Develop Reference

Events in Global.asax

Below sample url is given
localhost/MyPage.aspx/1582%20
asp.net throw an error saying that this page does not exist and as far as I know it is because of the %20 at the end of the URL.
the error is being caught by Application_Error in Global.asax, however I would like this to be redirected to a page and I would also like my Application_Error to log the errors, no page redirection
Are there other events in Global.asax that I can use to handle this redirection? I tried PreSendRequestHeaders but still it goes to Application_Error
Thanks.

No, you can't as there is only one event for such situation and it is Application_Error (event handlers in Global.asax are for HttpApplication).
But you can implement an IHttpModule, parse the url in it, and if it is correct, redirect your user to target page (see also here).
You should remember that, by default, not all the requests are sent to the such modules, so you might have register your module in web.config by various way:
Classic Mode
<configuration>
<system.web>
<httpModules><add name="HelloWorldModule" type="HelloWorldModule"/></httpModules>
</system.web>
</configuration>
Integrated Mode
<configuration>
<system.webServer><modules><add name="HelloWorldModule" type="HelloWorldModule"/></modules></system.webServer>
</configuration>
HTTP Handlers and HTTP Modules Overview

Error while editing data in gridview in ASP.NET

I am making an online bug tracking system(BTS) in ASP.NET. I am using Gridview for displaying the records on a web page. It is working properly in some web forms but in some web forms, i am getting error as given below when i click edit event of gridview. Please guide me to solve this error.
Server Error in '/BTS' Application.
Invalid postback or callback argument. Event validation is enabled using
<pages enableEventValidation="true"/> in configuration or <%# Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

Just do this --> EnableEventValidation="false" like below
<%# Page Title="" Language="C#" MasterPageFile="~/shirish.master" AutoEventWireup="true"
CodeFile="s.aspx.cs" Inherits="_s" EnableEventValidation="false" %>

This is a typical error in ASP.NET when request validation fails. The most common scenario is when you are issuing a postback and one of the input controls (usually a TextBox) contains html or javascript code. As the error message states, there's several ways you can bypass this validation:
By disabling request validation at the page level which be achieved by setting the EnableEventValidation property of the page directive to false. Note that you can do the same site-wide from the web.config file
By registering the required control for event validation using the ClientScriptManager.RegisterForEventValidation method
If you use the first approach, you will be turning off event validation which means you will be relaxing some of the built-in security features. On the other hand, the second approach is a bit clumsy because it requires to anticipate the values allowed by the control

<pages validateRequest="false" /> and <httpRuntime requestValidationMode="2.0" /> not working

I've inherited an MVC asp.net app using framework 4.0.
I'm getting the dreaded "A potentially dangerous Request.Form value was detected from the client" error and all my research leads me to believe that this should fix it:
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
However, I've added that to my web.config and still get the error. I'm at the end of my rope here, what am I missing?

In addition to what you did you also have to decorate your methods with the ValidateInput attribute.
[ValidateInput(false)]
public ActionResult MyActionMethod(string myParameter)
{
// Method implementation goes here...
}
There is an alternative though, you can implement your own request validator and bind that in your web.config if you want to handle validation for your entire site. Take a look at this blog post on how to fully implement it.
Basically, create a class that inherits from RequestValidator and then hook it up on the web.config.
<httpRuntime requestValidationType=”Globals.CustomRequestValidation”/>
Hopefully this helps!

Take another approach. In the httpRuntime, point to your custom validation class. This way have the complete control over incoming requests as the validator is fired upon each single request, at the beginning of the processing pipeline.
In particular, if you implement your validator to return true, you will unconditionally accept all incoming requests.
http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx

The simplest way is to remove the characters you want from the validation system.
Here is the requestPathInvalidCharacters attribute from the httpRuntime element with its default value.
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\" />
<!-- the unescaped characters are: < > * % & : \ -->
Remove the characters you want to authorize and the request will work.

can I write my Login Page redirect code in Session_End?

Can I write my code in the Session_End method when my session is timeout and I redirect users to the Login Page?
I am using Form Authentication method.
Currently I have create a "CheckSession()" method and calling on each page...
please suggest...

I've always placed the session check code in a master page for webform projects or, more recently, creating a base controller that has this method. Either way the goal is not to duplicate that code everywhere for obvious maintenance reasons.

I think you can manage this through settings in your web.config file without having to use code at all. Just ensure that the duration of your forms authentication cookie and your session are the same length. If your authentication session times out ASP.NET will automatically redirect a user to the login page.
Try:
<forms ... timeout="20" slidingExpiration="true" />
(slidingExpiration is true by default but I've specified it here because it must be true to replicate the timeout behaviour of sessions in ASP.NET)
and:
<sessionState ... timeout="20" />

ASP.NET MVC2 master page and authentication

Update: I can't delete this question, because the answer has been upvoted, yet it is not at all the answer to what I'm asking. I'd like to delete this, as it has been a week with no answer, and it's just dragging down my accept %. Thanks.
I have a strongly typed master page that includes information that is based on the currently authenticated user's UserId:
(Guid)Membership.GetUser().ProviderUserKey
Every other normal action/view would require the user to be authenticated prior to it being viewed, which means the user's information is guaranteed to be available.
The problem is, I'm only getting null reference exceptions when I attempt to access the user's info. from the site's master page. I'm guessing this is because there isn't such thing as an [Authorize] attribute that applies to master pages.
Do I have this wrong? Is there another possible cause?
Simple example:
My site's various pages all use a view model object that inherits the master page view model:
<%# Master Language="C#" Inherits="System.Web.Mvc.ViewMasterPage<Models.MasterViewModel>" %>
the authenticated user object is a property of this base view model. All pages require authentication, so anyone who isn't is redirected to the login view, which has been working flawlessly. So a simple attempt to make use of a user's property in a view is thus:
<%= Model.UserName %>
which I'll put in one of the views, as well as in the site's master view.
When the user is already authenticated, all works as it should, with the UserName being printed twice on the page. When the auth ticket is expired, or a new user comes along however, the page will not redirect to the login, but instead generate an exception that complains of a null reference coming from the <%= Model.UserName %> in the master view.
When I remove the <%= Model.UserName %> from the master view, and leave it in the normal view, it redirects as it should, without throwing the error.
I hope this is somewhat more clear.
Edit:
Maybe someone could offer a better way to access the authenticated user's information in the master page?
Edit #2:
I would be very interested to see any example of an authenticated user's info being accessed in the master page...this is a real head-scratcher for me.
Update:
I haven't accepted the answer because I'm quite familiar with how I can test whether or not a user is authenticated. I am curious to know why no redirection to the login page is taking place.

It's not because of the master page.
Membership.GetUser() will return the current logged-on membership user. If no user is logged in it will return null and that's what is causing your problem.
you can use an if statement in your master page to check if the user is logged in or not before using any user's info.
if(Membership.GetUser() != null )
{
// Use User Info.
}

The only way i manage to reproduce this error is if i add the violating codeblock to a masterpage that is referenced from pages that does not require auth, then look at'em without signing in.
If your masterpage is not used on your logon-page, it could indicate something else is not entirely in place. How's your routing and authentication set up? If your View gets instantiated before the redirect, so will your masterpage, which could provoke this behaviour.

not sure if this still applies in mvc2, but have you tried defining the loginUrl attribute in your web.config?
<authentication mode="Forms">
<forms loginUrl="/user/login" />
</authentication>
<authorization>
<deny users="?" />
</authorization>