On my ASP.NET Site (.Net Framework 4.5) if a user provides a pagename such as http://staging.site.com/index.aspx the site loads as expected and the user can navigate around the entire site without issue.
If the user loads the site and than changes/visits a URL that redirects to the root http://staging.site.com/ with no page name, the first load hangs up for over a minute and than all requests thereafter are also slow.
The issue is only isolated to the users session. It does not affect other users.
Turns out we had enabled session variables to be used in our webapi classes. And the overhead of doing this was causing the server performance to decline significantly
As far as ASP.NET (.aspx) page request concern, I know that:
"Application Pool forward the request to worker process to load the ISAPI Extension which will create an HTTPRuntime Object to Process the request via HTTPModule and HTTPHanlder. After that the ASP.NET Page LifeCycle events starts."
Now my question is, where does the ASP.NET MVC request (extension-less) fit into the above pipeline (as per the picture shown)? Where is it different? How does "aspnet_isapi.dll" find an extension-less URL?
Please advise!
As a requirement our team has to implement session management for our application, redirecting users to the login page on session expiry. The problem is the website is a mixture of classic asp pages, .net web forms and asp.net mvc.
To keep the .net session alive we can use http GET requests to a dummy controller method that will redirect to the login page if the session has expired.
Because there are a considerable amount of page in the application it would be good to avoid having to put an include file on each page to refresh the .net session on each page load. Also for each ajax request made from classic asp we want to refresh the .net session.
An ideal solution to this would be to intercept each request made to the server, pass them through the dummy controller method to refresh the .net session, redirecting the user if the session has expired. I have looked at creating an ISAPI module for this as a possibility but am still unsure of the workload involved in creating such a module, or if I can create the desired behavior.
Is anyone in a similar situation or have a concrete solution to this problem?
We have just migrated an app from .Net 2 to .Net 4 (without major code changes); the app uses a custom HttpModule to serve extensionless URLs (based on a 404 page - request comes in, hits our custom 404 page, goes through the module and gets transferred to the correct page behind the scenes).
Everything is working well post-migration, but NewRelic is showing a very high number of requests per minute (we know it's not right, because we can monitor current requests on the firewall or load balancer) and showing a lot of time spent in /System.Web.DefaultHttpHandler.
Has anyone seen this before? I suspect it could be ASP .Net trying to handle the extensionless URL for us, but I'm not sure how to prevent this - I'm just working to get an enviroment where I can do a bit of testing, but if anyone has any suggestions I'd love to hear them!
Thanks
Sam
Just in case anyone else comes across this - it was just a matter of removing the ASP .Net 4 extensionless URL handler via web.config, as it was trying to also process the request at the same time as our 404 handler.
We have an old web app written in classic ASP. We don't have the resources to rewrite the app.
I know that asp and aspx pages can coexist in the same ASP.NET web app, but it appears as those you cannot share Application and probably Session variables across these two groups of page extension types.
I was hoping to do new development in ASP.NET and to in theory, convert the Classic ASP pages over as we go.
Is there a way to share IIS variables across these two types of web pages (aside from passing information using the query string and forms fields)?
There is no straigthforwad solution for sharing session variables between classic ASP and ASP.NET. I would recommend you to persist sessions into a database, like it is described in this Microsoft Article. This way both ASP and ASP.NET can access session variables.
Not a direct way. You could consider using a shared database backend for your session state.
You could create a simple table in your DB to store the "session" info in. Both the classic asp and the .net pages could read and write there.
The only ways to pass this data would be GET/POST values, cookies, flat file, or storing the data to the database. There is nothing "Built In" to the .Net framework to do this.
I have seen another solution aside from using the database as shared session holder. I should say beforehand that using the database option is probably much better than this. But...
You can create an ASP page whose only function is to store into and retrieve from the ASP session state. From your ASPX page you can make a webrequest to your ASP page and return any session information in the header, querystring, or even do a scrape of the restulant load. Alternatively you can return an XML stream and make a poor man's web service.
I addition, you could get session state from ASP.NET by doing the opposite and making a .NET page that access session info and returns it.
It's not a good idea and fraught with security problems. I have seen it done is all I'm saying. It's really probably best to rely on the database and possibly pass session ID around.
Well I just have faced this problem, and want to tell you that just were able to solve it in one way. The solution was relatively easy and actually depends on your original development, in my case the system flow requires to log-in in a default.aspx page and after validating the user/password are correct the page Init.asp is executed and exactly there many session vars are created and loaded (actually are just the minimum needed) after that the last instruction redirects the user to mainmenu.aspx and form that page we call .aspx and .asp files.
This solution worked for me just because of the election the original developer made when designed this ASP 3.0 application and as you can imagine I can't retrieve those values in the asp.net pages.
I just went through this. My solution was to wrap it all in a nodejs app. I dole out JWT tokens from .NET web API that have all the users claims encoded in the payload. This token gets stored in a cookie on the client. The cookie will automatically get submitted on each request to your domain so all you need to do is read the cookie value from the header and decode the payload (in ASP.NET and Classic ASP independently). Once you read the contents, you can simply set the session variables to match those that were embedded in the JWT token.
I prefer this method because it has 0 database synchronization necessary and moves your application to OAuth2 openid and away from session.