Intercept Processing When Session.IsNewSession Is True?
Mar 15, 2010
I have a small 4-page application for my customers to work through. They fill out information. If they let it sit too long, and the Session timeout out, I want to pop up a javascript alert that their session has expired, and that they need to start over. At that point, then redirected to the beginning page of the application.
I'm getting some strange behavior. I'm stepping through code, forcing my Sessioni.IsNewSession to be true. At this point, I write out a call to Javascript to a Literal Control placed at the bottom of the . The javascript is called, and the redirection occurs.
However, what is happening is.. I am pressing a button which is more or less a "Next Page" button and triggering this code. The next page is being displayed, and then the Alert and redirection occurs. The result I was expecting was to stay on the same page I received the "Timeout", with the alert to pop-up over it, then redirection.
I'm checking for Session.IsNewSession in a BaseClass for these pages, overriding the OnInit event.
I'm trying to extend the functionality of an ASP.net application that I'm working with. For its logon page, it uses an html form to post to a dll to handle it's login logic. I'm wondering if there is any way to redirect that html POST to my C# code so that I can do some processing and then (and this is the part that I haven't figured out yet) POST it to the dll so that the regular logon logic can continue. I can make changes to the logon page, but the final step must be to do an HTML POST to the dll. I can't change that.
I've a class named baseClass.I can't access session variables from that class.This is the error i've got.
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration><system.web><httpModules> section in the application configuration.
i make a web site using frame but session is expire message is
Object reference not set to an instance of an object Description: HTTP 500. Error processing request.
Stack Trace:
System.NullReferenceException: Object reference not set to an instance of an object at System.Web.UI.Control.OnLoad (System.EventArgs e) [0x00000] in <filename unknown>:0 at System.Web.UI.Control.LoadRecursive () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessLoad () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessPostData () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.InternalProcessRequest () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessRequest (System.Web.HttpContext context) [0x00000] in <filename unknown>:0 My Web Config file is<configuration> <!-- store the database connection info here --> <appSettings> <add key="sBook_StoreDBConnectionString" value="Provider=Microsoft.Jet.OLEDB.4.0;User ID=Admin;Data Source=C:Program FilesCodeChargeExamplesBookStoreBookStore_MSAccess.mdb;Persist Security Info=False" /> </appSettings> <system.web> <httpRuntime executionTimeout="1000" maxRequestLength="2000000" /> <!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to false will improve runtime performance of this application. Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage="c#" debug="true" /> <!-- CUSTOM ERROR MESSAGES Set mode="on" or "remoteonly" to enable custom error messages, "off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="Off"/> <!--<customErrors mode="On" defaultRedirect="Login.aspx"> <error statusCode="500" redirect="Login.aspx"/> <error statusCode="404" redirect="Login.aspx"/> <error statusCode="403" redirect="Login.aspx"/></customErrors> --> <!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authentication mode="None" /> <!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <!-- SESSION STATE SETTINGS By default ASP .NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" stateConnectionString="tcpip=localhost:42424" cookieless="false" timeout="60" /> <!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web> <connectionStrings> <add name="mydb" connectionString="Server=localhost;User=SYSDBA;Password=datacenter;Database=/opt/db/erp2.fdb;Min Pool Size=5;Max Pool Size=60;Connect Timeout=30" providerName="FirebirdSql.Web.Providers" /> <add name="mydb2" connectionString="Server=localhost;User=blackberry;Password=acgmkRMS;Database=/opt/db/pwd.fdb;Min Pool Size=5;Max Pool Size=60;Connect Timeout=30" providerName="FirebirdSql.Web.Providers" /> </connectionStrings></configuration>
I have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
We are in the process of building a huge site. We are contemplating on whether to do the processing of HTML at server side (ASP .Net) or at the client side. For example we have HTML files which acts like templates for the generation of tabs. Is it better for the server side to get hold of content section (div) of HTML load the appropriate values and send the updated HTML to the browser or is it better that a chunk of data is passed onto client and make Javascript do the work?
It took me a little while to figure this out, but the AllowPaging="true" on the FormView seems to be the culprit. I don't have much experience paging from a FormView, but for this requirement the customers wants this kind of UI.I have a FormView with DefaultMode="Edit", which is bound to an EntityDataSource. One of the entity's properties, "ExternalID", determines whether some of the other properties in the entity are read-only. For example, if IsExternal==null, the FirstName, LastName, and Email fields should be rendered as TextBoxes. If IsExternal!=null, the 3 properties should be rendered in Label controls.
When Session attribute Cookieless ="True" the page.Ispostback is always false.Cant understand the reason behind it.
And one more thing what is happening when we click Remember Me option in login control.As per my knowledge it is storing authentication cookie in it. If we can add data to authentication cookie then why we need session...we can add session data in that.. and authentication token is also regenerated for every new request like sessions.....i got confused after browsing for few hours.
Which one is more secure using cookies or URL for authentication and session.
I want to intercept any postbacks in the current page BEFORE it occurs . I want to do some custom manipulation before a postback is served. how to do that?
I have a control used in our CMS and we don't have the source code for it, what I would like to do is change the rendered output of this control.
Now, I could have a check in my base Page class that checks if the control is being used on the page and then change the html that needs to be altered, but that seems a bit excessive for just 1 usage.
So is there any other way of changing the behaviour of the control without the source code? I'm thinking not other than the way described above.
I am implementing HttpModule for compressing request.Below is the codee for HttpModule:
public class Global : IHttpModule { public void Init(HttpApplication app) {[code]....
It's able to intercept and compress js and css in the development web server but when i run it from IIS 5.1 it is not able to compress js and css files.
I would like to generate a 401 page if the user does not have the right permission.
