Url Redirection

**Marc** · Jul 25 '08, 05:45 PM

Re: Url Redirection

"Nick" <a@a.comwrote in message
news:etPCCum7IH A.1420@TK2MSFTN GP06.phx.gbl...

Hi there,
>
I'm passing an HTML encoded string to an URL in the query parameter.
This query string works perfect in the website if you are already logged
on,

Try UrlEncode instead of HtmlEncode.

**Steven Cheng [MSFT]** · Jul 28 '08, 04:35 AM

RE: Url Redirection

Hi Nick,

As Marc has suggested, you can try using UrlEncode since that will make
sure the output characters are valid and safe one in http url string.
Generally if you have multiple querystring parameters, it should be
separated via "&" char.

BTW, why are you using querystring to store large data as querystring has
length limitation, is there any paritcular requirement here? You can
provide some further info about the application code logic or requirement
so that we can look for any other potential solutions.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.

=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

>From: "Nick" <a@a.com>
>Subject: Url Redirection
>Date: Fri, 25 Jul 2008 16:31:31 +0100

>
>Hi there,
>
I'm passing an HTML encoded string to an URL in the query parameter.
>This query string works perfect in the website if you are already logged

on,

>if you are not logged on the application calls
>FormsAuthentic ation.RedirectT oLoginPage() then the URL becomes malformed.
>
I then recieve the following error,
>
"The return URL specified for request redirection is invalid."
>
for example
>
?inputfile=F:%5 CFacebook%5CDoc uments%5CDocume nts%5CUser's%20 Guide.doc
>
then becomes
>
>

?ReturnUrl=%2fD SP%2fsecure%2fd efault.aspx%3fi nputfile%3dF%3a %255CFacebook%2 5
5CDocuments%255 CDocuments%255C User's%2520Guid e.doc&inputfile =F:%5CFacebook% 5
CDocuments%5CDo cuments%5CUser' s%20Guide.doc

>
Which is rather screwed. Any ideas how how I can work around this?
>
Thanks a million for your time in advance.
>
>Nick.
>
>
>

**Nick** · Jul 30 '08, 12:55 PM

Re: Url Redirection

Hi Marc,

Sorry what I meant to say was I am using the UrlEscape method in a C++
application that is invoking the url.

UrlEscapeA function (shlwapi.h) - Win32 apps

http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

Converts characters or surrogate pairs in a URL that might be altered during transport across the Internet ("unsafe" characters) into their corresponding escape sequences. (ANSI)

Nick.

"Marc " <RmEaMrOcVE@ima rc.co.ukwrote in message
news:uuUNCzn7IH A.4820@TK2MSFTN GP06.phx.gbl...

"Nick" <a@a.comwrote in message
news:etPCCum7IH A.1420@TK2MSFTN GP06.phx.gbl...

>Hi there,
>>
> I'm passing an HTML encoded string to an URL in the query parameter.
>This query string works perfect in the website if you are already logged
>on,

>
Try UrlEncode instead of HtmlEncode.
>

**Nick** · Jul 30 '08, 01:05 PM

Re: Url Redirection

Hi Steven,

I wouldn't say that a 256 character max path is too long for an URL
surely?

It needs to be invoked this way unfortunately as it's being called via
an add-in for another application.

I got the name of the method I am using incorrectly, it is UrlEncode,

UrlEscapeA function (shlwapi.h) - Win32 apps

http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

Converts characters or surrogate pairs in a URL that might be altered during transport across the Internet ("unsafe" characters) into their corresponding escape sequences. (ANSI)

Basically what is happening is the query is being re-escaped when the
server bounces it so it's escaping the escape characters.

Surely if the URL is working before being bounced, then it is not badly
formed?

Nick.

"Steven Cheng [MSFT]" <stcheng@online .microsoft.comw rote in message
news:Qm%23SNsG8 IHA.3236@TK2MSF TNGHUB02.phx.gb l...

