I am working on a Log4Net configuration that will log all unhandled exceptions. I need certain properties, based on user, to be added to each log entry. I have set this up successfully in the following manner in my Application_Error event. Here is my complete global.asax
Imports log4net
Imports log4net.Config
Public Class Global_asax
Inherits System.Web.HttpApplication
'Define a static logger variable
Private Shared log As ILog = LogManager.GetLogger(GetType(Global_asax))
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the application is started
ConfigureLogging()
End Sub
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs when an unhandled error occurs
Dim ex As Exception = Server.GetLastError()
ThreadContext.Properties("user") = User.Identity.Name
ThreadContext.Properties("appbrowser") = String.Concat(Request.Browser.Browser, " ", Request.Browser.Version)
If TypeOf ex Is HttpUnhandledException AndAlso ex.InnerException IsNot Nothing Then
ex = ex.InnerException
End If
log.Error(ex)
ThreadContext.Properties.Clear()
End Sub
Private Sub ConfigureLogging()
Dim logFile As String = Server.MapPath("~/Log4Net.config")
log4net.Config.XmlConfigurator.ConfigureAndWatch(New System.IO.FileInfo(logFile))
log4net.GlobalContext.Properties("appname") = System.Reflection.Assembly.GetExecutingAssembly.GetName.Name
End Sub
End Class
This appears to be working fine. However, I have some questions that I am unable to answer.
Is the way that I am adding the user specific properties, via the threadcontext, correct? Will this always log the correct information, even under load? When would you use threadlogicalcontext? Is there a better way to do this?
Thanks
It is not safe to load request-specific values into ThreadContext like that. The reason is that ASP.NET shared threads to service requests. It does this quite often, in fact.
You could instead use LogicalThreadContext, however that simply stores the values in Call Context, which is used for Remoting.
AFAIK there is no HttpContext specific context storage, so what you can do is instead assign a "value provider" instance as your thread context, and at runtime it will call .ToString() on this class to get the value.
public class HttpContextUserProvider
{
public override string ToString()
{
return HttpContext.Current.User.Identity.Name;
}
}
It's less than ideal, but it works.
Ben's answer is right on.
However, like some of the other users, I was still a bit lost on how to proceed. This log4net Context problems with ASP.Net thread agility post and especially this Marek Stój's Blog - log4net Contextual Properties and ASP.NET one give some more context for the problem with some excellent code examples.
I highly recommend Marek Stój's implementation, although the ThreadContext.Properties["UserName"] needed to be replaced with ThreadContext.Properties["User"] in my case.
I added a BeginRequest method to my Logger class which I call from Application_AuthenticateRequest which loads all the relevant log4net properties.
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
Logger.BeginRequest(Request);
}
And the method code:
public static void BeginRequest(System.Web.HttpRequest request)
{
if (request == null) return;
ThreadContext.Properties["ip_address"] = AdaptivePropertyProvider.Create("ip_address", IPNetworking.GetMachineNameAndIP4Address());
ThreadContext.Properties["rawUrl"] = AdaptivePropertyProvider.Create("rawUrl", request.RawUrl);
if (request.Browser != null && request.Browser.Capabilities != null)
ThreadContext.Properties["browser"] = AdaptivePropertyProvider.Create("browser", request.Browser.Capabilities[""].ToString());
if (request.IsAuthenticated && HttpContext.Current.User != null)
ThreadContext.Properties["User"] = AdaptivePropertyProvider.Create("user", HttpContext.Current.User.Identity.Name);
}
I found I had to pass in the Request object instead of using HttpContext.Current.Request within the method. Otherwise I would loose the user and authentication information. Note that the IPNetworking class is my own so you will need to provide your own method of obtaining the client IP. The AdaptivePropertyProvider class is directly from Marek Stój.
Related
I have a VB.NET website project. In one of the pages, during a button click, it is supposed to load a telerik RadGrid with data. It works fine on my local machine. However when I deploy it to pre-production on a server, it throws the following error.
The type initializer for 'Utility' threw an exception
Utility is a Static class and while calling any members of the static class (either public static functions or public static variables) I was receiving this error.
