1

I am trying to remove parameters from URL to make user friendly URL and to optimize URL for Search Engine optimization.

I have written below code in startup.cs

 routes.MapRoute(
                    name: "edit-project-route",
                    template: "manage-your-project/{id?}",
                    defaults: new { controller = "Manager", action = "EditProject" 
});

Edit Button is there in detail page as shown below:

enter image description here

Here is code of above page:

        @foreach (var item in Model)
        {
            count = count + 1;
            <tr>
                <td scope="row">@count</td>
                <td>@Html.DisplayFor(modelItem => item.Name)</td>
                <td>@Html.DisplayFor(modelItem => item.Technology)</td>
                <td>                    
                    <a href="/manage-your-project/@item.ProjectId" class="btn btn-sm btn-primary">Edit</a>
                    <a href="@Url.Action("DeleteProject",new { id=item.ProjectId})" class="btn btn-sm btn-danger">Delete</a>
                </td>
            </tr>
        }

Whenever I click on edit button, Below page is displayed in browser.

enter image description here

I want to remove highlighted ID from query string. Is there any way to achieve this by not affecting functionalities.

Janley Zhang
  • 1,567
  • 7
  • 11
Techno Crave
  • 423
  • 1
  • 7
  • 17
  • 2
    Removing `2` from url, how does it make user friendly? – Chetan Mar 30 '18 at 06:59
  • 1
    In general: no, how else is the browser going to tell the server what the ID is? There are two (ugly) ways to escape this: (i) use a `
    ` with POST, but that goes against all modern ways of working and has its own disadvantages, or (ii) set a cookie and then read in on the server, but what cookie value is being used if the user has two tabs open that should have different IDs? So again: no.
     – Peter B Mar 30 '18 at 07:01
  • I know that you can modify url clientside with history.pushState(); But this also removes the possibilty for the user to save the page as bookmark. Probably also if you change it then @PeterB answer will apply so... probably a no still.. – H.Mikhaeljan Mar 30 '18 at 07:02
  • @ChetanRanpariya Here 2 is primary key...If someone changes it and apply any other input i.e 5 ..then it will redirect to edit page of that id ..That's why i want to remove it from url – Techno Crave Mar 30 '18 at 07:02
  • @TechnoCrave if that user is not allowed on PK 5. Then do a check on the load and check if the user has permissions. Removing plain url is probably a bad solution. Meaning if he manually types the PK in it will still work so a bad solution. – H.Mikhaeljan Mar 30 '18 at 07:08
  • @TechnoCrave *So what*, just let them? Or if that other ID is protected: program to make it protected using a proper authorization / access rights mechanism. – Peter B Mar 30 '18 at 07:09
  • @H.Mikhaeljan As per discussion I guess I was trying to achieve the task in wrong way. use of authorization will be good instead of hiding parameters. Thanks!!! – Techno Crave Mar 30 '18 at 07:16
  • See [Multiple levels in MVC custom routing](https://stackoverflow.com/questions/31934144/multiple-levels-in-mvc-custom-routing) - If you customize routing you can make the URL whatever you want by mapping the URL to a primary key. – NightOwl888 Mar 30 '18 at 08:25

1 Answers1

1

If you want to get rid of the ID, you will need to lookup on your own a way to validate the functionality in more detail. We do this at times with blog posts, or otherwise. An example might be a route config like this.

routes.MapRoute(
     "Manage-Account",
     "manage/{projectName}",
      new {action = "EditProject", controller="Manager"}
  );

You could then have a method of your code that works like this

public IActionResult EditProject(string projectName){
    //TODO: Lookup the project, using the name, and display result
}

You could then get URLs such as

/Manage/My-Project or /Manage/Other-Project-Title

You can get a bit more advanced with this to remove the /manage/ part from this example, but often you have other consequences to understand.

Edit: Based on comments, your desire here is to improve security, which isn't going to be addressed by this solution. If a user only has edit rights to a specific value (Example id 1, but not 5) you want to validate this on both the GET and POST actions for editing to ensure that users are not manipulating the URL, this would go with friendly URL structures or otherwise.

Mitchel Sellers
  • 62,228
  • 14
  • 110
  • 173