Default document in URL after redirect

[Kiddailey]

I've been using this superb product for a while now.  It's a great tool and I cannot recommend it more highly.  There's just one thing about it that I wish was different and hoping that it can be easily modified :)

When you switch between security modes on paths without a filename (ie. use the default document name), the document is added to the end of the URL.  For example, given a path and file "/login/default.aspx", if I secure the login folder and link to "/login/" (without the filename) the path in the address bar will be changed to "/login/default.aspx" by SecuritySwitch.

The same happens when going from a secure page to an insecure one.

Note that it only happens if the referring page was in the opposite security mode as the destination page.  If you are already on a secure page when you navigate to another, the default document won't be added.

I realize this is somewhat of a cosmetic issue, but I don't like the filenames in my search-engine friendly URLs :)  Is there currently a way to change this so that path and query are the same between the redirection?  Or, can a setting be added to exclude default document names from the path?

Thanks!

[Matt S.]

Hi Kiddailey,

Thanks for the kind words. Now for the slightly bad news.

Unfortunately, ASP.NET adds the actual physical file to the request's URL before any module can get at the actual URL entered into the browser. This is a known "issue" with the Framework. "Issue" is in quotes, because it's by design to avoid certain infinite loop scenarios, but it's also a PITA when you really do want the requested URL. My vote is to have MS add a new property that lets you get at the actually requested URL.

For a brief explanation, with other links, of the issue, I recommend this Stack Overflow question: http://stackoverflow.com/questions/3618022/possible-bug-issue-in-asp-net-3-5-related-to-request-rawurl-property

Note: If you are using URL rewriting, this can be overcome and is the quickest solution for you now, if you can utilize it.


Now, that does not mean this is unsolvable. It just means, it will not be a quick fix. I've looked into some solutions. Unfortunately, IIS < 7 does not easily expose the list of default documents (remember, these are defined in IIS and can be multiple) to ASP.NET. IIS 6 used that horrible metabase for information that you won't always have permission to access. IIS 7 and above does expose a new defaultDocument section of the server.config/web.config.

That leaves us with a couple of options; all of which also require the addition of a new configuration flag for "removeDefaultDocumentOnRedirect", or similar.

1. Check for the system.webServer/defaultDocument section in configuration and iterate over all the entries listed there to see of the URL we are about to redirect to ends with one of them (accounting for query string, fragment, etc.). If the section does not exist, oh well; move along.
2. Add a new sub-section of this module's configuration that allows you to list the default documents you want to have removed (if the new flag is true). This would act much like #1, but it would work regardless of the version of IIS.
3. A combination of #1 and #2. If #1 produces any default documents, the module uses that method; otherwise, it falls back to #2.
4. I add another event to the module that allows you to modify the URL being redirected to before the redirect actually happens.

#4 gives you the most power, because you can use it for other scenarios that I can't think up just yet. However, it requires some work from you (a little string parsing and manipulation). It also would likely require you to hard code, or use appSettings or similar for, what you are removing from the URL.

My recommendation, for now, is to resort to IIS Url Rewrite, if you're using IIS 7+. This will ensure SEO for those default documents. There may be links to your site that already have the default.aspx in them. Using rewrite will remove them regardless of how the request is made. If you want the module to see the correct URL when it goes to redirect, follow these steps:

1. Disable default documents from your site in IIS (or via your web.config).
2. Install IIS Url Rewrite.
3. Setup one or more rewrite rules that will rewrite requests that do not end with a physical file name to their physical counterpart.
   
4. Be sure to use "rewrite", not "redirect" for this purpose.

The answer on the following thread shows how to use Url Rewrite to implement your default document: http://forums.iis.net/t/1163472.aspx.

I'll consider more on this for the future.

Thanks,

-Matt