frenzypeng / securityswitch

Automatically exported from code.google.com/p/securityswitch
Other
0 stars 0 forks source link

Regex Help Please #49

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,

As you can see from my paths, I am securing the whole admin section - all great!

The second path is my problem - I am rewriting URLs that go to...
for example default.aspx?clid=car?page=members&id=id

I want to protect all pages where page='members' and there may be other 
parameters to follow 'page'

Version 4.1

<paths>
            <add path="~/admin/" />
            <add path="~/Default\.aspx\?clid=[0-9a-zA-z\-_]+\&amp;page=mycontrols*$" matchType="Regex" />
            <add path="~/Folders/" security="Ignore" />
        </paths>

I just can't get the REGEX to work.

Cheers,
Jack

Original issue reported on code.google.com by Dev...@gmail.com on 3 Mar 2014 at 6:18

GoogleCodeExporter commented 8 years ago
You mentioned rewriting URLs. Are you, in fact, using the IIS URL Rewrite 
module to do that? If so, it is extremely likely that by the time 
SecuritySwitch sees the URL, it is already rewritten. In that case, you'll have 
to write your secure paths for the rewritten URLs.

If that's not the case, I'll point out that you state you want to protect 
Default.aspx where "page=members", but your paths example shows 
"page=mycontrols".

Further, I would write the regex as follows, based on your statement (and 
assuming that clid will always be the first parameter with page the second 
parameter). If the parameter order could vary, let me know and I'll send you 
another one to work with.

...
    <add path="~/Default\.aspx\?clid=[0-9a-zA-Z\-_]+\&page=members(&.+)*$" matchType="Regex" />
...

Original comment by vent...@gmail.com on 3 Mar 2014 at 7:47

GoogleCodeExporter commented 8 years ago
Thanks, sorry I mixed up members and my controls and yes the rewrite is:-

<rule name="RewriteForTabViews" stopProcessing="true">
<match url="^([_0-9a-z-]+)/([_0-9a-z-]+)/([_0-9a-z-]+)"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
<!--  The following condition prevents rule from rewriting requests to .axd 
files -->
<add input="{URL}" negate="true" pattern="\.axd$"/>
</conditions>
<action type="Rewrite" url="default.aspx?clid={R:1}&page={R:2}&tv={R:3}"/>
</rule>

It is the 'page' param that is important as these usercontrols(ascx)files are 
either in need of protection or not.

I couldn't get your sample to work but I see that if I hard code the original 
URL like.....
<add path="~/myclid/mycontrols/" /> - IT works!

How do I write that so that 'myclid' can be anything please?

j

Original comment by Dev...@gmail.com on 3 Mar 2014 at 8:51

GoogleCodeExporter commented 8 years ago
You should be able to use something similar with that URL. See below.

<add path="~/[0-9a-zA-Z\-_]+/mycontrols" matchType="Regex" />

Original comment by vent...@gmail.com on 3 Mar 2014 at 9:45

GoogleCodeExporter commented 8 years ago
That's it!

Thank you so much. I can control all the areas I need to now.

Cheers,
Jack

Original comment by Dev...@gmail.com on 3 Mar 2014 at 9:48

GoogleCodeExporter commented 8 years ago
That's great! I'm glad that gets things moving for you.

Original comment by vent...@gmail.com on 3 Mar 2014 at 10:37