In securing actions/controllers, do I have to create a custom filter or use MVC built-in filter?
To use the built-in attribute Authorize() on an action/controller or create a separate class that inherits the ActionFilterAttribute which has a method (OnActionExecuting) to override and do the authentication there?
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
I have a custom actionfilter that strips out the whitespaces before the html is rendered in browser and it is working fine. However I have been unable to unit test the custom action filter. Ideally I want to do an assert on the sample html that all whitespaces have been removed. Code looks something like this.
I'm using a custom ashx HttpHandler to retrieve gif images from a database and show it on a website - when the image exists, it works great.
However, there are cases when the image will not exist, and I'd like to have the html table holding the image to become invisible so the "image not found" icon is not shown.
I've created a custom control in ASP.NET for showing a pop-up message box. In my MessageBox class, I have a Content property as ITemplate like the following:
[PersistenceMode(PersistenceMode.InnerProperty)] [TemplateContainer(typeof(MessageBoxContent))] [TemplateInstance(TemplateInstance.Single)] public ITemplate Content { get; set; }
Even I set the the Content property's TemplateInstance to Single, I still can't have access to the Button control.
All I want to do is to handle the click event of the button. When I assign an event handler to the button control and run the project, it throws a NullReferenceException.
I'm trying to implement a custom filter template for all text based searches and running into problems constructing the query. I've been following the instructions posted on this blog but not sure how change the GetQueryable method to perform a WHERE columnAttribute LIKE '%something%'query. In the example on the blog the expression is an equality which works if the text I enter exactly matches the text in the database column.
At the moment I'm using the new QueryExtender feature along with the SearchExpression control but this requires creating several custom pages for all the tables I need text search functionality for. I would like to DRY this up by creating the custom filter template.
I have two versions of a website. One runs on IIS server on a local PC, the other runs on the ASP.NET development environment included on Visual Studio (localhost). Apart from that, the file stucture of both is the same, although only the one running on IIS works properly, and this seems to be related to the fact that the IIS version calls Application_BeginRequest() where the other doesn't.
I've looked at the differences between IIS server and the ASP development environment in: [URL], and it says that IIS and the ASP development server deal with static content in that for IIS in that on IIS static content does not go through the ASP.NET runtime like it does on the dev environment (but I'm not sure exactly what this means).
I've done a number of tests involving images, etc, and have noticed that when the image is of the form:
<img src="Image/MyImage.jpg...>
the IIS server version calls Application_BeginRequest(), but the visual studio development environment version doesn't.
In my case, it is necessary to call Application_BeginRequest because this creates a new path and calls RewritePath().
The problem occurs when using links such as <a href="..." ...>, because if I use static content it won't call Application_BeginRequest() and the path won't be re-written. But If I change it to href=" %=ResolveUrl("~/...")%>" (for some reason, it will only call BeginRequest() if the path begins with a tilde ~), the path is re-written incorrectly.
I'm not really sure how to find out why the IIS version is calling Application_BeginRequest() from all the time (the callstack just says "external code"), or why it is calling it whereas the local dev server version isn't.
If anybody can explain this, or knows of any sites that go into this so I can master the basics, I'd be very grateful.
I've seen a few posts about Application_BeginRequest, but non seems to have my problem.
My Application_BeginRequest is being called for every image in my website.
The StaticFile Handler is enabled with * as the Path, but it's at the end of the list.
Is this the normal behaviour? Or should I add .gif, .jpg and so on on top of the list?
This is on my IIS7.5 Win7 Development Server. Didn't check it on the production server yet.
Update: Setting runAllManagedModulesForAllRequests=false would help. But then the ASP.NET URL Mapping does not work anymore. I tried disable it just for the image directly, but that had no effect?
I have a site with multiple domains pointing to it. I wanted to redirect all requests to main domain so I've created a method called RedirectToRealDomain("domain.com") to check and redirect all requests to my preferred domainAt the moment it lives on Session_Start but I am planing to move it to Application_BeginRequest event. As I understand Session_Start only raised when new session started but Application_BeginRequest raised on all requests. RedirectToRealDomain method doesn't do any DB lookups or anything expensive apart from comparing strings.
I've got some tracing statements with timestamps on an ASP.Net IIS application that gets a lot of traffic. I've got trace statements at the end of Application_BeginRequest and the beginning of Application_PreRequestHandlerExecute in my Global.asax. Occasionally there is a big delay between the end of BeginRequest and the start of PreRequestHandlerExecute, i.e. more than 5 seconds.
What is going on in the lifecycle of an HttpRequest between these two method calls that could be taking so long? This is IIS7 on Windows Server 2008.
