0

I am facing issue in navigating to URL. My default page set to Login and my application URL is http://localhost:12345/#/.

This works well but there are two ways the user can login to application

  1. Direct through the application.
  2. Getting username and password trough query string.

When application is logging through Query String the url is like http://localhost:12345?auth=123654654656564/#/.

I would like to remove auth value from the URL. I tried to map the routing but it doesn't work.

routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}",
            defaults: new { controller = "Account", action = "Login"}
);

And also i tried to create one more action result that will return the view

routes.MapRoute(
            name: "ActualDefault",
            url: "{controller}/{action}",
            defaults: new { controller = "Account", action = "LoginQuery" }
);

Controller:

 public ActionResult Login()
 {
     if (Request.QueryString.Count > 0 && Request.QueryString != null)
     {
         //validating
         return RedirectToAction("LoginQuery", "Account");
     }
     else
     {
         return View();
     }
 }
 public ActionResult LoginQuery()
 {
        return View("Index");
 }

The above code removes query string but the URL will be http://localhost:12345/Account/LoginQuery/#/.

I just need the URL like http://localhost:12345/#/.

NightOwl888
  • 55,572
  • 24
  • 139
  • 212
NullReferenceException
  • 1,641
  • 15
  • 22
  • Not clear what your asking. Your not sending a username and password as a query string to a GET method are you? –  Jul 06 '16 at 10:47
  • And `if (Request.QueryString.Count > 0 && Request.QueryString != null)` would throw an exception if `QueryString` was `null` (you have then the wrong way around) –  Jul 06 '16 at 10:49
  • No actually the user can directly login through login page and also from other application the use can login through sending username and password as query string – NullReferenceException Jul 06 '16 at 13:56
  • I'm handling both from query string as well as through application(from login page user will enter username and password).If query string is null then user is entering the username and password. – NullReferenceException Jul 06 '16 at 14:21
  • seeing all URLs, I can see that is not under control of angularJS i.e `#/` is added after the URLs. I would've faced similar issue. seems like it would be best to control it from your other application. – Varit J Patel Jul 09 '16 at 17:30

1 Answers1

1

Logging in via Query String

I would be negligent not to point out that this is an extremely bad practice. You should always use HTTP POST when logging into an application and send the user secrets in the body of the post, not the query string.

See

Note that you can also create forms in plain HTML (or via angularjs) to call an MVC action method, or you can make an HTTP POST via JavaScript or some other programming language to do the same thing.

Query string values are completely ignored by MVC routing. But you can make a custom route use query string values.

public class LoginViaQueryStringRoute : RouteBase
{
    public override RouteData GetRouteData(HttpContextBase httpContext)
    {
        var path = httpContext.Request.Path;

        if (!string.IsNullOrEmpty(path))
        {
            // Don't handle URLs that have a path /controller/action
            return null;
        }

        var queryString = httpContext.Request.QueryString;

        if (!queryString.HasKeys())
        {
            // Don't handle the route if there is no query string.
            return null;
        }

        if (!queryString.AllKeys.Contains("username") && !queryString.AllKeys.Contains("password"))
        {
            // Don't handle the case where controller and action are missing.
            return null;
        }

        var routeData = new RouteData(this, new MvcRouteHandler());

        routeData.Values["controller"] = "Account";
        routeData.Values["action"] = "LoginQuery";
        routeData.Values["username"] = queryString["username"];
        routeData.Values["password"] = queryString["password"];

        return routeData;
    }

    public override VirtualPathData GetVirtualPath(RequestContext requestContext, RouteValueDictionary values)
    {
        return null;
    }
}

Usage

public class RouteConfig
{
    public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

        routes.Add(new LoginViaQueryStringRoute());

        routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
        );
    }
}

This route will now match http://localhost:12345/?username=foo&password=bar and send it to your LoginQuery action method.

Logging in via http://localhost:12345/#/

It is unclear how you expect this to work. Since everything after the hash tag are generally not sent to the server from the browser, http://localhost:12345/#/ is equivalent to http://localhost:12345/. So, you are effectively saying "I want my home page to be the login page".

In a typical MVC application, you would setup an AuthorizeAttribute on the home page to redirect the user to the login page. After the user logs in, they would be redirected back to the home page (or usually whatever secured page they initially requested).

[Authorize]
public ActionResult Index()
{
    return View();
}

If you want all of your application secured, you can register the AuthorizeAttribute globally and use AllowAnonymousAttribute on your public action methods (such as the login and register pages).

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new AuthorizeAttribute());
        filters.Add(new HandleErrorAttribute());
    }
}

And your login action methods:

[AllowAnonymous]
public ActionResult Login()
{
    //...
}

[AllowAnonymous]
[HttpPost]
public ActionResult Login(LoginModel model)
{
    //...
}

[AllowAnonymous]
public ActionResult LoginQuery(string username, string password)
{
    //...
}

But then, that is a typical MVC-only application.

If you are using Angular to make a SPA, then this could be a very different story. Namely, you would probably switch views on the client side without doing an HTTP 302 redirect to the login form (perhaps it would be a popup - who knows). The point is, without any details of how the client is setup to communicate with MVC, it is not possible to give you any useful advice on setting up MVC for your client beyond how you would typically setup MVC to work in a multi-page application.

NOTE: I can tell you that your routing is misconfigured. The Default and ActualDefault definitions cannot exist in the same route configuration because the first match always wins, therefore the first one will run and the other one will never run. Both of the route URL definitions will match any URL that is 0, 1, or 2 segments in length, so whichever you have first in the route table will match and the other one will be an unreachable execution path.

Community
  • 1
  • 1
NightOwl888
  • 55,572
  • 24
  • 139
  • 212
  • Thank you for the detailed explanation. Would you please suggest me how to send credentials in the http body? Actually Im passing query string from other application to this application.So Where i should add the credential details?How can access the http body in the current application. – NullReferenceException Jul 13 '16 at 09:03
  • I added some references for posting in MVC. However, do note that HTTP POST is also supported by most programming languages as well (including JavaScript). – NightOwl888 Jul 13 '16 at 09:55