.net - Using Http Module For Authorization AuthorizeRequest Or BeginRequest?
May 26, 2010
I have a wap site with susciription and I want to check if users are authorized to see some pages. I have decided to use http module. Should I use AuthorizeRequest or BeginRequest to check the users status? and why?
i redirect a page from http to https using http module begin request handler .i am calling webservice using ajax but it is saying webserice not defined .which otherwise works fineits work fine when rediect page in page_load instead .but i need to add function for https to http in every page. i still not know why ajax is not working when i use http module for redirect
I'm trying to create an HTTP gzip/deflate module, but when I'm trying to get the Accept-Encoding header it returns null, I tried in IE8, FF, Chrome and Opera.
I have a HTTP module that I have written that needs to access the session. I have done the following:Module is registered in web.config Module attaches my method call to the PostAcquireRequestState event The module implement IRequiresSessionState However, when my page doesn't have an extension (i.e. as when htp://www.mywebsite.com) the session is not available and my code fails. If the page does have an aspx extension then all is ok.
I'm trying to install asp.net http module on my hosting server wich i don't control, ( it has asp.net 4.0 frameworkd and IIS v7.5 installed ). so far i compiled locally my module.cs file (i compiled it with visual studio 2010 Publish Web option)
using System; using System.Collections.Generic; using System.Linq;[code]....
and than nothing happened. what's wrong with it, how to debugg it?
EDIT: just found out that im running in classic mode. and it works fo web.config corrected for that mode.
Can anyone tell me if there is a way to convert all URL's to lowercase using an Http Module for URL rewriting? For example www.homeforhire.com/Home.aspx should be converted to lowercase.
I cannot use the IIS7 URL Rewriter because I need to perform database lookups as part of my URL rewriting.
I have researched this extensively but have not had any luck finding a solution.
The only alternative I can think of is to use a dynamically created canonical link in my page headers.
Our site uses urlRewriter http module that does the url rewriting for us. I want to create another http module that will handle our customize URL redirects. Now I want this new customize http module to be call before the UrlRewriter module (to avoid page not found messages the UrlRewriter generates). Is there a way we can contol the calling order ?
I have come across this question several times, you need to do some performance testing (request process times, load times, etc) or track unhanded exceptions. The answers usually come down to writing a HTTP Module, hook into specific events and log them somewhere, or use the built in health monitoring?
Why would we use one over the other? What are the pros and cons?
I have web services built with ASP.NET and ASP.NET clients consuming them. When consuming the webservices, how would I to force the clients to use https?
I don't want to force the whole site to use https by turning on require SSL in IIS.
Can I use the IIS7 URL rewrite module to re-route http requests to https?
I have an ASP.NET web forms site using Master Pages. It is using Unity as my IoC container. I have created an HTTP Module to build up the container using a couple of tutorials i found online. I need the dependency injection to work for User Controls and the only way i was able to get this to work was to hook into the Pages PreInit event as can be seen from the code below.
[code]....
I also have autoeventwireup set to true on the pages and master page. Can anyone shed any light on why the events are not firing? Is my Unity http module causing this to happen by dropping the event wiring? I can get this to work no problem in a basic example with no IoC involved.
I am making a Http Module for authentication in my web application in asp.net 2.0. When the AuthticateRequest event is fired then I get the userid and password values from current request. But Every time I am getting null in both. My code is here
I am writing a custom HTTP module to implement user authentication and appropriate access rights. And for identifying access rights for the user also depends on identifying the client's machine details like IP address, machine name, etc. The access rights will depend based on from which location or machine the user is trying to login.
Can we get these details from the HttpApplication or HttpContext object?
For example when a user enters www.homeforhire.com they should be redirected to default.aspx (for operational reasons the user is then redirected to www.homeforhire.com/home.aspx).
Instead an error is caught in the Rewrite module (which should not be activated). I am using an http module to perform URL rewriting.
It appears as if the default document setup is not working correctly, and the requested page ~/ is being sent to the Rewrite module, causing an error (which is then caught by my error handler and the user is redirected to the home page).
Entering www.homeforhire.com/default.aspx works correctly.
Can anyone tell me why the default document settings in the web.config do not appear to be working?
as it uses the relative path the http module is unable to understand the path and throwing following error
The file '/Root/Pages/Master/Site.Master' does not exist.
error occurred during the parsing of a resource required to service this request. review the following specific parse error details and modify your source file appropriately.
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Does BeginRequest and EndRequest for an ASP.NET HttpApplication always occur on the exact same thread for a given HTTP request from a client?The reason I ask is that I am seeing some very strange behavior where a ThreadStatic variable is not null inside of an Init method for an IHttpModule. I set this ThreadStatic variable to a value on BeginRequest and null it on EndRequest.
However, my IHttpModule Init method should be called outside of the BeginRequest/EndRequest period, so the only way I can think of that this ThreadStatic variable would have a value when my Init method is called is if EndRequest occurs on a different thread than BeginRequest and thus the value is still not null later on when ASP .NET tries to use that same thread to create a new HttpApplication instance...
I am writing a quick-and-dirty in-house ASP.NET application that needs to be able to run a task after a specific period of time. If it was a proper application, I'd probably use a windows service but I don't really want to bother with the extra complexity of that.I could put code in the BeginRequest handler to check whether any such tasks are due, but of course nothing would happen if nobody is using the application.at the moment the best option I can think of is something like ShellExecute("nohup sleep 1000; wget http://server/dummypage.aspx") (if you'll excuse the mixed windows/unix nomenclature).
I was under the impression that static files (CSS, images, @font-face files, etc) bypassed ASP.NET completely, and were served directly by IIS. However, my BeginRequest event handler is being called for every HTTP request, including those for static files. This concerns me because I'm creating an Entity Framework data context to be used for the lifetime of each request in that event handler. I don't want to create those contexts if they're never going to be used.
I'm using IIS 7 on Windows 7 Ultimate with so special handler mappings defined. Do I have it wrong? Should these events be firing?
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.