How To Set "cookieName" Attribute Of The "sessionState" XML Element In Web.config Programatically
Aug 11, 2010
Multiple applications are sharing the same session cookie at the moment and I don't want this to be the case, however, I would like to set the value in code rathr than hardcode a value using the web.config.
I'm managing a rather large project, written in asp.net webforms + mvc3, with a large user base, and a pretty high daily visitor count. Basically, there are a lot of requests at any given moment.
One of my controllers in MVC that handles / resizes images on the fly has the following attribute applied to it:
[SessionState(SessionStateBehavior.Disabled)]
Now, if an action in the controller tries to access the session - it obviously throws an exception - so we're good so far. The problem is: if I go to the IIS Worker Processes window (Win Server 2008 R2, IIS 7.5), and check the current requests for this site, I can sometimes see the requests to an action in this controller. Their current state is locked in State: RequestAcquireState, Module Name: Session. Sometimes these locks go over a second or two in this state.
Wasn't the whole point of the attribute in the first place to make the requests to the controller ignore the state, and not waste time (and possibly being locked) trying to acquire the state? If this is so - am I doing something wrong here, or does the problem lie elsewhere?
I created a simple Master Page in Visual Studio 2008:
<%@ Master Language="VB" CodeFile="MasterPage.master.vb" Inherits="MasterPage" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
and got green underlined 'Master' with two warning messages: 1.Validation (ASP.NET): This attribute name must be followed byan equal (=) sign and a value. If the value is in quotation marks, the quotation marks must match. 2. Validation (ASP.NET): Attribute 'Master' is not a valid attribute of element 'Control'.How I can get rid of the messages?
I'm looking at an asp.net application, i notice that there are assemblies defined into two places. In web.config there is configuration/system.web/compilation/assemblies/add elements. In the project file there are references setup under the Project/ItemGroup/Reference elements.
I was wondering, what is the difference between assemblies/references added in either location?
I am trying to config my application to use out-of-process sessionState.
<sessionstate mode="stateserver" cookieless="false" timeout="20" sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>" server="127.0.0.1" port="42424" />In my web.config I get errors for the server and port attributes, telling me that server attribute is not allowed and port attribute is not allowed.
I have a dropdown list in my webform and want to make that dropdown required in one form and optional in another form based on some conditions. My mark up for that is
I changed my application to use "InProc" sessionState instead of "Off" because I need to preserve user selected language from page to page doing localization.n web.sitemap I have this line:
which before I changed sessionState to "InProc" worked as supposed to: menu item "Administrator" appeared as a menu choice only when user had logged in with admin rights. Now this menu choice is present for every user.
i'm interested to do the following - i geuss, i have no option to do that:
we have our "mainapplication" on a DB; we are tracking user-login status by switching a bit in the DB in the users data row.
we hvae a second application, the backend, which is the administration tool.
(the applications are put in seperate diretories on HD)
sometimes, we need to block/ban users. in some cases the users are logged in, when we "see them in action".
i'd like to build a button in the backend-application, which logss-out the user from the mainapplication.
for sure: i can access the same DB and switch the bit to "know" he's offline, but this will not kill the session on the mainapplication.
because: if a user is on/offline is also indicated by the session in the IIS. and as the IIS-session is active, the user may be already banned - but he will not be logged out automatically (and showing something like "you have been logged out because of a ban) one option would be to call the DB by each page-load to find out, if the user is logged on.
An error occurred during the processing of /_layouts/MyPage/Info.aspx. Literal expressions like '<%$Resources:wss,okbutton_accesskey%>' are not allowed. Use <asp:Literal runat="server" Text="<%$Resources:wss,okbutton_accesskey%>" /> instead
That doesn't work in this situation as that would mean nesting the Literal between the quotes of the accesskey attribute, which causes a "The tag contains duplicate 'ID' attributes" error.
Is there a way to use a string from a resource without having to change the input to an asp:Button? I guess there has to be a way using <%=, but I don't know how I would address the resource itself?
I have a VS 2003 Web app that I'm creating. I'm using a Panel control and I'm trying to apply a CSS class to this panel. However, when I try coding the following statement
<asp:Panel class="pnl2" runat="server">
it doesn't like the "class" attribute saying "could not find any attribute 'class' of element panel"? I'm used to using VS 2005 and higher and haven't seen this before. What am I doing wrong?
I'm new to ASP.NET and MVC in particular. Now, I'm trying to understand if I can easily get values of custom attributes of submitted data. For example, When writing something like this inside a form (which works and posts and I can get the checkbox value) <%= Html.CheckBox("cb1", new { listen = "listen:6" }) %> Can I get the value of "listen" directly or do I need JS? (I know I can just use hidden fields, but I'm I'm asking anyway)
i have a web application and i need multiple wb.config files for different settings.
how can i reference to a web.config file programatically at run time.
suppose if Request.QueryString("1") then settings of web.config1 should be applied and if Request.QueryString("2") then another web.config file 's settings should be applied.
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx this tells me to add a domin attribute like below <forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/> but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
I want to be able to determine if the web.config element <compilation defaultLanguage="vb" debug="false" /> if the property is debug is set to true or false. Public Shared Function isDebug() as Boolean
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
I am migrating from IIS6 to IIS7, and IIS6 was fine with this. I already made one change (system.web to system.webServer) and I don't know what's wrong with it now.
I'm creating a MVC application where the first item in the Url is a parameter (location) - not a controller or action. So my routes look like {location}/{controller}/{action}
There are items that require authorization to access so the person needs to login. But how can I set up my loginurl so that I can reflect this set up : {location}/account/login
It seems you can't add parameters like this to the loginUrl attribute in the web.config, so how would I got about setting something like this up?
what exactly the batch debug option in web.config (attribute) does? I can tell it debugs in batches ( >1) but I cannot find anymore background info on this setting.
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2. I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
We would like to add styles and images to location, e.g. location path="images, styles". Is it possible to put multiple paths in location element (and how)?
I'm having some trouble setting the ExecutionTimeout element in my applications web.config. My page is making a lengthy webservice call and times out after 110 seconds. (the default I believe). I set the value to 220, and make sure the compilation debug=false.
Does the compilation setting refer to when IIS/ASP.net compiles the ASPX pages when a client requests them, or does it refer to the visual studio compile process there the assemblies are created. Would using an assembly built using debug in visual studio still allow the above settings to work?