I'm trying to get a reference to the user object in my Global.asax file's Application_BeginRequest. I'm using the property Context.User but I get a NullReferenceException. Is it possible to get a user object reference in Application_BeginRequest?
I am trying to create a 404 handling page but I am now stuck with the page only working for .aspx files, which isn't really what I need.I am running on IIS6.The site has a wildcard mapping,for extensionless URLs.All requests go through Application_BeginRequest in Global.asax but not all errors go through Application_Error.Is there a way where I can get the Application_Error to raise for non .aspx files?
We are obesrving strange problems when performing sress test of our applciation. We use Application_BeginRequest and Application_EndRequest to log the beginning and end of the web request, together, with the thread id.
However, from our logs, we see that Application_Begin_REquest is not being fired:
We use the following code to do the logging in global.asax.cs:
You can see that there are two "End request" in the last two lines, but there is no (Begin) Request for the last log line.Our Dbg.WriteLine uses System.Diagnostics trace listeners to ouput data to the file.
Environment: Windows Server 2008 R2, ASP.NET 3.5
This only happens when performin stress test. CPU utilization is around 60%, there are max 10 concurent requests executing.
UPDATE: I have found out that some other also did have similar problems (althoug in different configuration:
http://forums.iis.net/t/1154954.aspx) Matej
UPDATE#2: This night be related to fact, that Thread.GetHashCode() which is used to print out the thread identifier in our log fies could change. See ASP.NET - Thread.GetHashCode() changes
I created a web service on localhost, and I tried to call it from a web app (also on the localhost) via HttpWebRequest, but Application_BeginRequest in Global.asax didn't fire. When I type in IE 'http://localhost:8010/Test/' (the web service) Application_BeginRequest fires. Where is the problem? How can I test a localhost web service from a page which is also on localhost?
I have a problem using Application_BeginRequest and I have absolutely no clue what is going on. When using this code, my website works fine:
[Code]....
Now, when I only alter it like this (note that I am actually doing nothing special):
[Code]....
This small change in code causes that forms don't postback anymore. I am truely clueless why this happens when trying to get some request.form variables.Stupid thing is, when debugging the website using visual studio, everything works fine.
Is there a way to retrieving parameter names and values passed to a web method from Request object? I've read somewhere that you need extra code to access the soap body. Any known workarounds to be able to see the soap body from Application_BeginRequest?
In my organization we use nested groups. For a particular usage, we have a group (let's assume that the group name "kuku"), and the names of all the nested groups under it contains "kuku" as well.
We may assume that no other group in the LDAP has "kuku" in the name.
I need to create a filter which will return all the users which belong to one of the "kuku"s group.
Obviously, using this filter will bring only the head kukus
(&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=...rest of the group DN...))
How can I use wild card to fetch all users which belong to any kuku?
For example: (&(&(objectclass=user)(objectclass=person))(memberOf=CN=.*kuku.*))
I have decorated my base controller with a couple of action filters. They work fine.
One of those filters sets up the request - does things like set the culture based on the domain, etc.
I also have a handful of actions that require authorization using the Authorize attribute.
My problem is that when an user attempts to request a page they are not authorized to access, the authorization filter kicks in and redirects them to a page telling them that they cannot vie the page.
The issue is that the action filters never run so the culture and other request data is never set. This effectively causes language to be wrong in the view and other data to be missing.
I know that authorization filters run first but my question is this: How can I design this such that I can ensure that certain methods are always run before the view is returned, regardless of the authorization.
I want to protect one file in a subdirectory with Global.asax. (I know that this isn't the conventional way of going about this) but it works on my computer and not on the server.I have a global.asax file in my root dir and Application_BeginRequest checks if the user is requesting a particular file. If they are logged in, it allows access. If they are not logged in they are redirected to the default page.My problem is this: My code works on my personal computer but does not work on the server. Do I have to configure a setting in the web.config or adjust something on the server? Code:
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) Dim fullOrigionalpath As String = Request.Url.ToString.ToLower 'PROTECTED FILE If fullOrigionalpath.Contains("/uploads/groups.xls") Then If HttpContext.Current.User.Identity.IsAuthenticated = False Then Response.Redirect("~/login.aspx") End If End Sub
I fill a third-pard component variable in Global.Application_BeginRequest(). Everything is fine until I set IIS7 into the Integrated mode. In that case the method Application_BeginRequest() is not called (Application_Start is ok).May be some module is registered wrong?(I have found a same problem here on forum, but without a solution:[URL]
I am doing some redirecting of old url in global.asax's application_beginrequest. Redirecting works fine when getting the url's using an http get but not when using an http head request.