NET_SessionId" (easiest), or just turn off session state in web.config - you'll need to clear your cookies though.

EDIT: just saw the bit about targeting 2.0, which means that nice little LINQ statement is out of the question. It would probably be easiest to just check each of the collections (QueryString and Cookies) separately.

EDIT PART DEUX: Here's a non-LINQ alternative to using a single lookup:

        NameValueCollection both = new NameValueCollection(Request.QueryString);
        foreach (String key in Request.Cookies.AllKeys)
        {
            if (key != "ASP.NET_SessionId") both.Add(key, Request.Cookies[key].Value);
        }

Using a hard-coded string like that is ugly, but hey, it should work.

I'd also like to point out that if you used ASP.NET MVC or even just System.Web.Routing (both of which unfortunately require .NET 3.5), you wouldn't have to do ANY of this, since the routing framework does it all for you - and you'd get typed parameters to boot!

Daniel Schaffer  2010-04-19 22:41:39
Daniel, I might be able to upgrade to 3.5 or 4.0, BUT I am just diving into ASP.Net and there is limited time. In the LINQ example - once I have both, what do I do with it? Also, how exactly does a cookie affect me. I copied part of the error message from elsewhere but do not understand how a cookie comes into a play here. Thanks again!
Hamish Grubijan  2010-04-20 01:48:38
Use the "both" dictionary to iterate on and do your checks instead of Request.Params.I included the cookies because they're mentioned in your Response.Write call. ASP.NET uses something called session state (http://msdn.microsoft.com/en-us/library/ms972429.aspx) to persist data about a user's session between requests. The default way it keeps track of it is by using a cookie, which is set automatically. So, if you're checking for cookies, the session state cookie is going to show up automatically, which means you need to account for it if you're only expecting specified values to be set.
Daniel Schaffer  2010-04-20 02:51:45

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps