I am using the IIS 7 Rewrite module to rewrite an incoming url like:
http://server/year/all
to
http://server/application/controller/year/all
Everything works fine, except when, while processing the rewritten request, I use MVC's UrlHelper.GenerateUrl() method:
UrlHelper.GenerateUrl(
"Assets",
"Css",
"Asset",
new RouteValueDictionary(new { site = site.Name, assetPath = assetPath }),
RouteTable.Routes,
controllerContext.RequestContext,
false);
Calling this method results in an HttpException:
System.Web.HttpException: Cannot use a leading .. to exit above the top directory.
at System.Web.Util.UrlPath.ReduceVirtualPath(String path)
at System.Web.Util.UrlPath.Reduce(String path)
at System.Web.VirtualPath.Combine(VirtualPath relativePath)
at System.Web.VirtualPathUtility.Combine(String basePath, String relativePath)
at System.Web.Mvc.PathHelpers.GenerateClientUrlInternal(HttpContextBase httpContext, String contentPath)
at System.Web.Mvc.PathHelpers.GenerateClientUrl(HttpContextBase httpContext, String contentPath)
at System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues)
Looking at the RequestContext, it seems that all of the request paths are correct (ie, have the rewritten values). I can't seem to figure out why it's trying to exit out of the top level directory... There's nowhere we are using .... in a path.
I've also made sure the RewriteModule is in above the UrlRouting module in IIS.
While I can step into the framework methods, I can't examine any of the local variables (either in VS or WinDbg) because it's been compiler optimized.
Any thoughts?
This is a grotesque workaround involving private implementation details, but add this:
HttpContext.Current.Request.ServerVariables.Remove("IIS_WasUrlRewritten");
This avoids the internal check done in PathHelper.GenerateClientUrlInternal to see if the request was rewritten. It's quite likely that this will break some scenarios, as hinted at by this comment in the reference sources:
// Since the rawUrl represents what the user sees in his browser, it is what we want to use as the base
// of our absolute paths. For example, consider mysite.example.com/foo, which is internally
// rewritten to content.example.com/mysite/foo. When we want to generate a link to ~/bar, we want to
// base it from / instead of /foo, otherwise the user ends up seeing mysite.example.com/foo/bar,
// which is incorrect.
Working solution is to insert the line before Url.Content/UrlHelper.GenerateContentUrl (best place is in Application_BeginRequest):
System.Web.HttpContext.Current.Items.Add("IIS_WasUrlRewritten", "false");
My answer is the result of 2 above answers (Rick Schott and Thom). Both was quite right but that didn't help.
I learned source code at https://github.com/aspnet/AspNetWebStack/blob/master/src/ of two classes (System.Web.WebPages.Utils.UrlRewriterHelper.cs and System.Web.WebPages.Utils.UrlUtil.cs) that are in my stack trace:
System.Web.HttpException (0x80004005): Cannot use a leading .. to exit above the top directory.
at System.Web.Util.UrlPath.ReduceVirtualPath(String path)
at System.Web.Util.UrlPath.Reduce(String path)
at System.Web.VirtualPath.Combine(VirtualPath relativePath)
at System.Web.VirtualPathUtility.Combine(String basePath, String relativePath)
at System.Web.WebPages.UrlUtil.GenerateClientUrlInternal(HttpContextBase httpContext, String contentPath)
at System.Web.WebPages.UrlUtil.GenerateClientUrlInternal(HttpContextBase httpContext, String contentPath)
at System.Web.WebPages.UrlUtil.GenerateClientUrl(HttpContextBase httpContext, String basePath, String path, Object[] pathParts)
There is code in System.Web.WebPages.Utils.UrlUtil.cs - GenerateClientUrlInternal method:
if (!wasRequestRewritten)
{
return contentPath;
}
// Since the rawUrl represents what the user sees in his browser, it is what we want to use as the base
// of our absolute paths. For example, consider mysite.example.com/foo, which is internally
// rewritten to content.example.com/mysite/foo. When we want to generate a link to ~/bar, we want to
// base it from / instead of /foo, otherwise the user ends up seeing mysite.example.com/foo/bar,
// which is incorrect.
string relativeUrlToDestination = MakeRelative(httpContext.Request.Path, contentPath);
string absoluteUrlToDestination = MakeAbsolute(httpContext.Request.RawUrl, relativeUrlToDestination);
return absoluteUrlToDestination;
You could see strange lines with author's comment for url rewritten paths. Also, original client path is in HttpContext.Request.RawUrl but in Url it is rewritten.
Look forward at System.Web.WebPages.Utils.UrlRewriterHelper.cs:
if (httpContext.Items.Contains(UrlWasRewrittenServerVar))
{
return Object.Equals(httpContext.Items[UrlWasRewrittenServerVar], UrlWasRequestRewrittenTrueValue);
}
else
{
HttpWorkerRequest httpWorkerRequest = (HttpWorkerRequest)httpContext.GetService(typeof(HttpWorkerRequest));
bool requestWasRewritten = (httpWorkerRequest != null && httpWorkerRequest.GetServerVariable(UrlWasRewrittenServerVar) != null);
if (requestWasRewritten)
{
httpContext.Items.Add(UrlWasRewrittenServerVar, UrlWasRequestRewrittenTrueValue);
}
else
{
httpContext.Items.Add(UrlWasRewrittenServerVar, UrlWasRequestRewrittenFalseValue);
}
return requestWasRewritten;
}
If we write dummy value to HttpContext.Items[UrlWasRewrittenServerVar] with "false" value we make skipped httpWorkerRequest.GetServerVariable(UrlWasRewrittenServerVar) != null check.
So Url.Content is working now.
Not sure if it helps but here is the code throwing the exception:
internal static string ReduceVirtualPath(string path)
{
int length = path.Length;
int startIndex = 0;
while (true)
{
startIndex = path.IndexOf('.', startIndex);
if (startIndex < 0)
{
return path;
}
if (((startIndex == 0) || (path[startIndex - 1] == '/')) && ((((startIndex + 1) == length) || (path[startIndex + 1] == '/')) || ((path[startIndex + 1] == '.') && (((startIndex + 2) == length) || (path[startIndex + 2] == '/')))))
{
break;
}
startIndex++;
}
ArrayList list = new ArrayList();
StringBuilder builder = new StringBuilder();
startIndex = 0;
do
{
int num3 = startIndex;
startIndex = path.IndexOf('/', num3 + 1);
if (startIndex < 0)
{
startIndex = length;
}
if ((((startIndex - num3) <= 3) && ((startIndex < 1) || (path[startIndex - 1] == '.'))) && (((num3 + 1) >= length) || (path[num3 + 1] == '.')))
{
if ((startIndex - num3) == 3)
{
if (list.Count == 0)
{
throw new HttpException(SR.GetString("Cannot_exit_up_top_directory"));
}
if ((list.Count == 1) && IsAppRelativePath(path))
{
return ReduceVirtualPath(MakeVirtualPathAppAbsolute(path));
}
builder.Length = (int) list[list.Count - 1];
list.RemoveRange(list.Count - 1, 1);
}
}
else
{
list.Add(builder.Length);
builder.Append(path, num3, startIndex - num3);
}
}
while (startIndex != length);
string str = builder.ToString();
if (str.Length != 0)
{
return str;
}
if ((length > 0) && (path[0] == '/'))
{
return "/";
}
return ".";
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 来,给爷笑一个 的文章《ASP.NET MVC UrlHelper.GenerateUrl exception: “Cann》','https://www.manongdao.com/article-210314.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}