Remove file extensions in URL asp.net

Question

I'm currently using URL Rewriting in my website.

If the URL is www.mywebsite.com/orders/Default.aspx?id=100

It makes the Url as www.mywebsite.com/orders/100

If some one tries to hack the URL and enter unknown values I redirect to Home page

Now what I need is, If some one try to hack the URL and add extensions like .aspx,.jsp,.html,.html, ....

for ex: www.mywebsite.com/orders/100.aspx (After Hack).

I want to remove those extensions and take the query string as www.mywebsite.com/orders/100 only and process it.

I saw this type of behavior in StackOverflow.

Can I achieve this? If YES How ???

http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx — m4ngl3r, Nov 09 '12 at 06:55
@m4ngl3r This link does not contain answers for my question. It just says methods of URL Rewriting. — Krishna Thota, Nov 09 '12 at 07:06
You may have to install a rewrite module in IIS and then set it in web.config. — Anish John, Nov 13 '12 at 09:49

score 0 · Answer 1 · edited May 23 '17 at 12:18

Something like you have to configure in the web config file

<rewrite>
        <rules>
            <rule name="RewriteASPX">
                <match url="(.*)" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}.aspx" />
            </rule>
        </rules>
    </rewrite>

This was taken from following links

Remove HTML or ASPX Extension

Remove file extensions in URL asp.net

1 Answers1