CODEWITHSUNDEEP
asp.netencryptionurl-parameters
epaezr
epaezr

Reputation: 474

How to detect if the url has text after .aspx, to check an encrypted url query string

I have a web app that encrypts given information and sends it to another .aspx page for processing. But, some times that URL can come without any parameteres. It has a referral string.

For example, if the referral is active, the URL will be something like:

page.aspx??71FLgNVxFzZBuWxWfefSQPqV/1CaPVg71H4lNFVHm9G8VLO1x2er8Q==

But if it comes without referral it will be:

page.aspx

Here is my code:

 Protected Sub Page_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    If Not IsPostBack Then
        Dim strReq As String = ""
        strReq = Request.RawUrl
        strReq = strReq.Substring(strReq.IndexOf("?"c) + 1)

        If Not strReq.Equals("") Then
            strReq = DecryptQueryString(strReq)


            Dim arrMsgs As String() = strReq.Split("&"c)
            Dim arrIndMsg As String()
            Dim strRefId As String = "", strYear As String = "", strMonth As String = ""
            arrIndMsg = arrMsgs(0).Split("="c)

            strRefId = arrIndMsg(1).ToString().Trim()
            arrIndMsg = arrMsgs(1).Split("="c)

            strYear = arrIndMsg(1).ToString().Trim()
            arrIndMsg = arrMsgs(2).Split("="c)

            strMonth = arrIndMsg(1).ToString().Trim()

            resultadoLiteral.Text = "Hay referido: " & strRefId & " " & strYear & "-" & strMonth
        Else
            Response.Redirect("prueba1.aspx")
        End If
    End If
End Sub

Private Function DecryptQueryString(strQueryString As String) As String
    Dim objEDQueryString As New EncryptDecryptQueryString()
    Return objEDQueryString.Decrypt(strQueryString, "r0b1nr0y")
End Function

It works perfectly when the URL has paremeteres attached to it after the "?", but if the URL comes clean I'll get an error "Index was outside the bounds of the array." in this line:

strRefId = arrIndMsg(1).ToString().Trim()

How can I check if the url comes with paremeteres or not, something like

If Request.RawUrl IsNot Nothing Then
'Code for decrypt'
Else
results.Text = "There are no parameteres"
End If

Thanks!

Ron,

I've changed the code using your suggestion: Protected Sub Page_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    If Not IsPostBack Then
        Dim strReq As String = ""
        strReq = Request.RawUrl
        strReq = strReq.Substring(strReq.IndexOf("?"c) + 1)

        If strReq.IndexOf("?"c) >= 0 And Not strReq.Equals("") Then
            strReq = DecryptQueryString(strReq)


            Dim arrMsgs As String() = strReq.Split("&"c)
            Dim arrIndMsg As String()
            Dim strRefId As String = ""
            arrIndMsg = arrMsgs(0).Split("="c)

            strRefId = arrIndMsg(1).ToString().Trim()

            resultadoLiteral.Text = "Referal Id: " & strRefId 
        Else
            resultadoLiteral.Text = "There is no referal Id on URL"
        End If
    End If

End Sub

But when excecuting the code, if the URL has the encripted parameters, it works fine. But when the URL comes clean I'll get this error:

Index was outside the bounds of the array.

Excalty in the line 37:

strRefId = arrIndMsg(1).ToString().Trim()

I'm I missing something?

Upvotes: 1

Views: 235

Answers (2)

epaezr
epaezr

Reputation: 474

I tried a different workaround for this issue, checking if the url has any string attached after the ".aspx". Here is my new code:

If Not IsPostBack Then

        Dim requestUrl As Uri = HttpContext.Current.Request.Url
        Dim newUrl As New UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port, HttpContext.Current.Request.ApplicationPath)
        Dim currentQuery As String = requestUrl.Query

        If String.IsNullOrEmpty(currentQuery) Then
            resultadoLiteral.Text = "No hay parámetros"
        Else

            Dim strReq As String = ""
            strReq = Request.RawUrl
            strReq = strReq.Substring(strReq.IndexOf("?"c) + 1)

            strReq = DecryptQueryString(strReq)


            Dim arrMsgs As String() = strReq.Split("&"c)
            Dim arrIndMsg As String()
            Dim strRefId As String = ""
            arrIndMsg = arrMsgs(0).Split("="c)

            strRefId = arrIndMsg(1).ToString().Trim()


            resultadoLiteral.Text = "Hay referido: " & strRefId
        End If

    End If

Using currentQuery I was able to check the URL and pass the actions!

Thanks to @Ron C for giving me the necessary hints!

Upvotes: 0

RonC
RonC

Reputation: 33897

You just need to modify your code so that if strReq.IndexOf("?"c) return a value less than 0 then don't execute your decryption code. When this value is < 0 it indicates that there is no ? in the url.

So for example, you could change this line

  If Not strReq.Equals("") Then

to this

 If strReq.IndexOf("?"c) >= 0 And Not strReq.Equals("") Then

Upvotes: 1

Related Questions