Hi Nick,
>
As Marc has suggested, you can try using UrlEncode since that will make
sure the output characters are valid and safe one in http url string.
Generally if you have multiple querystring parameters, it should be
separated via "&" char.
>
BTW, why are you using querystring to store large data as querystring has
length limitation, is there any paritcular requirement here? You can
provide some further info about the application code logic or requirement
so that we can look for any other potential solutions.
>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.
>
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------

>>From: "Nick" <a@a.com>
>>Subject: Url Redirection
>>Date: Fri, 25 Jul 2008 16:31:31 +0100

>

>>
>>Hi there,
>>
> I'm passing an HTML encoded string to an URL in the query parameter.
>>This query string works perfect in the website if you are already logged

on,

>>if you are not logged on the application calls
>>FormsAuthenti cation.Redirect ToLoginPage() then the URL becomes malformed.
>>
> I then recieve the following error,
>>
> "The return URL specified for request redirection is invalid."
>>
> for example
>>
> ?inputfile=F:%5 CFacebook%5CDoc uments%5CDocume nts%5CUser's%20 Guide.doc
>>
> then becomes
>>
>>

?ReturnUrl=%2fD SP%2fsecure%2fd efault.aspx%3fi nputfile%3dF%3a %255CFacebook%2 5
5CDocuments%255 CDocuments%255C User's%2520Guid e.doc&inputfile =F:%5CFacebook% 5
CDocuments%5CDo cuments%5CUser' s%20Guide.doc

>>
> Which is rather screwed. Any ideas how how I can work around this?
>>
> Thanks a million for your time in advance.
>>
>>Nick.
>>
>>
>>

>

**Steven Cheng [MSFT]** · Jul 31 '08, 07:55 AM

Re: Url Redirection

Thanks for the followup Nick,

Would you post some of your page's code such as how to concatenate the
querystring (just the code snippet that is sufficient to repro the
behavior)? I'd like to have a test on my side.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.

=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

>From: "Nick" <a@a.com>
>References: <etPCCum7IHA.14 20@TK2MSFTNGP06 .phx.gbl>

<Qm#SNsG8IHA.32 36@TK2MSFTNGHUB 02.phx.gbl>

>Subject: Re: Url Redirection
>Date: Wed, 30 Jul 2008 13:53:40 +0100

>
>Hi Steven,
>
I wouldn't say that a 256 character max path is too long for an URL
>surely?
>
It needs to be invoked this way unfortunately as it's being called via
>an add-in for another application.
>
I got the name of the method I am using incorrectly, it is UrlEncode,
>

UrlEscapeA function (shlwapi.h) - Win32 apps

http://msdn.microsoft.com/en-us/library/bb773774(VS.85).aspx

Converts characters or surrogate pairs in a URL that might be altered during transport across the Internet ("unsafe" characters) into their corresponding escape sequences. (ANSI)

>
Basically what is happening is the query is being re-escaped when the
>server bounces it so it's escaping the escape characters.
>
Surely if the URL is working before being bounced, then it is not

badly

>formed?
>
>Nick.
>
>"Stev

**Nick** · Jul 31 '08, 08:25 AM

Re: Url Redirection

Hi Steven,

Sure no probs, the code that I'm using to create the URL is,

----

HRESULT hr;
TCHAR* pChrFileName = pStrFileName.Ge tBuffer();
DWORD pDWdSize = INTERNET_MAX_UR L_LENGTH;
TCHAR* pChrEncoded = (TCHAR*)calloc( pDWdSize, sizeof(TCHAR));
ZeroMemory(pChr Encoded, pDWdSize);
UrlEscape(pChrF ileName, pChrEncoded, &pDWdSize, NULL);
pStrFileName.Re leaseBuffer(0);
CString pStrEncoded = pChrEncoded;
free(pChrEncode d);

CString pStrURL = _T("http://www.myurl.com/default.aspx?in putfile=");
pStrURL += pStrEncoded;
CString pStrParams = _T("url.dll,Fil eProtocolHandle r ");
pStrParams += pStrURL;

----

pStrParams is then fired off to ShellExecuteEx which correctly opens the
URL in the default web browser.

