Application_AuthenticateRequest hit for all requests, including images and js files - asp.net

In my MVC3 application, I'm using Application_AuthenticateRequest to create my custom user context and create the session. However, I notice that this is getting fired for every file per page request, including images, js, css, etc.
Is this the right method to do what I'm trying to do, or should I be doing this somewhere else (i.e. action filter)? Or, is this the right place, I just need to put some checks and/or configuration to ensure this method (or my block of code) is just executed for page requests instead of requests for static files?
I searched for a while trying to find the answer, and found one specific to IIS7, but this is happening for me on my ASP.NET dev server (debugging) on WinXP. Other than that, I couldn't find much, which leads me to think I may be way off on something here, possibly overlooking something simple.
Thanks in advance.

Jerad,
You are correct that you would be better off creating an action filter to handle your user context. You can decorate those controllers where the user context is required.
This is a better solution than using code to investigate the request, just so you can ignore particular requests.
counsellorben

Related

How are .ascx files cached?

I have an asp.net project, and I load a base aspx page to display to the user. Then I ajax in the results of an ascx component and inject it via innerHTML in javascript.
I have noticed that the ascx component loads slowly on the first page load, but instantly thereafter. This is really cool, but I do not understand how this can be cached, as the contents are generated by making several db calls.
Does the server send some kind of hash to compare the contents to, to see if it changed on the server or not? Is this a browser thing or an asp.net thing?
What you are experiencing is most likely just in time compiling and has very little to do with the user control itself.
Watch the performance monitor counters for .net. This will tell you a lot about what's going on.
Can you use Firebug/IE developer console/etc. to determine the response code? If you can check the headers, you should be able to see a date that indicates either a cache time or a last modified date. I poked through the MS ASP.NET Ajax documentation, but couldn't find any references to default caching times or cache modification.
However, jQuery's ajax function uses an ifModified property which (according to the documentation) checks the Last-Modified header to determine whether or not it should retrieve the results. I'd imagine that the ASP.NET Ajax calls work in a similar fashion. It may not be prudent for your current project, but jQuery makes it very easy to set caching options.

Does IIS throw away the URL fragment on custom error pages?

I'm using the old 404-rewrite method on a certain site that is tied to IIS6 *.
So if I enter
http://example.com/non-existent/path
it calls my error page like so
http://example.com/catch.aspx?404;http://example.com/non-existent/path
Great.
Except if I call the page with a fragment, like
http://example.com/non-existent/path#with-fragment
I get the same result as above. I can't find the fragment anywhere:
Request.Url
Request.Url.OriginalString
Request.UrlReferrer
Request.RawUrl
headers, server variables, etc
This has come up because I want to resolve paths created by AJAX to their server-side versions.
Is there any way for me to retrieve the original path from my handler?
Thanks.
(*) Please don't suggest I change platform. Obviously I would if I could.
No, there isn't.
The portion of URL after # is never passed to the server per HTTP spec. Has nothing to do with platform.
To work with info after # in javascript you should look at Javascript History plugins/functionality. jQuery has history plugin, asp.net ajax and mvc ajax (partial views et al) have that. Mind you, it's not a very easy thing to implement, you have to get into undo/redo mindset.
It probably won't work if you are trying to handle 404's on the server - server doesn't know that there was something after #. Not sure what you want to do though, 404 handling, or "resolve paths created by AJAX"? What exactly is the goal?

Clear ASP.NET OutputCache across web applications

Is it possible to clear the output cache of one asp.net web application from inside another asp.net web application?
Reason being... We have several wep applications structured like...
http://www.website.com/intranet/cms/
http://www.website.com/area1/
http://www.website.com/area2/
Pages in /area1/ and /area2/ are cached and are managed through /intranet/cms/. When a page is edited using /intranet/cms/ I want to clear it out of the cache in the appropriate /area#/ application.
I already tried using a VaryByCustom that looks up a guid stored in the HttpContext.Cache but that seems to be cached per web application, that doesn't work.
Really if there were any way of passing data between web applications on a single server, that would solve my problem, since I can use that + VaryByCustom.
Thanks!
-Mike Thomas
The way I've done this in the past is to have a "hidden" page (in each of the /areaX sites) that does the flushing, reloading, etc. The page validates a shared secret query parameter before doing anything (to avoid DoS attacks). If valid the page would output an "OK" message once the operation is complete; generates a 404 error if the secret is invalid.
If you want the flush to be on a per-item or per-group basis then add a second parameter that identifies that item/group.
This method is also server technology independent, and can be triggered by other management tools if required.
One way I know of doing this is by using a shared resource as a dependency, usually a file. When the file is changed, the cache is cleared. I think you can use HttpResponse.AddFileDependency for this.
However, in these cases it's usually better to use an out-of-process cache such as memcached. I haven't tested it myself, but this link deals on using memcached with OutputCache.

ASP.Net Context.User.Identity weirdness

I have an ASP.Net 3.0 SP1 app that uses Form Authentication.
While testing, I noticed that if I viewed a page that another user was viewing, the other users name would be displayed in the control on my master page. The Context.User.Identity is also for the other user.
If I switch to different page that no one else is viewing the Context.User.Identity is correct.
I stumped and would appreciate suggestions.
Thanks in advance.
Chris
Maybe because output caching is enabled for the page: if the page is cached server-side with VaryByParam=none, all users will get the same copy from the cache.
I can only think of two things that can cause this:
You're storing user-specific data in a place shared between requests (e.g. in a static(C#)/shared(VB) variable, in the ASP.NET Cache, in the Application object, ...)
You have output caching enabled.
Check for:
OutputCache directives in your aspx and ascx files,
system.web/caching element in your web.config file(s),
Calls to the HttpCacheability.SetCacheability method.
If you can't find the problem:
Try creating a simplified version of your application until you get the simplest possible version that still reproduces the undesirable behaviour.
During this process of simplification you'll likely discover the problem for yourself. If not, post some code from the simplified version.
Make sure you are not using a link that comes with the authentication ticket when using a cookieless browser.
Also make sure to review any other that might be sharing the data among requests. Just like DOK said, but remember Application isn't the only way you could be doing that.
It looks like the issue was caused because I setting targetframe="_self" or Target="_self". I removed all these and everything seem to be working fine.
One other note: If I were to refresh the page it would also display the page with the correct user.

Best way to handle a 404 in a file download HTTP handler?

I've got a grid which provides some links for users to download files. Files are stored outside of the application, the path references are read from the database and a HTTP handler (*.ashx) is used to serve each requested file. It is, however, possible that there could be a database entry pointing to a non existent file. I catch the FileNotFoundException, but I'm not sure what would be the best method to inform the user of the missing file (so that they can contact support).
First idea is to set a standard 404 code on the response, and that's what I'm doing now.
A more helpful way would be to display a notification (jQuery) about a missing file, but the file download is not done in AJAX, so this would involve a two step process - a client side onclick handler calls a web service method to check if the file exists, if not, then I cancel the click (return false) and display a friendly message to the user. If the file exists however, I proceed with the normal execution. But this adds yet another server call.
Have you dealt with a similar problem? How did you solve it?
Some clarifications - the application is built in ASP.NET 2.0 and uses jQuery to call the web service methods.
Pawel, it seems you've answered your question already...
...(so that they can contact
support)...
By stating the above I would suggest you create a custom 404 page which notifies the user of the file not existing on disk and provide them information on how to get in contact with the support office.
I've created a HTTP Handler for handling files and if a file does not exist on disk then I return a 404 response. I've setup IIS to display a custom page if a 404 reponse has been thrown.. (and I do the same for error 500).
Hope this helps and good luck with finding the solution that fits your needs!

Resources