I have two applications on my webserver.
myserver.com/ApplicationA
myserver.com/ApplicationB
Both applications are using similar codebases and so there are several overlaps in their cookie names, which are causing problems...
I'm aware that it is possible to limit a cookie in ASP.Net so that only applications on a certain "Path" can access it. However, what I'd really like to do this without having to make any code changes to either application.
Is it possible to configuare an ASP.Net application to default to limiting ALL of its cookies to a certain path?
Thanks,
Neil
Sadly the web.configuration httpCookies element only allows you to set the default domain, and not the path.
You'd need to set the Path property as you write the cookie, which means that you will need to make some code changes - your best bet would probably be to factor out cookie writing to a shared class, and then use either a value from the web.config or get the application root path to set the property correctly.
Related
How do I programatically detect from Flex/Actionscript the STRING representing the current security domain, as used by LocalConnection.AllowDomain?
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/LocalConnection.html?filter_flex=4.1&filter_flashplayer=10.1&filter_air=2
I'm unclear if this answers your question, but to get the domain that hte SWF is being served from use Application.url to get the URL Serving the SWF and then use URLUtils.getServerName to get the actual domain.
The LocalConnection class also has a domain property, which looks like a shortcut for the above if you're using a LocalConnection.
I believe either of those will give you the current domain. It sounds like you want to know the name of the domain trying to access your SWF, though. If so, I do not know of a way to get that information.,
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction.
Here is my problem:
I have a public website (i.e. on the internet) that will allow any user to sign up to. The website will be developed using ASP.net webforms. These users may create other users and assign these users different roles.
Different roles have different restrictions and the menu is displayed appropriately. For example, a user acting as an administrator can see all menu options. Whereas a limited user will only see some of these menu items.
There needs to be the ability for users on our end to modify what pages certain roles can access. For example, if Role1 can do task X, we would like to be able at some point modify Role1 to no longer do task X. This would be done using an application built in-house.
User types (roles) are to be saved in the database. User permissions (what pages each type can have access to) are also to be saved saved in the database.
Here is something I am thinking of doing:
Implement the authorization and authentication set up built in to ASP.net using the web.config file
Use Sitemaps to dynamically create menus/breadcrumbs from the database
I believe it is possible to do the second one using custom providers (please correct me if I'm wrong). But I am not entirely sure if it's possible to configure the web.config file dynamically.
I suppose this is really more of a yes/no answer but I would just like to make sure I'm not going in the wrong direction. I will be using VS2008 and .net 3.5 framework.
Many thanks.
Yes, it's possible to do what you're saying. You can dynamically create the sitemaps using a custom SiteMapProvider, see this articlet http://www.codeproject.com/KB/aspnet/dynamicsitemap.aspx.
You can also modify the web.config at runtime using an XmlReader or if you prefer, just reading it into a string and parsing out the authorization element. I'd put it in a separate file, though, using configSource:
<authorization configSource="auth.config" />
Then you only need to modify that file and not worry about messing up the web.config
Is it possible to clear the output cache of one asp.net web application from inside another asp.net web application?
Reason being... We have several wep applications structured like...
http://www.website.com/intranet/cms/
http://www.website.com/area1/
http://www.website.com/area2/
Pages in /area1/ and /area2/ are cached and are managed through /intranet/cms/. When a page is edited using /intranet/cms/ I want to clear it out of the cache in the appropriate /area#/ application.
I already tried using a VaryByCustom that looks up a guid stored in the HttpContext.Cache but that seems to be cached per web application, that doesn't work.
Really if there were any way of passing data between web applications on a single server, that would solve my problem, since I can use that + VaryByCustom.
Thanks!
-Mike Thomas
The way I've done this in the past is to have a "hidden" page (in each of the /areaX sites) that does the flushing, reloading, etc. The page validates a shared secret query parameter before doing anything (to avoid DoS attacks). If valid the page would output an "OK" message once the operation is complete; generates a 404 error if the secret is invalid.
If you want the flush to be on a per-item or per-group basis then add a second parameter that identifies that item/group.
This method is also server technology independent, and can be triggered by other management tools if required.
One way I know of doing this is by using a shared resource as a dependency, usually a file. When the file is changed, the cache is cleared. I think you can use HttpResponse.AddFileDependency for this.
However, in these cases it's usually better to use an out-of-process cache such as memcached. I haven't tested it myself, but this link deals on using memcached with OutputCache.
On IIS 6, is it possible to have multiple domain names pointing to the same web application, and conditionally serve CSS from within the web application based on the domain name?
I need to host hundreds of different "skins" on the same web application, with the skin being dependent upon the domain name, and I really don't want to launch tons of web applications.