Nick.

"Steven Cheng [MSFT]" <stcheng@online .microsoft.comw rote in message
news:w%23K$EGu8 IHA.4376@TK2MSF TNGHUB02.phx.gb l...

Thanks for the followup Nick,
>
Would you post some of your page's code such as how to concatenate the
querystring (just the code snippet that is sufficient to repro the
behavior)? I'd like to have a test on my side.
>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.
>
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no
rights.
>
--------------------

>>From: "Nick" <a@a.com>
>>References: <etPCCum7IHA.14 20@TK2MSFTNGP06 .phx.gbl>

<Qm#SNsG8IHA.32 36@TK2MSFTNGHUB 02.phx.gbl>

>>Subject: Re: Url Redirection
>>Date: Wed, 30 Jul 2008 13:53:40 +0100

>

>>
>>Hi Steven,
>>
> I wouldn't say that a 256 character max path is too long for an URL
>>surely?
>>
> It needs to be invoked this way unfortunately as it's being called via
>>an add-in for another application.
>>
> I got the name of the method I am using incorrectly, it is UrlEncode,
>>
> http://msdn.microsoft.com/en-us/libr...74(VS.85).aspx
>>
> Basically what is happening is the query is being re-escaped when the
>>server bounces it so it's escaping the escape characters.
>>
> Surely if the URL is working before being bounced, then it is not

badly

>>formed?
>>
>>Nick.
>>
>>"Stev

>

**Steven Cheng [MSFT]** · Aug 4 '08, 02:15 AM

Re: Url Redirection

Thanks for the reply Nick,

I haven't expected that the client code is for unmanaged cpp. Have you
tried some .NET based webrequest or webbrowser control based code to see
whether it can repro the same behavior?

Sincerely,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.

=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

>From: "Nick" <a@a.com>
>Subject: Re: Url Redirection
>Date: Thu, 31 Jul 2008 09:21:23 +0100

>
>Hi Steven,
>
Sure no probs, the code that I'm using to create the URL is,
>
----
>
HRESULT hr;
TCHAR* pChrFileName = pStrFileName.Ge tBuffer();
DWORD pDWdSize = INTERNET_MAX_UR L_LENGTH;
TCHAR* pChrEncoded = (TCHAR*)calloc( pDWdSize, sizeof(TCHAR));
ZeroMemory(pChr Encoded, pDWdSize);
UrlEscape(pChrF ileName, pChrEncoded, &pDWdSize, NULL);
pStrFileName.Re leaseBuffer(0);
CString pStrEncoded = pChrEncoded;
free(pChrEncode d);
>
CString pStrURL = _T("http://www.myurl.com/default.aspx?in putfile=");
pStrURL += pStrEncoded;
CString pStrParams = _T("url.dll,Fil eProtocolHandle r ");
pStrParams += pStrURL;
>
----
>
pStrParams is then fired off to ShellExecuteEx which correctly opens

the

>URL in the default web browser.
>
>Nick.
>
>
>
>"Steven Cheng [MSFT]" <stcheng@online .microsoft.comw rote in message
>news:w%23K$EGu 8IHA.4376@TK2MS FTNGHUB02.phx.g bl...

>Thanks for the followup Nick,
>>
>Would you post some of your page's code such as how to concatenate the
>querystring (just the code snippet that is sufficient to repro the
>behavior)? I'd like to have a test on my side.
>>
>Sincerely,
>>
>Steven Cheng
>>
>Microsoft MSDN Online Support Lead
>>
>>
>Delighting our customers is our #1 priority. We welcome your comments and
>suggestions about how we can improve the support we provide to you.

