I have written a HttpModule for our site which generally accepts requests and checks for specific file extensions as well as the value of a specific session variable. Is it possible to detect the first request in a session?
View 1 Replies
We're trying to implement functionality that intercepts, inspects, and alters if needed data in the Request.QueryString and Request.Form collections.
Since Request.QueryString and Request.Form are readonly, is it possible to use a HttpModule to do this without Reflection or Response.Redirect?
We're thinking that we can construct a new HttpRequest, and replace the original one. Would there be any implications in doing this?
I know mocking this object is impossible without using HttpRequestWrapper, but wasn't sure whether ASP.NET sets other things beyond the constructor.
I have an HttpModule which is used to dynamically compress content from an ASP.NET (MVC3) web application. The approach is very similar to the CompressionModule in this article (where the module applies a GZip filter to the HttpResponse and sets the correct Content-encoding header).For one reason and another, this needs to run in classic mode, not integrated pipeline mode.
The problem I've got, is that on some servers that have IIS compression enabled, IIS compresses the content and then my module compresses that. The upshot is that I get content compressed twice, with an encoding:
Content-encoding: gzip,gzip
one from IIS, and one from this line in my code:
httpResponse.AppendHeader("Content-encoding", "gzip");
Does anyone know a way, in classic mode, that I can check to see if the content is already compressed, or if compression is enabled on the server, in order to bypass my own compression?In pipeline mode, this check is as simple as
if (httpResponse.Headers["Content-encoding"]!= null)
{
return;
}
i.e. check if anything has already set a content-encoding and if so, do nothing.However, I'm stumped in classic mode. Unfortunately, accessing HttpResponse.Headers is not allowed in classic mode, so I can't do my barrier check.
I want to save each request to the website. In general I want to include the following information: User IP, The web site url, user-if-exist, date-time. Response time, response success-failed status. Is it reasonable to collect the 1 and 2 in the same action? (like same HttpModule)? Do you know about any existing structure that I can follow that track every request/response-status to the website? The data need to be logged to sql server.
View 3 RepliesHere is my implementation of HttpModule:file with module:
public class HttpModuleRewriter : IHttpModule
{
#region IHttpModule
[code]...
Is there no way to detect if the current request is being mapped via ASP.NET 4.0 URL routing?
I have an HTTP module that handles the application's BeginRequest event. I have found that this handler is called for all file types, including CSS, JS, image files, etc., and I just want to perform an action if the target file is an ASPX page.
In the case of routed pages, all the properties of the HttpRequest object reflect the requested URL, and not the ASPX page that the request is being mapped to. How can I determine if the request will be handled by an ASPX file?
the purpose of this HttpModule? It's showing up on my HttpModuleCollection list, but I don't know what's it's for.System.ServiceModel.Activation.HttpModule
View 3 RepliesI am trying to detect a session state timeout in my asp.net application and am unable to do so. I have a base class that derives from System.Web.UI.Page as follows:-
public class BasePageSessionExpire : Page
{
override protected void OnInit(EventArgs e)
{
base.OnInit(e);
if (Context.Session != null)
{
if (Session.IsNewSession)
{
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") > 0))
{
Session.Abandon();
Response.Redirect("~/SessionExpired.aspx",true);
}
}
}
}
}
All the pages I need session state checking on derive from this base class instead of "System.Web.UI.Page". Also, all these pages have EnableSessionState="True". I have a blank Session_Start() method in my global.asax file if that is relevant at all.
For some reason after the first request, the "Session.IsNewSession" property is always false. It is true only for the first request and then is always false. I have my timeout set to 1 minute. The session never seems to timeout. What am I missing here ?
Also I have implemented a state server in SQL Server 2008. This is not an in-proc session state implementation.
I am creating a web application using ASP.Net. I am using session in my application.
There is one scenario where I am trying to access session variable through Javascript. It is working fine, when I m accessing it in normal state. But after session expiry, if click on any button, it throws exception and behaves abnormally, resulting in page not found.
Here is the code I am using;
var TransactionID = '<% =((Hashtable)(Session["SessionData"]))["TransactionID "] %>';
if(TransactionID !='')
{
//action
}
I am trying to achieve something like of sort in c#;
String lsStr;
if(null != lsStr)
{
//action
}
I have a button that executes a script using AJAX.Normally when a session is still active the script will return some data that will be placed inside the parent page.If the session expired the AJAX will return the login screen which gets placed inside the parent page which looks really odd.How would I be able to detect a session timeout and do a postback on the parent page?
View 2 RepliesI am attempting to pass a session var(dropdownlist choice) to my autocomplete.asmx to incorporate it into my sql select statement. Is this do-able?
View 9 RepliesI'm wondering if it's possible to perhaps set something up in the global.asx file or something that will build a list of all currently active user sessions that I can then use to display to a logged in user, who else is currently logged in.
Currently I store my userId's in a session variable Session["IsLoggedIn"], so basically i want to build an global array of some sort that will store all these active userId's.
Let me know if this is possible, or who i would go about accomplishing this sort of thing. BTW, I'm not using asp.net's built in membership thing for login accounts.
using ASP.NET 2.0 VB.NET how to detect if the session cookies are enabled?
I know how to detect the cookies in general but you can set IE to block the cookies and accept the session cookies...How to detect this?
We're migrating an application to use IIS7 integrated mode. In library code that is designed to work either within the context of an HTTP request or not, we commonly have code like this:
if (HttpContext.Current != null &&
HttpContext.Current.Request != null) {
// do something with HttpContext.Current.Request
} else {
// do equivalent thing without HttpContext..
}
But in IIS7 integrated mode the check for HttpContext.Current.Request throws an exception whenever this code is called from Application_Start.
protected void Application_Start(object sender, EventArgs e)
{
SomeLibrary.DoSomethingWithHttpContextCurrentDetection();
}
Results in:
System.Web.HttpException: Request is not available in this context
How can I detect whether the request is really available without wrapping these calls in an exception handler and taking action based on whether an exception is generated or not.
Looking at HttpContext in Reflector I see it has an internal bool HideRequestResponse field but it's internal so I can only get to it with reflection and that's fragile. Is there a more official/approved way to determine if it's ok to call HttpContext.Request?
This blog post about the subject says not to use HttpContext, but how, in generic library code, can you determine if it's ok to use HttpContext?
http://mvolo.com/blogs/serverside/archive/2007/11/10/Integrated-mode-Request-is-not-available-in-this-context-in-Application_5F00_Start.aspx
I'm using the work-around mentioned there which is to use Application_BeginRequest and an initialized field to only initialize once as part of BeginRequest, but that has to be done in every calling application whereas I'd prefer to make the library code more robust and handle this situation regardless of where it's called from.
I have one website in which there is one page along with one ascx as registered into it. In the ascx where user can add some order details and click on "Make Payment" button, then there are following 2 cases...Case I: If user was not logged in, then a modal popup will open which has login ascx with 2 buttons Register & Login. In this case user either Login or Register and continue with "Make Payment".
View 5 RepliesIf you have <img src=""> on your page, the image load will result in another web request to the page that was originally loaded. Is there a way (in ASP.NET) to detect that the web request was the result of being loaded for an <img> tag like this?
The only difference I can find is the HTTP_ACCEPT value of */* for <IMG> requests, vs. a limited HTTP_ACCEPT value for the actual page request.
Have not run the ASP.NET Development Server for a while. Today I copied a production website to my workstation and ran it with VS 2008. The following error message popped up. What is the problem with the ASP.NET development Server on my workstation? The website on the Production server still ran okay.Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of KEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaspnet_stateParametersAllowRemoteConnection.
If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.
In C#, How do you pass the Session[] and Request[] objects to a method?I would like to use a method to parse out Session and Request paramaters for a .aspx page to reduce the size of my Page_Load method. I am passing quite a few variables, and need to support both POSTand GET methods. For most calls, not all variables are present, so I have to test every variable multiple ways, and the code gets long...This is what I am trying to do, but I can't seem to properly identify the Session and Request paramaters (this code will not compile, because the arrays are indexed by number)
static string getParam(
System.Web.SessionState.HttpSessionState[] Session,
System.Web.HttpRequest[] Request,
string id)
[code]...
In one web page we use a flash upload control but becouse a flash bug in the upload event the session is lost as its posted back with a new session.
We have tought of using a table with ip and old session id or a query string with the old session id in order to reassing it in the uploaded event...
Knowing the old session id how can i reassign it to the client? (In C#)
Im trying to make a solution like this [URL] Now the question is how do I filter the request, I only want to Open an ISession if the request is for an ASPNET MVC Action, not for *.gif, *.css etc. How should I handle this filtering?
View 3 RepliesI'd like to be able to reference the asp.net objects Session, Request, from a procedure without passing them in as parameters all the time. Is there a way to do this. For example, now I have
[Code]....
I'd like to call it like this "ContextPT.GetSession()" and have GetSession know how to find the Session object. I know this does not seem like a big deal in this case, but I have reasons.
just been trying to recieve the session value from multiple jquery ajax requests on the same domain name. i think i understand that each request is kind of a virtual browser request so the session is mutally exclusive to each request, but there must be a way some how, has anyone solved this. Basically this is what im trying to do:
I have tries using type: GET and POST but still no luck.
First request - Stores the product id in a session
[code]....
I'm writing a product management system for a website. As an administrator defines product details, those details are stored in the Session so that fields remain populated as the user navigates across multiple pages. One of these fields is a "RichTextBox" that allows the user to define a product description with rich text.
Attempting to pack the contents of this rich text box into a Session variable raises the following Server Error:
A potentially dangerous Request.Form value was detected from the client (ctl00_ContentPlaceHolder1_RichTextBox1_tbxRichContent="<b>asdf</b>").
The offending line of code is as follows:
Session["NewProductDescription"] = HttpUtility.HtmlEncode(RichTextBox1.Text);
I thought HtmlEncoding would solve the problem, but it did not.
I am trying to use a transaction scope in a transaction-per-request pattern. So I have a http module that do (simplified):
private void Application_BeginRequest(object sender, EventArgs e)
{
var scope = new TransactionScope(TransactionScopeOption.RequiresNew);
PutScopeInHttpContext(scope);
}
private void Application_EndRequest(object sender, EventArgs e)
{
var scope = GetScopeFromHttpContext();
try
{
if (HttpContext.Current.Error == null)
{
scope.Complete();
}
}
finally
{
scope.Dispose();
}
}
Then, in my web.config, I have:
<httpModules>
<clear/>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
<add name="Profile" type="System.Web.Profile.ProfileModule"/>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="TransactionPerRequestWebModule" type="Acme.Web.TransactionPerRequestWebModule, Acme.Web"/>
</httpModules>
<sessionState mode="SQLServer" sqlConnectionString="Data Source=localhostSQLEXPRESS;Integrated Security=SSPI;" cookieless="false" timeout="360"/>
Now, at what seem like randomly rate, roughly 1 page out of ten gives me the following error:
[SqlException (0x80131904): Distributed transaction completed. Either enlist this session in a new transaction or the NULL transaction.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +1951450
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +4849003
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +194
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2394
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +33
System.Data.SqlClient.SqlDataReader.get_MetaData() +83
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +297
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +954
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +141
System.Data.SqlClient.SqlCommand.ExecuteReader() +89
System.Web.SessionState.SqlSessionStateStore.DoGet(HttpContext context, String id, Boolean getExclusive, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) +516
[HttpException (0x80004005): Unable to connect to SQL Server session database.]
System.Web.SessionState.SqlSessionStateStore.ThrowSqlConnectionException(SqlConnection conn, Exception e) +229
System.Web.SessionState.SqlSessionStateStore.DoGet(HttpContext context, String id, Boolean getExclusive, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) +649
System.Web.SessionState.SqlSessionStateStore.GetItemExclusive(HttpContext context, String id, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) +48
System.Web.SessionState.SessionStateModule.GetSessionStateItem() +117
System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData) +487
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +66
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
What I (think I) understand is that the connection to the ASP.NET session database is sometimes enlisted in my business transaction, and I get this error when my business transaction is completing first.
There is a couple of problem with that:
I don't think the transaction for the session state should be the same as my business one. These are 2 separate concerns.
It makes the transaction automatically escalate to a distributed (MSDTC) one, which impacts my performance.
How do I decouple my business transaction from the ASP.NET session one?
I have noticed that when I have a session that has expired, the Session_OnStart event fires with every new request.
I suppose that this behavior is not normal, because I was expecting that the session would re-start only with the first request and not with every subsequent request.
This behavior occurs only with sessions where the timeout period has been exceded.
The current conditions under which I have experienced this problem are:
I have experienced this problem with an application that is using the .NET 2.0 framework and with a session mode configured to InProc. This problem is happening both on Windows XP SP3 and Windows 2003 Server.
