Check for missing (nonexistent / tampered) query string and redirect to a 400 BAD REQUEST page (WebMatrix / Razor syntax)

Question

I can test query strings parameters:

Request.QueryString["value"].IsEmpty()
Request.QueryString["value"].Isint()
Etc.

But how can I avoid that there is no query string at all ? In other words, I want to prevent users to access the root of each folder or subfolder.

    http://localhost:16838/auth/provider.cshtml

instead of:

    http://localhost:16838/auth/provider.cshtml?providerId=7

If I remove the query string (up to the page extension), I get a cannot perform runtime binding on a null referenceerror since the next part of the code is still executed.

Instead, I would like the user be redirect to a 400 BAD REQUEST:

The request could not be understood by the server due to malformed syntax.
The client SHOULD NOT repeat the request without modifications

JDwyer · Answer 1 · 2012-09-27T18:41:26.163

1

if you want to make sure there is no query sting value at all you could check Request.ServerVariables["QUERY_STRING"]

http://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables.aspx

But, most likely you want to be checking individual values and you should be able to do this:

if(Request.QueryString["key"] == null || Request.QueryString["key"].IsEmpty()) 
{
  // redirect
}

edited Sep 27 '12 at 18:41

answered Sep 27 '12 at 18:05

JDwyer

844
5
8

In fact, it is the contrary (sorry, I reformulated my question that was, I must admit, ambigous): I want to be sure that there is ALWAYS a query string and PREVENT users to access root folders or subfolders by removing the query strings from the URL. A the moment, if they do it, they get a "cannot perform runtime binding on a null reference" error. I tested already if(Request.QueryString["key"] != null but it didn't help. I think it is because the string is not even null but simply doesn't exist (no ?). I saw something in ASP.Net (isNothing) but couldn't find an equivalent for WebMatrix razor. – user1455103 Sep 27 '12 at 18:55
.IsEmpty() has an error. What library should I import? – SearchForKnowledge Nov 19 '14 at 14:17

score 0 · Accepted Answer · answered Sep 27 '12 at 19:21

Users can't "access the root of the folder" by omitting a querystring value. All that will happen if they request http://localhost:16838/auth/provider.cshtml instead of http://localhost:16838/auth/provider.cshtml?providerId=7 is that any code that relies on Request["providerId"] having a value will likely blow up.

If you want to test if a query string value exists, you only need to use IsEmpty():

if(Request["providerId"].IsEmpty()){
    //the value is missing. Redirect ot a safe page or provide a default value
} else {
    //run your code
}

Found my error. In HTML section, missing variable to prevent unexistent data display -> if(Request["providerId"].IsEmpty()){tampering = true + ModelState.AddFormError(bla bla} / in HTML if (tampering) {@Html.ValidationSummary()) else {display data} — user1455103, Sep 28 '12 at 12:16

Check for missing (nonexistent / tampered) query string and redirect to a 400 BAD REQUEST page (WebMatrix / Razor syntax)

2 Answers2