Using the Query string hashing

Pedro Costa asked on July 9, 2015 18:35

Hi Guys,

I have this small project http://airsoft.pmcosta.pt/ it's a directory of Airsoft playing teams in Portugal, this was a great opportunity to test a few Kentico things.

Specifically the Bizforms, data is driven from a Bizform index, and users are able to add the details correctly. I've also built a Search Results driver Google Map web part.

My frustration now is trying to allow users to edit their records.

I though about using https://docs.kentico.com/display/K81/Query+string+hashing so I can send a unique url to the user that added the original record, e.g. http://airsoft.pmcosta.pt/edit.aspx?id=123&hash=1233434343 if the user attempts to access another id's record it will fail cause the hash won't match.

However I can't get the validation to work properly, it's always false, as a test I built the query string as such:

QueryHelper.BuildQueryWithHash(false, "ID", "75")

that returned me:

?ID=75&hash=50d53fc4864db2b4b7e4793e2c5bcc00f455f952438bb4fe526cc1aaaa9f7879

i then visit the url using the exact query above but on the custom web part (clone of On-line form) when I use

QueryHelper.ValidateHash("hash", settings: new HashSettings { Redirect = false, UserSpecific = false })

in the SetupControl it is always false! it's driving me crazy...

Can anyone help? I maybe missing something simple, but I've checked everything CMSHashStringSalt is there since the beginning.

Thanks, P.

Correct Answer

Juraj Komlosi answered on July 10, 2015 10:28

Hi Pedro,

I have tried to reproduce your scenario and you are right the hash validation always fails. There is one thing missing which is not clear that it has to be done. If you try to validate hash in web parts, you have to exclude query string parameter "aliaspath" in ValidateHash method. Aliaspath parameter is used by URL rewriting engine. I am in touch with development team responsible for document URL rewriting and we are looking for solution.

For now, there is a simple workaround you can use. Instead of: QueryHelper.ValidateHash("hash", settings: new HashSettings { Redirect = false, UserSpecific = false }) call the same method with excludedParameters parameter like this: QueryHelper.ValidateHash("hash", "aliaspath", settings: new HashSettings { Redirect = false, UserSpecific = false })

I hope it will work for you.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Pedro Costa answered on July 10, 2015 11:19

Thank you Juraj, that worked :)

0 votesVote for this answer Mark as a Correct answer

Pedro Costa answered on July 10, 2015 11:37

Hi Juraj,

Sorry, one final question, is there a macro method/implementation for QueryHelper.BuildQueryWithHash or should we implement our own? I couldn't find any reference to a QueryHelper macro on any of the documentation.

Thanks, P.

0 votesVote for this answer Mark as a Correct answer

Juraj Komlosi answered on July 12, 2015 10:30

Hi Pedro,

I am afraid there is no such an implementation. You have to create a custom macro to achieve the same functionality. I would recommend to follow our documentation - Registering custom macro methods - to do so.

Best regards.

0 votesVote for this answer Mark as a Correct answer

Aaron Hayon answered on January 19, 2016 13:51

Juraj,

Do you know if this issue has been resolved? When I exclude the alias path I get a message on the screen stating "The object does not exist. It may have been deleted by someone else". When I remove the query strings, the page displays correctly.

Thanks.

Aaron

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.