The user requests a url and is redirected to the login page (I have deny all anonymous in web.config). The user logs in successfully and is redirected to the original url. However, upon permission check, it is determined that the user does not have the required permission, so I would like to generate a 401. But Forms Authentication always handles 401 and redirects the user to the login page.
To me, this isn't correct. The user has already authenticated, the user just does not have the proper authorization.
In other scenarios, such as in ajax or REST service scenario, I definitely do not want the login page - I need the proper 401 page.
So far, I've tried custom Authorize filter to return ViewResult with 401 but didn't work. I then tried a normal Action Filter, overriding OnActionExecuting, which did not work either.
What I was able to do is handle an event in global.asax, PostRequestHandlerExecute, and check for the permission then write out directly to response:
if (permissionDenied) { Context.Response.StatusCode = 401; Context.Response.Clear(); Context.Response.Write("Permission Denied"); Context.Response.Flush();
[code]....
First of all, I'm not even sure if that is the right event or the place in the pipeline to do that. Second, I want the 401 page to have a little more content. Preferably, it should be an aspx page with possibly the same master page as the rest of the site. That way, anyone browsing the site can see that the permission is denied but with the same look and feel, etc. but the ajax or service user will get the proper status code to act on.
I am working on a tool which audits access to existing web application. Existing app does not have any hooks in place, but my plan is to inject an IHttpModule by modifying web.config and log whatever I need to log during EndRequest event.
What I'm struggling with right now is: I cannot intercept what is application writing to an output stream. I need to know what output does the application send to the client. Originally, I hoped I could run a code in BeginRequest to replace HttpContext.Response.OutputStream with a stream of my own, which would be flushed to original stream during EndRequest, but the stream only has a get accessor, so I cannot replace it.
I could of course use reflection to assign to private member of HttpContext.
n my A.aspx, I will call web method GetName in B.asmx
Is it possible, before my A.aspx call GetName in B.asmx, I inject or put some codes so when A.aspx try to call the method, it needs to go through my injected code without even changing the code in A.aspx and B.asmx?
Is custom HttpModule able to handle this scenario? If yes, how? Which HttpModule's event that occurred before the page actually called the web service?
I have user's who are losing their data because they sit on a page too long, then are asked to log back in. I want to do the following:
1) Instead of redirecting them to a login page, I want to cancel the current request and give the user a popup dialog box to login with.
2) When the login is successful, I want the user to be sent back to their form, with all data intact. (Even better if the request could go through without sending them back to that form, but this is optional).
How can I intercept these authentication requests, and present the user with a popup login?
I wish to be able to place a System.Web.ActionFilterAttribute on an Action Method and override the OnActionExecuting method to insert business logic which determines if the Action should be fulfilled. Can the ActionExecutingContext be used to cancel the executing Action Method and do one of the following:
Send an HTTP Status Code (and the corresponding <customError> page).Execute a different Action Method within the same Controller.
i hava a gridview, with an sqldatasource control, if an update event goes to faili want intercept the error and manage ithow can i do? i cannot find the error event in gridview
I have installed an HttpModule into my web app that will handle all requests with a given file extension.
I want ASP.NET to handle all requests with the extension, regardless of whether there is an underlying file on disk. So, when I added the extension to the 'Application Extension Mappings', I unchecked the 'Verify that file exists' checkbox.
However, this just transfers the file check to ASP.NET rather IIS, so I just get a different error page when requesting URLs with the file extension.
Is there a way to preempt this ASP.NET file checking and intercept the requests?
We send out registration urls to clients via email. Some of the email clients are turning the url intourl <url>I think it may be happening when users forward the email onto themselves at which point the email client re-formats the original email (maybe)[URL]Which rightly producesSystem.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detectedWhere in the code should I intercept these instances and santize the url so that the user is re-directed onto the original form of the url?
To my surprise, things went horribly wrong. The custom http handler intercepts this, but since it's designed to just load files from the file system, it doesn't work. I realize that, technically, it matches a pattern *.css but that seems an odd behaviour, since the actual resource being requested from the web server is *.ashx and the css is only after the file path, as a parameter.
Is it possible to make the filter for a handler only apply to the actual server resource name?
Alternatively (and actually I'd like to know how to do this anyway) -- what I would really rather be doing is intercepting the output from the default css handler. That is, rather than having all my own code to actually load files from the file system in my CSS handler, it seems it would be far simpler to just take the response from the default handler and filter it. Which would have worked properly in this situation.
Finally, in either case, I'd much rather be filtering on resource MIME type text/css rather than intercepting requests by name, since what I really want to do is filter any CSS (rather than anything that happens to be named "*.css"). how to do this?
I need to get notified about asynchronous requests in ASP.NET. I used the jQuery .ajaxSend global event but it does not trigger when using UpdatePanels.
Is there a multi-browser way to detect when a request is being made on a page?
I'm looking for a way to intercept the ASP.NET processing pipeline in such a way to be able to register event handlers to all events on the Page class. The reason is, I need to maintain a session-bound instance of a component that needs to be notified of all important Page events, starting from OnPreInit.
There's an arbitrary number of Page descendants in the application, which are not under my control. Hence I cannot use an approach like using a single custom descendant, that would notify the session-bound component, as a base class for all pages in the web application.
I don't think creating a custom IHttpHandler or IHttpModule implementation would solve the problem. Also note I cannot create a custom HttpApplication descendant.
This question seems to be pretty close to what I am looking for - I was able to setup tracing and I am looking at the log entries for my calls to the service.However I need to see the raw soap request with the data I am sending to the service and I see no way of doing that from the SvcTraceViewer (only log entries are shown but no data sent to the service) - am I just missing configuration?