+1 to rhinof for adding multiple identities, but creating a HttpModule is a bit over kill. You can simply switch the URL of the tag in a Master Page by examining the contents of Request.Headers["HOST"]
1) add the desired domain names as website identifiers in the advanced property page of the Web Site Tab.
2) map the .css extension to the aspnet_isapi.dll
3) write an httpmodule that will re write the url for .css requests based on the domain name
4) enable your module via the web.config
If you use themes, you can change the theme, thereby changing the css, etc. in the Page.PreInit depending on the value of the domain in Request.ServerVariables["Url"] (note, there might be a better server variable to get the domain name, look it up).
If you aren't using themes, you can programatically swap out the css file by checking the same server variable.
MasterPages are going to be your friend here.
Hope that shoves you in the right direction. It is possible and common.
If you are going to have different core content on the sites then I suggest putting in a global identifier to track which site a user is on and put your data in a DB somewhere for reference against that identifier. This is by far the easiest way to extend the app if each instance is unique.
You can put this into a class and have one common pattern for figuring out where stuff should map to. I suggest that once you know the mapping to cache that and then you will be able to do what you want without the latency of a thousand apps or db calls.
You will also need to add this parameter on any general DB calls so that you only get results for the domain that is being hosted. I’ve got a bit of experience with this so just leave some comments if you want to see some specific coding examples.
You can apply this technique to any file, CSS stylesheet or object for referencing purposes.
Yes, this should be simple to do. I'd go with the approach of mapping the domain names to your app using host headers in IIS. Then, as Martin said, interrogate Request.Headers["HOST"] in your app to switch the stylesheet.
This would be a question for anyone who has code in the App_Code folder and uses a hardware load balancer. Its true the hardware load balancer could be set to sticky sessions to solve the issue, but in a perfect world, I would like the feature turned off.
When a file in the App_Code folder, and the site is not pre-compiled iis will generate random file names for these files.
server1 "/ajax/SomeControl, App_Code.tjazq3hb.ashx"
server2 "/ajax/SomeControl, App_Code.wzp3akyu.ashx"
So when a user posts the page and gets transfered to the other server nothing works.
Does anyone have a solution for this? I could change to a pre-compiled web-site, but we would lose the ability for our QA department to just promote the changed files.
Do you have the <machinekey> node on both servers set to the same value?
You can override the machine.config file in web.config to set this. This needs to match otherwise you can get strange situations like this.
Does your load balancer supports sticky sessions? With this on, the balancer will route the same IP to the same server over and over within a certain time window. This way, all requests (AJAX or otherwise) from one client would always hit the same server in the cluster/farm.
Ok, first things first... the MachineKey thing is true. That should absolutely be set to the same on all of the load balanced machines. I don't remember everything it affects, but do it anyway.
Second, go ahead and precompile the site. You can actually still push out new versions, whenever there is a .cs file for a page that page gets recompiled. What gets tricky is the app_code files which get compiled into a single dll. However, if a change is made in there, you can upload the new dll and again everything should be fine.
To make things even easier, enable the "Used fixed naming and single page assemblies" option. This will ensure things have the same name on each compilation, so you just test and then replace the changed .dll files.
All of that said, you shouldn't be having an issue as is. The request goes to IIS, which just serves up the page and compiles as needed. If the code behind is different on each machine it really shouldn't matter, the code is the same and that machine will reference it's own code. The actual request/postback doesn't know or care about any of that. Everything I said above should help simplify things, but it should be working anyway... so it's probably a machinekey issue.
You could move whatever is in your app_code to an external class library if your QA dept can promote that entire library. I think you are stuck with sticky sessions if you can't find a convenient or tolerable way to switch to a pre-compiled site.
If it's a hardware load balancer, you shouldn't have an issue, because all that is known there is the request URL, in which the server would compile the requested page and serve it.
the only issue i can think of that you might have is with session and view state.
Its true the hardware load balancer could be set to sticky sessions to solve the issue, but in a perfect world, I would like the feature turned off.
It appears that the is only for ViewState encryption. It doesn't affect the file names for auto compiled assemblies.
I think asp.net model has quite a bit dependency for encryption and machine specific storage, so I am not sure if it works to avoid sticky IP for session.
I don't know about ASP.NET AJAX (I use MonoRail NJS approach instead), but session state could be an issue for you.
You have to make sure session states are serializable, and don't use InMemory session. You probably need to run ASP.NET Session State Server to make sure the whole frontend farm are using the same session storage. In such case session has to be perfectly serializable (thats why no object in session is preferred, you have to always use ID, and I bet MS stick on this limitation when they do AJAX library development)