Here is the code snippet:
Partial Class Session
Inherits System.Web.UI.Page
Protected Sub RadGrid1_ItemDataBound(sender As Object, e As Telerik.Web.UI.GridItemEventArgs) Handles RadGrid1.ItemDataBound
If TypeOf e.Item Is GridDataItem Then
Dim testString As String = String.Empty
Dim encryptString As String = String.Empty
Try
encryptString = Utility.EncryptString(cellValue.ToString())
testString = Utility.test
Catch ex As Exception
Logger.getInstance().log("Value1" & cellValue.ToString() & "Value2" & testString)
Finally
End Try
End If
End Sub
End Class
In my Utility.vb, this is what I have:
Public Class Utility
Public Shared test As String = "hello"
Public Shared Function EncryptString(ByVal strEncrypted As String) As String
Try
Dim b As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(strEncrypted)
Dim encryptedConnectionString As String = Convert.ToBase64String(b)
Return encryptedConnectionString
Catch ex As Exception
Logger.getInstance().log("Error occurred in Utility.vb while executing EncryptString method. \nSOURCE: " & ex.Source.ToString() & "\nMESSAGE: " & ex.Message.ToString() & "\nTARGETSITE: " & ex.TargetSite.ToString() & "\nSTACKTRACE: " & ex.StackTrace.ToString())
Logger.getInstance().log("\nstrEncrypted: " & strEncrypted)
Finally
End Try
End Function
End Class
From my logging statements, I realized that the error is happening right when I call the Utility class because none of the logging statements I added into the EncryptString() function are being shown in my logs.
I tried commenting out the code for EncryptString() function and added just a public static string variable called test in my Utility class, and tried accessing it from my code from Session.aspx.vb. That string value was not being returned as well.
By the way, all of my code is in the same website project. The error is driving me crazy for past 2 days. Like I mentioned, it works fine on my local machine, but fails only on the pre-prod server. The code was written using an older framework (3.5 I believe) and then we upgraded to 4.6.2 and migrating to new servers. We are facing this issue during the migration process on the new server.
OK, so I figured out the issue. At the beginning of the Utility.vb class there were some unsupported cryptographic algorithm variable declarations.
Private Shared DES As New TripleDESCryptoServiceProvider
Private Shared MD5 As New MD5CryptoServiceProvider
FIPS compliance is turned on, on the server and we already knew these algorithms were non-compliant with the latest .net frameworks. But I didn't realize even just these declarations would throw a misleading error, when they were not really being used in my function calls.
When I commented out those parts of the code, it started working fine.
Check the InnerException property of the exception. Any time a class initializer fails the original exception should be set as the InnerException property of the unhandled exception.
If you want a truly static class, you need to make it a module, in VB.Net.
I've a ASP.NET API Version 2.0 with VB.Net in back end where I'm trying to initialize Automapper in Global.asax file. Here, I'm using Auto Mapper version 5.2. I can initialize using the C# code but I am not so sure about the VB.Net. After googling I've found something and here is what I'm trying now:
Module AutoMapperConfiguration
Public MapperConfiguration As IMapper
Public Sub Configure()
Dim config = New MapperConfiguration(//in this line I'm getting an error:
Overload resolution failed because no accessible 'New' can be called with these arguments: 'Public Overloads Sub New(configurationExpression As MapperConfigurationExpression)': Lambda expression cannot be converted to 'MapperConfigurationExpression' because 'MapperConfigurationExpression' is not a delegate type.
Sub(cfg)
cfg.AddProfile(New EntityMapProfile())
End Sub)
MapperConfiguration = config.CreateMapper()
End Sub
End Module
Then I've called this module from the Application_Start()
AutoMapperConfiguration.Configure()
But last time I've done this using C# with the following line of code in the global.asax file
Mapper.Initialize(x =>
{
x.AddProfile<EntityMapProfile>();
});
Under Application_Start() which worked nicely but now even if I convert those above lines of code then still I'm facing issues. I would appreciate your help or suggestion on the above.
For whatever reason VB.NET is not using the correct constructor when you inline the Sub for the Action.
Module AutoMapperConfiguration
Public MapperConfiguration As IMapper
Public Sub Configure()
Dim configAction As Action(Of IMapperConfigurationExpression) = Sub(cfg) cfg.AddProfile(Of EntityMapProfile)()
Dim config = New MapperConfiguration(configAction)
MapperConfiguration = config
End Sub
End Module
The above will force your lambda to the correct type of Action(Of IMapperConfigurationExpression) and thereby force VB.NET to use the correct constructor overload.
Can I check if my exception handler code (registered in Application_Error) is running inside of Application_Start? Tn an ASP.NET app in IIS 7 integrated mode there's RequestContext inside the Application_Start method (see this answer). Right now I'm using a Try ... Catch block to deal with this situation, but if there's a way to check before calling Context.Request it would be nice (Try ... Catch is expensive).
Public Sub Application_Error()
Dim pageName As String
Try
pageName = HttpContext.Current.Request.Path
Catch(ex As Exception)
pageName = "Inside Application_Start, no page name"
End Try
'exception logging co
End Sub
I have an ASP.NET site that uses a third-party reporting component. This component is misbehaving by throwing a NullReferenceException whenever the client browser is not specifying a User-Agent in the request headers.
It's basically an odd scenario that I'm just trying to come up with a workaround for. I do not know who/what client is not specifying a User-Agent, which seems like bad form IMO, but we have to deal with the exceptions it is generating. I have logged a support ticket with the third-party regarding the bug in their reporting component, but I have my doubts about how fruitful that route is going to be. So my thought was just to detect when the User-Agent is blank and default it to something just to appease the reporting component. However, I can't seem to change anything in the Request.Headers collection. I get the following exception:
Operation is not supported on this platform.
I'm starting to believe I'm not going to be able to do this. I understand why ASP.NET wouldn't allow this, but I haven't come up with any other workaround.
Update: At penfold's suggestion, I tried to add the User-Agent to the Request.Headers collection using an HttpModule. This got it added to the Headers collection, but did nothing to update the Request.UserAgent property, which is what is causing the reporting component to fail. I've been looking through .NET Reflector to determine how that property is set so that I can update it, but I haven't come up with anything yet (there isn't just a private field that drives the property that I can find).
Recently I also facing similar problem same as you. I overcome the problem
of Request.UserAgent by using a mock HttpWorkerRequest.
(Assuming you already solve the agent string in Request.Headers with custom HttpModule)
Here is the sample code:
Friend Class MockedRequestWorker
Inherits HttpWorkerRequest
Private ReadOnly _BaseHttpWorkerRequest As HttpWorkerRequest
Private ReadOnly _UserAgent As String
Friend Sub New(ByVal base As HttpWorkerRequest,
ByVal UserAgent As String)
_BaseHttpWorkerRequest = base
_UserAgent = UserAgent
End Sub
Public Overrides Sub EndOfRequest()
_BaseHttpWorkerRequest.EndOfRequest()
End Sub
Public Overrides Sub FlushResponse(ByVal finalFlush As Boolean)
_BaseHttpWorkerRequest.FlushResponse(finalFlush)
End Sub
'Note: remember to override all other virtual functions by direct invoke functions
'from _BaseHttpWorkerRequest, except the following function
Public Overrides Function GetKnownRequestHeader(ByVal index As Integer) As String
'if user is requesting the user agent value, we return the
'override user agent string
If index = HttpWorkerRequest.HeaderUserAgent Then
Return _UserAgent
End If
Return _BaseHttpWorkerRequest.GetKnownRequestHeader(index)
End Function
End Class
then, in your custom HttpApplication.BeginRequest handler, do this
Private Sub BeginRequestHandler(ByVal sender As Object, ByVal e As EventArgs)
Dim request As HttpRequest = HttpRequest.Current.Request
Dim HttpRequest_wrField As FieldInfo = GetType(HttpRequest).GetField("_wr", BindingFlags.Instance Or BindingFlags.NonPublic)
Dim ua As String = "your agent string here"
Dim _wr As HttpWorkerRequest = HttpRequest_wrField.GetValue(request)
Dim mock As New MockedRequestWorker(_wr, ua)
'Replace the internal field with our mocked instance
HttpRequest_wrField.SetValue(request, mock)
End Sub
Note: this method still does not replace the user agent value in ServerVariables, but it should able to solve what you need(and my problem too)
Hope this help :)
protected void Application_BeginRequest(Object sender, EventArgs e) {
const string ua = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
Request.Headers["User-Agent"] = ua;
var httpWorkerRequestField = Request.GetType().GetField("_wr", BindingFlags.Instance | BindingFlags.NonPublic);
if (httpWorkerRequestField != null) {
var httpWorkerRequest = httpWorkerRequestField.GetValue(Request);
var knownRequestHeadersField = httpWorkerRequest.GetType().GetField("_knownRequestHeaders", BindingFlags.Instance | BindingFlags.NonPublic);
if (knownRequestHeadersField != null) {
string[] knownRequestHeaders = (string[])knownRequestHeadersField.GetValue(httpWorkerRequest);
knownRequestHeaders[39] = ua;
}
}
}
I think the best way of handling this is to use a http module that will check the header and inject the user agent if necessary.