Please

>feel free to let my manager know what you think of the level of service
>provided. You can send feedback directly to my manager at:
>msdnmg@microsof t.com.
>>
>============== =============== =============== ======
>Get notification to my posts through email? Please refer to
>>

http://msdn.microsoft.com/subscripti...ult.aspx#notif

>ications.
>>
>============== =============== =============== ======
>This posting is provided "AS IS" with no warranties, and confers no
>rights.
>>
>--------------------

>>>From: "Nick" <a@a.com>
>>>References : <etPCCum7IHA.14 20@TK2MSFTNGP06 .phx.gbl>

><Qm#SNsG8IHA.3 236@TK2MSFTNGHU B02.phx.gbl>

>>>Subject: Re: Url Redirection
>>>Date: Wed, 30 Jul 2008 13:53:40 +0100

>>

>>>
>>>Hi Steven,
>>>
>> I wouldn't say that a 256 character max path is too long for an URL
>>>surely?
>>>
>> It needs to be invoked this way unfortunately as it's being called

via

>>>an add-in for another application.
>>>
>> I got the name of the method I am using incorrectly, it is UrlEncode,
>>>
>> http://msdn.microsoft.com/en-us/libr...74(VS.85).aspx
>>>
>> Basically what is happening is the query is being re-escaped when the
>>>server bounces it so it's escaping the escape characters.
>>>
>> Surely if the URL is working before being bounced, then it is not

>badly

>>>formed?
>>>
>>>Nick.
>>>
>>>"Stev

>>

>
>
>

**Nick** · Aug 6 '08, 01:35 PM

Re: Url Redirection

Hi Steven,

Indeed, it's part of an unmanaged addin for another application and
invoking via the shell is the most efficient way of achieving the desired
result as the browser will need to be opened if it isn't already.

I don't seem to have any control over this as it's all handled
internally and controlled via the web.config file afaik. So here is my
current thoughts...

1. The URL is created and escaped correctly.
2. The URL works on the site if logged in already
3. If not logged in ASP.NET screws with the URL and makes it invalid
then kicks you back to the login page.

So using my advanced powers of deduction. asp.net is screwing with my
query string and making it unusable? Therefore I can't see how this can be
worked around unless I can modify the query string during this process but
unfortunately none of my code is hit in page load for me to be able to. Or
am I able to perform the bounce manually somehow?

Thanks for your time again!

Nick.

"Steven Cheng [MSFT]" <stcheng@online .microsoft.comw rote in message
news:iAwWocd9IH A.1624@TK2MSFTN GHUB02.phx.gbl. ..

Thanks for the reply Nick,
>
I haven't expected that the client code is for unmanaged cpp. Have you
tried some .NET based webrequest or webbrowser control based code to see
whether it can repro the same behavior?
>
Sincerely,
>
Steven Cheng
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.
>
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------

>>From: "Nick" <a@a.com>
>>Subject: Re: Url Redirection
>>Date: Thu, 31 Jul 2008 09:21:23 +0100

>

>>
>>Hi Steven,
>>
> Sure no probs, the code that I'm using to create the URL is,
>>
> ----
>>
> HRESULT hr;
> TCHAR* pChrFileName = pStrFileName.Ge tBuffer();
> DWORD pDWdSize = INTERNET_MAX_UR L_LENGTH;
> TCHAR* pChrEncoded = (TCHAR*)calloc( pDWdSize, sizeof(TCHAR));
> ZeroMemory(pChr Encoded, pDWdSize);
> UrlEscape(pChrF ileName, pChrEncoded, &pDWdSize, NULL);
> pStrFileName.Re leaseBuffer(0);
> CString pStrEncoded = pChrEncoded;
> free(pChrEncode d);
>>
> CString pStrURL = _T("http://www.myurl.com/default.aspx?in putfile=");
> pStrURL += pStrEncoded;
> CString pStrParams = _T("url.dll,Fil eProtocolHandle r ");
> pStrParams += pStrURL;
>>
> ----
>>
> pStrParams is then fired off to ShellExecuteEx which correctly opens

the

>>URL in the default web browser.
>>
>>Nick.
>>
>>
>>
>>"Steven Cheng [MSFT]" <stcheng@online .microsoft.comw rote in message
>>news:w%23K$EG u8IHA.4376@TK2M SFTNGHUB02.phx. gbl...

