Welcome Sign in
Visual Studio 2008 Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Visual Studio 2008
Visual Studio
 How to: Retrieve Query String Infor...
This page is specific to
Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:
.NET Framework Developer's Guide
How to: Retrieve Query String Information in a ClickOnce Application

Updated: October 2008

The query string is the portion of a URL beginning with a question mark (?) that contains arbitrary information in the form name=value. Suppose you have a ClickOnce application named WindowsApp1 that you host on servername, and you want to pass in a value for the variable username when the application launches. Your URL might look like the following:

http://servername/WindowsApp1.application?username=joeuser

The following two procedures show how to use a ClickOnce application to obtain query string information.

ms172242.alert_note(en-us,VS.90).gifNote:

You can only pass information in a query string when your application is being launched using HTTP, instead of using a file share or the local file system.

The first procedure shows how your ClickOnce application can use a small piece of code to read these values when the application launches.

The next procedure shows how to configure your ClickOnce application using MageUI.exe so that it can accept query string parameters. You will need to do this whenever you publish your application.

ms172242.alert_note(en-us,VS.90).gifNote:

See the "Security" section later in this topic before you make a decision to enable this feature.

For information about how to create a ClickOnce deployment using Mage.exe or MageUI.exe, see Walkthrough: Manually Deploying a ClickOnce Application.

ms172242.alert_note(en-us,VS.90).gifNote:

It is not possible to pass command-line arguments to a ClickOnce application. If you want to supply arguments to the application, you must deploy it over the Web and supply query string parameters in the URL.

To obtain query string information from a ClickOnce application

  1. Place the following code in your project. In order for this code to function, you will have to have a reference to System.Web and add using or Imports statements for System.Web, System.Collections.Specialized, and System.Deployment.Application.

    Visual Basic
    Private Function GetQueryStringParameters() As NameValueCollection
    Dim NameValueTable As New NameValueCollection()

    If (ApplicationDeployment.IsNetworkDeployed) Then
        Dim QueryString As String = ApplicationDeployment.CurrentDeployment.ActivationUri.Query
        NameValueTable = HttpUtility.ParseQueryString(QueryString)
    End If

    GetQueryStringParameters = NameValueTable
End Function
    C#
    private NameValueCollection GetQueryStringParameters()
{
    NameValueCollection nameValueTable = new NameValueCollection();

    if (ApplicationDeployment.IsNetworkDeployed)
    {
        string queryString = ApplicationDeployment.CurrentDeployment.ActivationUri.Query;
        nameValueTable = HttpUtility.ParseQueryString(queryString);
    }

    return (nameValueTable);
}

  2. Call the function defined previously to retrieve a Dictionary of the query string parameters, indexed by name.

To enable query string passing in a ClickOnce application with MageUI.exe

  1. Open the .NET Command Prompt and type: 

    MageUI

  2. From the File menu, select Open, and open the deployment manifest for your ClickOnce application, which is the file ending in the .application extension.

  3. Select the Deployment Options panel in the left-hand navigation window, and select the Allow URL parameters to be passed to application check box.

  4. From the File menu, select Save.

ms172242.alert_note(en-us,VS.90).gifNote:

Alternately, you can enable query string passing in Visual Studio. Select the Allow URL parameters to be passed to application check box, which can be found by opening the Project Properties, selecting the Publish tab, clicking the Options button, and then selecting Manifests.

When you use query string parameters, you must give careful consideration to how your application is installed and activated. If your application is configured to install on the user's computer from the Web or from a network share, it is likely that the user will activate the application only once through the URL. After that, the user will usually activate your application using the shortcut in the Start menu. As a result, your application is guaranteed to receive query string arguments only once during its lifetime. If you choose to store these arguments on the user's machine for future use, you are responsible for storing them in a safe and secure manner.

If your application is online only, it will always be activated through a URL. Even in this case, however, your application must be written to function properly if the query string parameters are missing or corrupted.

Allow passing URL parameters to your ClickOnce application only if you plan to cleanse the input of any malicious characters before using it. A string embedded with quotes, slashes, or semicolons, for example, might perform arbitrary data operations if used unfiltered in a SQL query against a database. For more information on query string security, see Script Exploits Overview.

Date

History

Reason

October 2008

Added note about HTTP and added code requirements.

Customer feedback.

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker