0

I has deploy my asp web application to my server already. However I having a problem about the URL. Let say my websiste address is: http://mixsol.no-ip.biz/testing2/Module/Admin/Role/CreateRoleSetup.aspx

I want to response user to error page when user key in the invalid address: For example:

http://mixsol.no-ip.biz/testing2/

http://mixsol.no-ip.biz/testing2/Module/

http://mixsol.no-ip.biz/testing2/Module/Admin

and others

How can I ensure the user is key in the valid address?

Improve this question
3
  • You can't. If a user mistypes a URL, you can't control that. Commented Oct 26, 2011 at 18:17
  • I'm pretty sure the server handles that for you. If you go to a page that doesn't exist, it should already give you a 404 error. Commented Oct 26, 2011 at 18:19
  • IIS should handle that if the page doesn't exist and throw a 404 error, (which you can customize - that would be a question for serverfault.com). If you don't want users to access the pages , you need to secure them somehow - via role-based restrictions, etc. but as @Oded said, there's no reliable way to stop them simply typing in a URL for a page if it exists. All of the methods that might work (checking the urlReferrer, for example) are easily bypassed. Commented Oct 26, 2011 at 18:20

2 Answers 2

Reset to default
2

It sounds like you want, is to set up a custom 404 page (and I may have misunderstood completely). This can be setup through your web.config with customErrors. Something like

<customErrors mode="RemoteOnly">
    <error statusCode="404" redirect="/404.aspx"/>
</customErrors>

Depending on your version of IIS, you may need to also set the custom 404 in the settings as well to catch bad urls if they don't run through ASP.NET.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@user998405 As other's mentioned. You cannot control the user input. Nothing you can do can prevent me from typing in yoursite.com/givemeallyourpasswords It's up to your site to handle that as an error and decide what to do with it. If you're trying to secure certain areas, you need to implement some sort of authentication.
thanks for anyone who comment me. However how to i ensure the user enter a valid address? because i wan to store the address that user are entered before to the session
To add on to Doozer's comment, you could even use the 404 error to try and determine what the correct URL should be and redirect them. There are lots of little tricks you can do by catching the 404 error.
Hi can i use try and catch to catch the 404 error ? then response user to another page?
1

You cannot control what the user enters into the address bar, and therefore cannot control whether they enter a valid URL. All you can do is handle the 404 error. When a 404 error occurs, you can either direct them to a friendly error page, or you can try to determine the correct URL based on what they entered and direct them there. You could also use a combination of both, and direct them to a friendly error page if you're unable to determine the correct URL.

Improve this answer

3 Comments

Hi thank for your comment. However is that any way that i can ensure user is key in a valid address? For example : mixsol.no-ip.biz/testing2/Module/Admin/Role/…. It is correct address . then i want store the valid address to the session
Did you read my answer? You cannot control what the user types into the address bar. That is completely and totally outside of your control. Malware sites can only dream about such a feature.
What do you mean by storing the valid address in session? You can store the URL in session, but I don't see how that would help you. I would focus your attention on how to handle invalid URLs rather than how to avoid them.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.