>>Thanks for the followup Nick,
>>>
>>Would you post some of your page's code such as how to concatenate the
>>querystring (just the code snippet that is sufficient to repro the
>>behavior)? I'd like to have a test on my side.
>>>
>>Sincerely,
>>>
>>Steven Cheng
>>>
>>Microsoft MSDN Online Support Lead
>>>
>>>
>>Delighting our customers is our #1 priority. We welcome your comments
>>and
>>suggestions about how we can improve the support we provide to you.

Please

>>feel free to let my manager know what you think of the level of service
>>provided. You can send feedback directly to my manager at:
>>msdnmg@microsof t.com.
>>>
>>============= =============== =============== =======
>>Get notification to my posts through email? Please refer to
>>>

http://msdn.microsoft.com/subscripti...ult.aspx#notif

>>ications.
>>>
>>============= =============== =============== =======
>>This posting is provided "AS IS" with no warranties, and confers no
>>rights.
>>>
>>--------------------
>>>>From: "Nick" <a@a.com>
>>>>Reference s: <etPCCum7IHA.14 20@TK2MSFTNGP06 .phx.gbl>
>><Qm#SNsG8IHA. 3236@TK2MSFTNGH UB02.phx.gbl>
>>>>Subject: Re: Url Redirection
>>>>Date: Wed, 30 Jul 2008 13:53:40 +0100
>>>
>>>>
>>>>Hi Steven,
>>>>
>>> I wouldn't say that a 256 character max path is too long for an URL
>>>>surely?
>>>>
>>> It needs to be invoked this way unfortunately as it's being called

via

>>>>an add-in for another application.
>>>>
>>> I got the name of the method I am using incorrectly, it is
>>>UrlEncode,
>>>>
>>> http://msdn.microsoft.com/en-us/libr...74(VS.85).aspx
>>>>
>>> Basically what is happening is the query is being re-escaped when
>>>the
>>>>server bounces it so it's escaping the escape characters.
>>>>
>>> Surely if the URL is working before being bounced, then it is not
>>badly
>>>>formed?
>>>>
>>>>Nick.
>>>>
>>>>"Stev
>>>

>>
>>
>>

>

**Steven Cheng [MSFT]** · Aug 7 '08, 06:55 AM

Re: Url Redirection

Thanks for your reply Nick,

For this case, since the server-side has forms authentication to protect
the page. How about this;

1 for your add-in shell code, you can always first establish a initial http
get request to check whether you're redirected or not(or can directly
access the target page).

2. if you're not login yet and redirected, you should programmtically login
first.

3. After make sure you're login, you can just send http post with the
correct querystring(nee d to add the cookie data also).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to

Microsoft Learn: Build skills that open doors in your career

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif

Gain technical skills through documentation and training, earn certifications and connect with the community

ications.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

>From: "Nick" <a@a.com>
>Subject: Re: Url Redirection
>Date: Wed, 6 Aug 2008 14:27:07 +0100

>
>Hi Steven,
>
Indeed, it's part of an unmanaged addin for another application and
>invoking via the shell is the most efficient way of achieving the desired
>result as the browser will need to be opened if it isn't already.
>
I don't seem to have any control over this as it's all handled
>internally and controlled via the web.config file afaik. So here is my
>current thoughts...
>
1. The URL is created and escaped correctly.
2. The URL works on the site if logged in already
3. If not logged in ASP.NET screws with the URL and makes it invalid
>then kicks you back to the login page.
>
So using my advanced powers of deduction. asp.net is screwing with my
>query string and making it unusable? Therefore I can't see how this can

be

>worked around unless I can modify the query string during this process but
>unfortunatel y none of my code is hit in page load for me to be able to.

Or

>am I able to perform the bounce manually somehow?
>
Thanks for your time again!
>
>Nick.
>
>"St

Url Redirection

Url Redirection

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment