in

ASP.NET Weblogs

This Blog

Syndication

Tags

ASP.NET sites that kick ass

Pals with blogs

Podcasts I listen to

Jason Salas' WebLog

On-air and online: making people laugh, making people think, pissing people off

URL rewriting and passing variables, sans the visible query string

In a blog post I did last December, I mentioned how the new trend for advanced web development seems to be migrating away from visible query string name/value pairs, towards IDs and keys included within the URL itself.  This got a lot of great exposure, and correlated with the thoughts and code of ASP.NET community heavy-hitters like Steve Smith, Scott Mitchell and Rob Chartier, whose respective takes on performing progressive URL surgery can really make a site work better, as far as user psychographics are concerned.

My basic premise was from a usability standpoint, its ugly as sin to have so many variables and appended values, ampersands and question marks.  Others have since chimed in with the security benefits/risks of embedding values within the URL directly.  Granted, no self-respecting ASP.NET dev would hard-code in username/password combinations directly into the URL, but it's certainly possible.

For example, here's the canonical example of how employing the URL rewriting features baked right into the .NET Framework can help:

User-Visible URL
------------------------
http://bogusphonedirectory.com/8675309


Actual URL loaded by browser
-------------------------------------
http://bogusphonedirectory.com/get_resident_phone_number?id=8675309

This really caught on like wildfire throughout the ASP.NET community once articles and evangelism started about the topic.  I'd like to add a corollary now, in that one of the benefits of investing in the time and developmental practice to do URL rewriting properly through Context.RewritePath()/Context.RewriteUrl() is that so many more variables can now be passed to the calling page via the query string, being free (and arguably safe) from snooping eyes:

Actual URL loaded by browser w/additional variables
----------------------------------------------------
http://bogusphonedirectory.com/get_resident_phone_number?id=8675309&monthFilter=4&city=losangeles&attendant=tommytutone

This may be a “like, D-UH!“ factor to experienced developers, but is something I've seen many people neglect in their application design.  This really opens up a new galley of possibilities for developers.

Published Jul 07 2004, 10:13 AM by guam-aspdev
Filed under:

Comments

 

Scott Allen said:

What do you think of using Context.Items versus query string parameters? For example, a class with ID, MonthFilter, City, and Attendant properties that is instantiated and put in the Items collection for the detination page to retrieve?
July 7, 2004 10:55 AM
 

nvbnvbn said:

vbnvb
July 29, 2004 7:22 AM

Leave a Comment

(required)  
(optional)
(required)  
Add
Terms of Use