Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN Removes query string variablesDNN Removes query string variables
Previous
 
Next
New Post
9/24/2009 11:00 AM
 
tim kauffman

Joined: 8/25/2003
Posts: 30

So, I have links from an Excel spreadsheet into a dnn site (4.9.3).  The links contain extra query string variables for a custom module, but the custom module doens't do any url rewriting and this issue can be reproduced on a page with just a Text/HTML module, or even no module.  This also happens whether Friendly URLs are turned on or off as well.

The issue is, if the page is protected by a security role for viewing (registered users, for example), the initial click of the link from the spreadsheet will cause DNN to display the login page, along with the url redirect (the original url, with query string variables in tact) and once logged in, will redirect to the appropriate page with the original url in tact (all query string variables) and as expected.

However, any subsequent clicks on any links in the spreadsheet, which open a new tab (ie 7), will have any additional query string variables stripped from the url.  The original user is still logged in because the tab recognizes the earlier session and login, but the URL is no longer in tact.  On the other hand, if the target page has view permissions for All Users, the query string variables stay in tact for all requests.  These scenarios are easily recreated by setting up two separate pages, one with view perms for registered users and one with view for all users.  Then, open Excel and create links to each page and add some random query string variables. 

The problem this causes is that you cannot view protect a page and access it from a non-DNN link without logging in everytime, or actually, logging out, then logging back in every time.  Any insight as to why this is happening and how it may be address would be greatly appreciated!
 
New Post
9/24/2009 11:49 AM
 
Robert J Collins


www.netlogiccorporation.com
Joined: 9/26/2003
Posts: 1021

What module are you using to access the document?  It is the HTML module and a direct link or another module? 

The way to work with DNN queries is to play using the DNN Game Book.  So if you are writing a module (developing the software) you must use the NavigateUrl() method to create the link, this will make sure you have everything in the right place and will not get stripped.  If however you are doing a direct URL you need to make sure you are formatting it per DNN:  I.e. Rather than site.com/something/tabid/36/default.aspx?myParam=Something, you want to do something like site.com/something/tabid/36/myParam/Something/default.aspx. 

Hopefully the above will help, if I am missing the mark, please answer the questions above and provide more details/examples.
 

Best Regards,

Robert J Collins | Co-Founder & President

Netlogic Corporation

 
New Post
9/24/2009 2:24 PM
 
tim kauffman

Joined: 8/25/2003
Posts: 30

Hi Robert,
Thanks, but you're missing the point...  I'm not using any module to access any documents and I'm not using any custom code whatsoever to replicate the problem.  Here is how this can be replicated:

  • create a page visible to All users
  • create another page visible to Registered Users
  • Open Excel and type in the URL to the page that is visible to All Users, and add some query stuff to it (like default.aspx?id=12345&abc=123)
  • make sure you have explicitly logged out of the portal and close all browsers
  • click on the link in the Excel sheet to the page visible to All Users with the extra query string stuff.  You will be taken to the page correctly and the original URL will be in tact (the query string stuff is still there).  This what one would expect...  this is what we WANT to happen in the next scenario, but it doesn't...
  • make sure you're still logged out and close all your browsers again
  • in Excel, type the URL to the page that is visible only to Registered Users and add some query string stuff just like you did above
  • click on the URL in Excel and you will be taken to your portal and presented with a login screen.  The url in the address bar will look similar to this:
    Default.aspx?tabid=58&ctl=Login&returnurl=%2fdnn%2fCallCe...
    You should notice that the returnurl query string variable has your original url, complete with the query string variables you added
  • When you login, you are redirected back to the original url from the Excel sheet, complete with the query string variables you added. This is good and is what we expected to happen.
  • Now, without logging out and without closing your browser (I'm using ie7 and have tried with FF, both work the same), click on the url in the Excel sheet again.  This should open another tab in the same browser.  However, the url will NOT contain any of the query string variables you added.  This will happen on every click from the Excel document into the security role protected page while you are logged in.  The same behavior happens with Friendly URLs turned on or off (in which case, only the tabid variable is left in tact.).  This is the behavior that is unexpected and in my mind not good because, in order to protect a page that could be accessed from elsewhere using a security role, you have to explicitly login (or log out, then login again) to maintain the query string variables.

Hope that makes sense and that someone has a reason for this behavior or a solution to it...
 
New Post
9/24/2009 3:11 PM
 
Robert J Collins


www.netlogiccorporation.com
Joined: 9/26/2003
Posts: 1021

I have tried to reproduce this in several different production DNN Portals and using Excel 2007 with no success. I have tried it in an older DNN 5.0.1 version and a DNN 5.1.2 version and I cannot reproduce the issue you are having. 

What version of DNN are you using?

What version of Excel are you using?

Also, to clarify, you have tried formatting the URL like: site.com/tabid/36/myItem/Something/default.aspx and that also had the issue?
 

Best Regards,

Robert J Collins | Co-Founder & President

Netlogic Corporation

 
New Post
9/24/2009 10:27 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

It's also not happening for me, perhaps it's something particular to your setup/site. I recommend you download fiddler (http://www.fiddler2.com/fiddler2/). This will allow you to see the requests and see if theres a hidden redirect happening or if the request string is being truncated before it makes it to DNN.

Cathal

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN Removes query string variablesDNN Removes query string variables


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out