Saturday, May 25, 2013

ISD Code Customization Tips, Part III: Avoid Reading QueryString Directly


ISD makes it trivial to implement URL parameter encryption. All you need to do is to tick a checkbox in application generation options. This is extremely helpful in scenarios when you need to turn on/off the functionality in the middle of your development. For example, your client requests to add URL encryption at the last minute before you are ready to release the application. Another scenario is that you had encryption turned on from the beginning of your project. In order to track a tricky bug, you turned encryption off temporarily. After the bug was fixed, you turned encryption back on.

However, if you read URL parameters directly in your customization code, like this,
string companyId = Page.Request.QueryString["CompanyId"];
you lose all the flexibility and convenience ISD provides. That's because ISD adds/removes encryption-related code only in auto generated section II. It does not touch custom code in section I. Therefore, it is your responsibility to switch on/off encryption in section I.


In order to read URL parameters in section I custom code without losing the encryption on/off flexibility, you can use URL( ) formula function, like this,
string companyId = EvaluateFormula("URL(\"CompanyId\")");
Formula function URL( ) automatically decrypts parameters if URL encryption is turned on. 


John said...
This comment has been removed by a blog administrator.
John said...

This also works and is simpler:

string companyId = FormulaUtils.URL("CompanyId");