As you have found out you cannot use the set method on the Headers object. Instead you will have to inject the user agent string into the header via protected properties that can be accessed through reflection as outlined in the answer to this question.
UPDATE
Unfortunately Request.UserAgent doesn't use the information held in Request.Headers, instead it calls the method GetKnownRequestHeader in HttpWorkerRequest. This is an abstract class and from looking at the decompiled library code the actual implementation varies depending on the hosting environment. Therefore I cannot see a way to replace the user agent string in a reliable manner via reflection. You could roll your own WorkerRequest class but for the amount of effort I don't think the payoff would be worth it.
Sorry to be negative but I think its just not possible to set the user agent within the web application in a simple manner. Your best option at the moment would be to perform a pre-check for a user agent, and if the request doesn't have one return a browser not supported error message.
You could also investigate injecting something earlier on, i.e. in IIS or at your proxy server if you use one.
Also I would recommend that this issue is reported to SAP. I know they are actively working on the Viewer at the moment and who knows they might fix it and maybe even add support for Opera!
I have the following steps in my webpage
1) User Logs in and I set the following session variables
Session("userName") = reader_login("useremail").ToString()
Session("userId") = reader_login("user_ID").ToString()
Session("firstName") = reader_login("firstName").ToString()
2) Now on my logged in VB.NET templates I reference a MasterPage called LoggedIn.Master. In Which I added the following method to check for the above null session variables. And if they null to redirect back to login page.
Protected Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init
'#Check that User is Logged in, if not redirect to login page
If (Session("userId") Is Nothing) Or (Session("userName") Is Nothing) Or (Session("firstName") Is Nothing) Then
Response.Redirect(ConfigurationManager.AppSettings("site_base_url").ToString & "login/", False)
End If
3) Now my question is if I want to use any above 3 Session variables in different .net templates or usercontrols referencing the above master page do i need to AGAIN add the check
If (Session("userId") Is Nothing) Or (Session("userName") Is Nothing) Or (Session("firstName") Is Nothing) Then
Response.Redirect(ConfigurationManager.AppSettings("site_base_url").ToString & "login/", False)
End If
In the respective pages or will the check in master page do. Because at the moment i.e. if in a usercontrol I attempt to do i.e.
customerName.Text = Session("userName").ToString()
or
Response.Write(Session("userName").ToString())
I am getting the error
Object reference not set to an instance of an object.
customerName.Text = Session("userName").ToString()
You can write a wrapper around the Session to handle null values and just call the wrapper when you access the items:
Public Class SessionWrapper
Public Shared ReadOnly Property Item()
'Access session here and check for nothing
End Property
End Class
And use it like this
SessionWrapper.Item("itemName")
In answer to your question - as long as the masterpage checks the session and redirects before all your controls and page code make a reference to Session, you should be fine.
You were using OnInit() which seems reasonable, but see this article for a good understanding of the timing of events.
Incidentally, I strongly discourage the use of ad-hoc calls to Session in your page and control code. Instead, I recommend you create a static SessionManager class that does the Session referencing for you. That way, you get to benefit from strong typing, and won't be able to accidentally make hard-to-debug 'session key' typos in your code like Session["FiirstName"]. Also, you can incorporate your null-session check right into the call for the session value:
EXAMPLE (in C#, sorry!)
public static class SessionManager
{
private static void EnsureUserId()
{
if (Session["userId"] == null)
{
Response.Redirect("YourLogin.aspx", false);
}
}
public static string FirstName
{
get
{
EnsureUserId();
if (Session["firstName"] == null)
Session["firstName"] = "";
return (string)Session["firstName"];
}
set
{
Session["firstName"] = value;
}
}
}
You can create an http module that asks about the session objects and if they are null, it will redirect to the login page and by developing this http module, in each page request the module will do the check and then you can use it normally without checking.
A better way to handle this would be to add a base class for all controls that require this session variables to be present. You can then add properties to wrap access to the session and other cool stuff and the check will work even if the controls are used with a different master page.