///<summary> /// Set the portalid, taking the current request and locating which portal is being called based on this request. /// </summary> /// <param name="request">request</param> private static void SetPortalId(HttpRequest request) { string domainName = Globals.GetDomainName(request, true); PortalAliasInfo pai = PortalSettings.GetPortalAliasInfo(domainName); if (pai != null) { PortalId = pai.PortalID; } }
///<summary> /// Set the portalid, taking the current request and locating which portal is being called based on this request. /// </summary> /// <param name="request">request</param> private void SetPortalId(HttpRequest request) { string domainName = DotNetNuke.Common.Globals.GetDomainName(request, true); string portalAlias = domainName.Substring(0, domainName.IndexOf("/svc")); PortalAliasInfo pai = PortalSettings.GetPortalAliasInfo(portalAlias); if (pai != null) { PortalId = pai.PortalID; } }
public void OnBeginRequest(object s, EventArgs e) { HttpApplication app = (HttpApplication)s; HttpServerUtility Server = app.Server; HttpRequest Request = app.Request; HttpResponse Response = app.Response; string requestedPath = app.Request.Url.AbsoluteUri; // URL validation // check for ".." escape characters commonly used by hackers to traverse the folder tree on the server // the application should always use the exact relative location of the resource it is requesting string strURL = Request.Url.AbsolutePath; string strDoubleDecodeURL = Server.UrlDecode(Server.UrlDecode(Request.RawUrl)); if (strURL.IndexOf("..") != -1 || strDoubleDecodeURL.IndexOf("..") != -1) { throw (new HttpException(404, "Not Found")); } //fix for ASP.NET canonicalization issues http://support.microsoft.com/?kbid=887459 if (Request.Path.IndexOf('\u005C') >= 0 || Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) { throw (new HttpException(404, "Not Found")); } //check if we are upgrading/installing if (Request.Url.LocalPath.ToLower().EndsWith("install.aspx")) { return; } // save original url in context app.Context.Items.Add("UrlRewrite:OriginalUrl", app.Request.Url.AbsoluteUri); // Friendly URLs are exposed externally using the following format // http://www.domain.com/tabid/###/mid/###/ctl/xxx/default.aspx // and processed internally using the following format // http://www.domain.com/default.aspx?tabid=###&mid=###&ctl=xxx // The system for accomplishing this is based on an extensible Regex rules definition stored in /SiteUrls.config string sendTo = ""; // save and remove the querystring as it gets added back on later // path parameter specifications will take precedence over querystring parameters string strQueryString = ""; if (!String.IsNullOrEmpty(app.Request.Url.Query)) { strQueryString = Request.QueryString.ToString(); requestedPath = requestedPath.Replace(app.Request.Url.Query, ""); } // get url rewriting rules RewriterRuleCollection rules = RewriterConfiguration.GetConfig().Rules; // iterate through list of rules int intMatch = -1; for (int intRule = 0; intRule <= rules.Count - 1; intRule++) { // check for the existence of the LookFor value string strLookFor = "^" + RewriterUtils.ResolveUrl(app.Context.Request.ApplicationPath, rules[intRule].LookFor) + "$"; Regex objLookFor = new Regex(strLookFor, RegexOptions.IgnoreCase); // if there is a match if (objLookFor.IsMatch(requestedPath)) { // create a new URL using the SendTo regex value sendTo = RewriterUtils.ResolveUrl(app.Context.Request.ApplicationPath, objLookFor.Replace(requestedPath, rules[intRule].SendTo)); // obtain the RegEx match group which contains the parameters Match objMatch = objLookFor.Match(requestedPath); string strParameters = objMatch.Groups[2].Value; // process the parameters if (strParameters.Trim(null).Length > 0) { // split the value into an array based on "/" ( ie. /tabid/##/ ) strParameters = strParameters.Replace("\\", "/"); string[] arrParameters = strParameters.Split('/'); string strParameterDelimiter; string strParameterName; string strParameterValue; // icreate a well formed querystring based on the array of parameters for (int intParameter = 1; intParameter <= arrParameters.Length - 1; intParameter++) { // ignore the page name if (arrParameters[intParameter].ToLower().IndexOf(".aspx") == -1) { // get parameter name strParameterName = arrParameters[intParameter].Trim(null); if (strParameterName.Length > 0) { // add parameter to SendTo if it does not exist already if (sendTo.ToLower().IndexOf("?" + strParameterName.ToLower()) == -1 && sendTo.ToLower().IndexOf("&" + strParameterName.ToLower()) == -1) { // get parameter delimiter if (sendTo.IndexOf("?") != -1) { strParameterDelimiter = "&"; } else { strParameterDelimiter = "?"; } sendTo = sendTo + strParameterDelimiter + strParameterName; // get parameter value strParameterValue = ""; if (intParameter < (arrParameters.Length - 1)) { intParameter++; if (arrParameters[intParameter].Trim() != "") { strParameterValue = arrParameters[intParameter].Trim(null); } } // add the parameter value if (strParameterValue.Length > 0) { sendTo = sendTo + "=" + strParameterValue; } } } } } } intMatch = intRule; break; // exit as soon as it processes the first match } } // add querystring parameters back to SendTo if (!String.IsNullOrEmpty(strQueryString)) { string[] arrParameters = strQueryString.Split('&'); // iterate through the array of parameters for (int intParameter = 0; intParameter <= arrParameters.Length - 1; intParameter++) { // get parameter name string strParameterName = arrParameters[intParameter]; if (strParameterName.IndexOf("=") != -1) { strParameterName = strParameterName.Substring(0, strParameterName.IndexOf("=")); } // check if parameter already exists if (sendTo.ToLower().IndexOf("?" + strParameterName.ToLower()) == -1 && sendTo.ToLower().IndexOf("&" + strParameterName.ToLower()) == -1) { // add parameter to SendTo value if (sendTo.IndexOf("?") != -1) { sendTo = sendTo + "&" + arrParameters[intParameter]; } else { sendTo = sendTo + "?" + arrParameters[intParameter]; } } } } // if a match was found to the urlrewrite rules if (intMatch != -1) { if (rules[intMatch].SendTo.StartsWith("~")) { // rewrite the URL for internal processing RewriterUtils.RewriteUrl(app.Context, sendTo); } else { // it is not possible to rewrite the domain portion of the URL so redirect to the new URL Response.Redirect(sendTo, true); } } // *Note: from this point on we are dealing with a "standard" querystring ( ie. http://www.domain.com/default.aspx?tabid=## ) int TabId = -1; int PortalId = -1; string DomainName = null; string PortalAlias = null; PortalAliasInfo objPortalAliasInfo; // get TabId from querystring ( this is mandatory for maintaining portal context for child portals ) try { if (!(Request.QueryString["tabid"] == null)) { TabId = int.Parse(Request.QueryString["tabid"]); } // get PortalId from querystring ( this is used for host menu options as well as child portal navigation ) if (!(Request.QueryString["portalid"] == null)) { PortalId = int.Parse(Request.QueryString["portalid"]); } } catch (Exception) { //The tabId or PortalId are incorrectly formatted (potential DOS) throw (new HttpException(404, "Not Found")); } // alias parameter can be used to switch portals if (!(Request.QueryString["alias"] == null)) { // check if the alias is valid if (PortalSettings.GetPortalAliasInfo(Request.QueryString["alias"]) != null) { // check if the domain name contains the alias if (Strings.InStr(1, Request.QueryString["alias"], DomainName, CompareMethod.Text) == 0) { // redirect to the url defined in the alias Response.Redirect(Globals.GetPortalDomainName(Request.QueryString["alias"], Request, true)); } else // the alias is the same as the current domain { PortalAlias = Request.QueryString["alias"]; } } } // parse the Request URL into a Domain Name token DomainName = Globals.GetDomainName(Request); // PortalId identifies a portal when set if (PortalAlias == null) { if (PortalId != -1) { PortalAlias = PortalSettings.GetPortalByID(PortalId, DomainName); } } // TabId uniquely identifies a Portal if (PortalAlias == null) { if (TabId != -1) { // get the alias from the tabid, but only if it is for a tab in that domain PortalAlias = PortalSettings.GetPortalByTab(TabId, DomainName); if (PortalAlias == null || PortalAlias == "") { //if the TabId is not for the correct domain //see if the correct domain can be found and redirect it objPortalAliasInfo = PortalSettings.GetPortalAliasInfo(DomainName); if (objPortalAliasInfo != null) { if (app.Request.Url.AbsoluteUri.ToLower().StartsWith("https://")) { strURL = "https://" + objPortalAliasInfo.HTTPAlias.Replace("*.", ""); } else { strURL = "http://" + objPortalAliasInfo.HTTPAlias.Replace("*.", ""); } if (strURL.ToLower().IndexOf(DomainName.ToLower()) == -1) { strURL += app.Request.Url.PathAndQuery; } Response.Redirect(strURL, true); } } } } // else use the domain name if (PortalAlias == null || PortalAlias == "") { PortalAlias = DomainName; } //using the DomainName above will find that alias that is the domainname portion of the Url //ie. dotnetnuke.com will be found even if zzz.dotnetnuke.com was entered on the Url objPortalAliasInfo = PortalSettings.GetPortalAliasInfo(PortalAlias); if (objPortalAliasInfo != null) { PortalId = objPortalAliasInfo.PortalID; } // if the portalid is not known if (PortalId == -1) { if (!Request.Url.LocalPath.ToLower().EndsWith(Globals.glbDefaultPage.ToLower())) { // allows requests for aspx pages in custom folder locations to be processed return; } else { //the domain name was not found so try using the host portal's first alias if (Convert.ToString(Globals.HostSettings["HostPortalId"]) != "") { PortalId = Convert.ToInt32(Globals.HostSettings["HostPortalId"]); // use the host portal PortalAliasController objPortalAliasController = new PortalAliasController(); ArrayList arrPortalAliases; arrPortalAliases = objPortalAliasController.GetPortalAliasArrayByPortalID(int.Parse(Convert.ToString(Globals.HostSettings["HostPortalId"]))); if (arrPortalAliases.Count > 0) { //Get the first Alias objPortalAliasInfo = (PortalAliasInfo)arrPortalAliases[0]; if (app.Request.Url.AbsoluteUri.ToLower().StartsWith("https://")) { strURL = "https://" + objPortalAliasInfo.HTTPAlias.Replace("*.", ""); } else { strURL = "http://" + objPortalAliasInfo.HTTPAlias.Replace("*.", ""); } if (TabId != -1) { strURL += app.Request.Url.Query; } Response.Redirect(strURL, true); } } } } if (PortalId != -1) { // load the PortalSettings into current context PortalSettings _portalSettings = new PortalSettings(TabId, objPortalAliasInfo); app.Context.Items.Add("PortalSettings", _portalSettings); } else { // alias does not exist in database // and all attempts to find another have failed //this should only happen if the HostPortal does not have any aliases StreamReader objStreamReader; objStreamReader = File.OpenText(Server.MapPath("~/404.htm")); string strHTML = objStreamReader.ReadToEnd(); objStreamReader.Close(); strHTML = strHTML.Replace("[DOMAINNAME]", DomainName); Response.Write(strHTML); Response.End(); } }