>I'm not clear enough on the details to try this yet, but if this is right, I
think I understand how it works.
Actually, I just thought about it some more and decided I did understand
it well enough to know where to try, and it worked!!
This is global.asax ...
<%@ Language="C#" %>
<script runat=server>
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
// Fake URLs will be like
https://secure.pixata.co.uk/order123.aspx
// check if the path is to a customer order
if (strPath.StartsWith("/order")) {
// get the order number
strPath = strPath.Substring(6);
if (strPath.Length > 0) {
// so there is more than just /order, knock off the .aspx (if
there is one)
if (strPath.EndsWith(".aspx")) {
string strOrderID = strPath.Substring(0, strPath.Length - 5);
// now check if the order ID is a plain integer.
try {
int intOrderID = Convert.ToInt32(strOrderID);
// got this far, so it must be an integer
Context.RewritePath("/pdap/order.aspx?orderid=" + strOrderID);
} catch {
Response.Redirect("/");
}
}
} else {
Response.Redirect("/");
}
}
}
</Script>
The idea is that if someone enters
http://whatever.com/order123.aspx it
will get rewritten to
http://whatever.com/order/pdap/order.aspx?orderid=123
Now, I have two issues left. The first is that I would really like to
use the URL...
http://whatever.com/order/123
without the .aspx, but this gives a page not found error, presumably
because the lack of .aspx extension means that IIS doesn't pass it to
the ASP.NET engine. Is there any simple way around this?
The bigger issue is that the /pdap/ folder (where the real .aspx page
resides) is protected by Forms authentication. At the moment, if someone
tries the URL
http://whatever.com/order123.aspx and are not logged in,
it sends them to the log in page. I would prefer they get sent elsewhere
(say to the home page as the other failed requests do now).
I tried adding ...
if (User.Identity.IsAuthenticated) {
and only doing the rewriting if this works. If this is false, I redirect
as with other failures.
Unfortunately it doesn't work. Even when you are not logged in, you get
sent to the log in page.
Can I get round this? I don't want non-users to know there is a log in
page at all.
Thanks for any help
--
Alan Silver
(anything added below this line is nothing to do with me)