Another option for checking for canonicalization issues with ASP.NET
We all are aware about canonicalization issues with ASP.NET and know that the ASP.NET team is continuing to work on this problem. I my past posts, I had posted one of the options suggested by Microsoft to get rid of it.
One of te options is to add code to global.asax.
To use this option, add one of the following code samples to global.asax:
Global.asax code sample (Visual Basic .NET)
Sub Application_BeginRequest(Sender as Object, E as EventArgs)
If (Request.Path.IndexOf(chr(92)) >= 0 OR _
System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
End If
End Sub
Global.asax code sample (C#)
void Application_BeginRequest(object source, EventArgs e)
{
if (Request.Path.IndexOf('\\') >= 0 ||
System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath)
{
throw new HttpException(404, "not found");
}
}
Another option is to install the HTTP Handler
Microsoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.
You can download VPModule.msi at
http://www.microsoft.com/downloads/details.aspx?familyid=DA77B852-DFA0-4631-AAF9-8BCC6C743026&displaylang=en