Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I strip unnecessary information from a user friendly url before it gets to a controller action

We are trying to use custom routes in an ASP.NET MVC application to generate this url: 'http://example.com/Person/unnecessaryinfo-42'. The "unnecessaryinfo" is the name of the id which will make the URL hackable for the user. Below is the code for our route map. This works but my controller action ends up with "unnecesaryinfo-42" in the id parameter. Can I strip the "unnecessaryinfo-" before it reaches the controller action?

routes.MapRoute("person_id", "person/{id}",
    new { controller = "Customer", action = "Details" },
    new { id = @"unnecessaryinfo-\d" });

Edit:

Here's our latest code:

routes.MapRoute("person_id", "person/{unnecessaryinfo}-{id}",
    new { controller = "Customer", action = "Details" },
    new { id = @"[\d]{1,6}" });

The chapter on Routing from ASP.NET MVC 2 In Action (page 234) discusses avoiding the use of database IDs whenever possible but if you must use them, adding additional information to make the URL readable. This is what we're trying (unsuccessfully) to do. The database id currently ranges from 1 to 6 digits (and may grow over time).

like image 546
rkgallegos Avatar asked Oct 21 '10 18:10

rkgallegos


2 Answers

Your back and forth on Darin's answer makes me believe that you probably have another route which is being matched and used instead of this route:

routes.MapRoute("person_id", "person/{unnecessaryinfo}-{id}",
    new { controller = "Customer", action = "Details" },
    new { id = @"[\d]{1,6}" });

Switching the order in which the routes are added to the RouteCollection should fix the problem. More specific routes should be the first added to the collection. For instance if you also have this route:

routes.MapRoute("person_login", "person/{id}",
    new { controller = "Customer", action = "Details" });

It should appear after your more specific "person_id" route so your code would look like this:

routes.MapRoute("person_id", "person/{unnecessaryinfo}-{id}",
    new { controller = "Customer", action = "Details" },
    new { id = @"[\d]{1,6}" });

routes.MapRoute("person_login", "person/{id}",
    new { controller = "Customer", action = "Details" });

The URL your provided 'http://example.com/Person/unnecessaryinfo-42' will match to both routes, but since your more specific route appears first that's the route that will be used. When a less specific URL is mapped it won't match the first and therefore the second route will be used.

That said determining what routes a URL matches can be a bit tricky. Thankfully, there are two pretty good options that assist with route debugging:

  • Phil Haack provides an easy to implement URL Routing Debugger
  • Stephen Walther offers an alternative in Build a Controller to Debug Your Custom Routes

Stephen's solution is probably the best for longterm use, but Phil's is definitely the easier to implement for down and dirty debugging. I'd start with reordering your routes, but if that doesn't solve the issue use one of the aforementioned debuggers.

like image 112
ahsteele Avatar answered Oct 21 '22 10:10

ahsteele


routes.MapRoute(
    "person_id", 
    "person/{unnecessaryinfo}-{id}",
    new { controller = "Customer", action = "Details" },
    new { id = @"\d" }
);

You might also add some regex constraint in the unnecessaryinfo route token.

like image 39
Darin Dimitrov Avatar answered Oct 21 '22 10:10

Darin Dimitrov