Checksum and URL linking

Jul 12, 2013 at 8:33 AM
Hi Graham,

Still using the framework :)

I have noticed that when I turn on the NavigationShield and try to link directly to a route, an exception is thrown.

Is there a way around this?

I would like to use routes AND checksum.

It is a requirement for direct linking (e.g. http://website/updates/new) and without the checksum, the url is seen as invalid. Can we turn off checksums for certain pages?
Jul 12, 2013 at 5:41 PM

I'm chuffed you're still using the framework and even more chuffed you're still asking me questions.

I'd avoid checksumming Urls unless you really, really have to. One of the ingredients of a good Url is that a user can understand it and therefore can change it. As long as you've got robust validation on the server side there should be no need to make Urls tamper-proof.

However, if you still want to checksum then you could create a custom Shield inheriting from ChecksumNavigationShield. It would ensure all generated Urls are checksummed but would also let non-checksummed Urls through for certain States. It would look something like:
using Navigation;
using System.Collections.Specialized;

namespace NavigationSample
    public class CustomNavigationShield : ChecksumNavigationShield
        public override NameValueCollection Decode(NameValueCollection data, bool historyPoint)
            //Let through Urls if in the "ListUpdates" State
            if (StateContext.State.Key == "ListUpdates")
                return base.Decode(data, historyPoint);
            return data;
And you need to register it in the Web.config.
    <sectionGroup name="Navigation">
        <section name="StateInfo" type="Navigation.StateInfoSectionHandler, Navigation" />
        <section name="NavigationShield" type="NavigationSample.CustomNavigationShield, NavigationSample"/>
    <StateInfo configSource="StateInfo.config" />
    <NavigationShield key="checksumkey"/>
Jul 16, 2013 at 6:11 AM
Thanks Graham. I have dropped the URL checksumming in favour of a redirect if the server validation fails.