Testing Application URLs in .NET

Posted by Joseph McGurkin on 10/1/2009

Application URLs

It should go without saying that SSL is a requirement anytime sensitive data is sent across the wire. All information, sensitive or not, is susceptible to being hacked when sent normally as plain text. A lot of times applications will use SSL for only a portion of the pages while the remaining pages will not use SSL. Right off the bat this means there are two URLs from which the application can be accessed. http://myapp/default.aspx and https://myapp/default.aspx, while very close, are not the same.

Another important aspect of application URLs is application location, such, as in the root i.e., http://myapp/ or a child web such as http://myserver/myapp/. Since the application destination is usually not set in stone, the application must fully support relative URLs instead of absolute.

With only a few easy steps, missing images and 404 errors can be eliminated and true SSL testing can be accomplished.

SSL

Every machine on which an application with SSL requirements is to be developed or tested should have a certificate. Testing should be done with SSL and without to ensure all URLs are functioning properly. Below are steps to create a certificate locally if a valid certificate from a trusted certificate authority is not available. These steps work for both Windows 2003 and XP.

  1. Login to the web server with admin rights
  2. Download and install the IIS Resource Tool Kit
  3. Open a command prompt and go to the C:\Program Files\IIS Resources\SelfSSL\directory
  4. Run SelfSSL.exe, this will install a certificate in IIS
  5. Open the IIS snap-in
  6. Drill down to the application requiring SSL
  7. Open the web application's properties dialog, click the Directory Security tab -> Secure Communications -> Server Certificate
  8. Chose the certificate with the name of the machine
  9. On the same security tab, click Edit
  10. Ensure Require Secure Channel is checked to force the application to require SSL.
  11. Require Secure Cannel may be left unchecked to test both HTTP and HTTPS URLs

Relative URLs

While developing in Visual Studio, a tilde represents the application root. Take for example the following URLs:

  1. /Default.aspx
  2. ~/Default.aspx
  3. /Company/About.aspx
  4. ~/Company/About.aspx

The default page is in the root of the application and the about page is down a folder. URLs 1 and 3 refer to the root web's root folder, whereas 2 and 4 refer to the applications root folder. If the application is installed at http://www.mydomain.com/, all four URLs will function properly.

If the application is installed at http://www.mydomain.com/myapp/, only 2 and 4 will function properly. These links would take the user to http://www.mydomain.com/myapp/Default.aspx and http://www.mydomain.com/myapp/Company/About.aspx. Number 1 will take the user to http://www.mydomain.com/Default.aspx and 3 would be http://www.mydomain.com/Company/About.aspx.

Developers also should not be forced to work on applications with same URLs; one developer may have it in the root while another may not. Below is a grid showing where the errors will occur.

Application Directory /Default.aspx will link to ~/Default.aspx will link to
http://myapp/ http://myapp/Default.aspx http://myapp/Default.aspx
http://www.mydomain.com/myapp http://www.mydomain.com/Default.aspx http://www.mydomain.com/myapp/Default.aspx

During development, keeping in mind these four points, http, https, root location and child location will help ensure URLs are sent to the browser correctly. No more red x's for missing images! Well, assuming we put the image in the application.