question

McBrideMichael-2554 avatar image
0 Votes"
McBrideMichael-2554 asked YijingSun-MSFT commented

Web Cache Deception

Having a problem with our classic webforms webapp.

The problem is, if you go to /SensitivePage.aspx/image.jpg, then a web cache server may cache the response because it ends with .jpg. WebForms will allow going to /SensitivePage.aspx/image.jpg, it treats the URL as if it were /SensitivePage.aspx.

How can I change this so going to /SensitivePage.aspx/image.jpg will return a 404 because the file does not actually exist?

dotnet-aspnet-webforms
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi @McBrideMichael-2554 ,
As far as I think,you could use Server.MapPath to verify the existence of the file and then route to the url.

 if(File.Exists(Server.MapPath("/images/items/"+item.Name+".jpg")))

Best regards,
Yijing Sun

0 Votes 0 ·

I found that I can either rely on Request.PathInfo being empty, or use the Request's Uri without query string to check if the file exists or not.
Request.PathInfo seems to be non-empty whenever you have a request like this: /SensitivePage.aspx/image.jpg, and it will be "/image.jpg".

0 Votes 0 ·

Hi @McBrideMichael-2554 ,

The pathInfo is ignored. There are two ways:

  1. You need to use absolute path instead of relative path.

  2. You can try to check the Request's PathInfo property to see whether it exists.

      void Application_BeginRequest(object sender, EventArgs e){
             //Code that runs when an unhandled error occurs
             string strPathInfo=Context.Request.PathInfo;
        
         //if strPathInfo is not correct, then redirect user to another page
        //Response.Redirect("error.page");
     }
    






0 Votes 0 ·

0 Answers