Application_Aut henticateReques t

=?Utf-8?B?Q2h1Y2sgUA==?=

I have an HttpModule with the code show below in it.
It seems to work fine in development and in test. However on our production
server (which does get used a lot more) it seems that the
Application_Aut henticateReques t event doesn't fire after a while.

Other websites on the same server that use the same module/dll don't have
problems. Could something be happening to kill the event listeners and the
init not being restarted because of the locking code? Or an Ajax problem?

The websites use Forms Authentication.

#region Intialize
static object _initLock = new object();
static bool _initialized = false;

public virtual void Init(HttpApplic ation application)
{
if (!_initialized)
{
lock (_initLock)
{
if (!_initialized)
{
if (application == null) throw new
ArgumentNullExc eption("applica tion");
//this module is dependent on Exception handling
module because we log authorization exceptions
//exception handling module requires application
settings in web.config and checks for them

//Verify exception handling module is loaded
if (null ==
HttpContext.Cur rent.Applicatio nInstance.Modul es.Get("ASPExce ptionHandler"))
throw new Exception("The Forms Authentication
Module is dependent on the Exception Handling Module. Please add the module
to your web.config.");

//this will force read of the web.config; otherwise
no checking of whether section is even present until first use
Util.WebLogin.F ormsAuthenticat ionConfiguratio n
ConfigInfo =
(Util.WebLogin. FormsAuthentica tionConfigurati on)Configuratio nManager.GetSec tion("FormsAuth enticationConfi guration");

if (null == ConfigInfo)
throw new Exception("The Forms Authentication
Configuration section was not found in the web.config. Please add the section
to your web.config.");
m_ConfigInfo = ConfigInfo;

application.Aut henticateReques t += new
EventHandler(Ap plication_Authe nticateRequest) ;
application.End Request += new
EventHandler(Ap plication_EndRe quest);

_initialized = true;
}
}
}
}
#endregion
void Application_Aut henticateReques t(object sender, EventArgs e)
{

if (HttpContext.Cu rrent.Request.I sAuthenticated)
{

FormsCookie.Use rData UserData = new FormsCookie.Use rData();

IpSpoofingCheck (UserData.Remot eAddress);

//token still good check
if (UserData.Authe nticationMode ==
WebLogin.HowAut henticated.TOKE N && m_ConfigInfo.To kenCardVerifyEa chRequest)
{
TokenCard.AuthR esults results =
Util.WebLogin.T okenCard.LanlCo okieValidate(m_ ConfigInfo.Toke nCardServerDnsN ame);
if (!results.Resul t)
{
FormsCookie.Kil l();

HttpContext.Cur rent.Response.R edirect(HttpCon text.Current.Re quest.Url.ToStr ing(), true);
}

}

//authentication mode use is allowed on this site
if
(!m_ConfigInfo. AuthenticationM ethodsAllowed.C ontains(UserDat a.Authenticatio nMode.ToString( ).Split('_')[0]))
{
FormsCookie.Kil l();

HttpContext.Cur rent.Response.R edirect(HttpCon text.Current.Re quest.Url.ToStr ing(), true); //Application_End Request will append allowed methods
}
}
else //not authenticated
{
CheckForFullyQu alifiedDomainNa me();
}

}

/// <summary>
/// If not a Fully Qualified Domain Name in Request, convert it
/// </summary>
/// <remarks>
/// if the user specifies hostname without the domain (i.e., company
not company.com, netbios resolution or network configuration appends domain)
/// cookie sharing across the domain will fail because the cookie
doman will be company not company.com
/// </remarks>
private void CheckForFullyQu alifiedDomainNa me()
{
string requestURL = HttpContext.Cur rent.Request.Ur l.AbsoluteUri;
if (!(HttpContext. Current.Request .Url.Host == "localhost" ) &&
!HttpContext.Cu rrent.Request.U rl.Host.Contain s("."))
{
string strFullyQualifi edHostName =
System.Net.Dns. GetHostEntry(Ht tpContext.Curre nt.Request.Url. Host).HostName;
System.Text.Reg ularExpressions .Match match;
Regex r = new Regex(@"^http(s )?://[-a-z0-9_.]*" +
HttpContext.Cur rent.Request.Ur l.Host, RegexOptions.Ig noreCase);
match = r.Match(HttpCon text.Current.Re quest.Url.ToStr ing());
int iMatchLength = match.Length;

requestURL = requestURL.Remo ve(0, iMatchLength);
requestURL =
match.ToString( ).Replace(HttpC ontext.Current. Request.Url.Hos t,
strFullyQualifi edHostName)
+ requestURL;

HttpContext.Cur rent.Response.R edirect(request URL,
true);//comeback and see me with fully qualified hostname.
}

}

Oct 18 '07 #1

Subscribe Reply

9730

=?Utf-8?B?Q2h1Y2sgUA==?=

When the application.End Request stops firing. The other websites continue to
work.
All the applications share the same application pool. If I recycle the
pool, it works again for a little while.

Oct 18 '07 #2

Walter Wang [MSFT]

Hi Chuck,

First, I'm not sure if you've already known this or not: there might be
multiple instances of an Http Module in a web application. One
HttpApplication instance will only have one instance of each configured
Http Module, but there might be mulitple HttpApplication instances since
each request will need an instance. These instances will be reused by
different requests.

#INFO: Application Instances, Application Events, and Application State in
ASP.NET
http://support.microsoft.com/kb/312607
In your code, note the static variable is shared among the entire AppDomain
(the web application). Therefore second and other instances of
HttpApplication will initialize a new instance of your Http Module without
hooking up the AuthenticateReq uest event.

It appears to me that you're using the static variables to make sure the
Init is only called once, actually you don't need this. In an
HttpApplication instance, it's guranteed the Http Module will only be
initialized once.

Hope this helps.

Regards,
Walter Wang (wa****@online. microsoft.com, remove 'online.')
Microsoft Online Community Support

=============== =============== =============== =====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=============== =============== =============== =====

This posting is provided "AS IS" with no warranties, and confers no rights.

Oct 19 '07 #3

=?Utf-8?B?Q2h1Y2sgUA==?=

Walter,

Thanks,
I didn't realize that multiple Modules instances could be present.

I changed my code as shown below.
I believe the !_initialized section will simulate the application_sta rt
event, so those things only will get run once.

In a different module I put the following within the !_initialized section:
AppDomain.Curre ntDomain.Unhand ledException += new
UnhandledExcept ionEventHandler (OnUhe);

I guess this even hooks into AppDomain so it needs to be in !_initialized
section.

public virtual void Init(HttpApplic ation application)
{

application.Aut henticateReques t += new
EventHandler(Ap plication_Authe nticateRequest) ;
application.End Request += new
EventHandler(Ap plication_EndRe quest);

// HttpModules can get reused and their can be multiple modules
active.
// The above events need to get called every init, the below
just once per Application Start
if (!_initialized)
{
lock (_initLock)
{
if (!_initialized)
{
if (application == null) throw new
ArgumentNullExc eption("applica tion");

//Verify exception handling module is loaded
if (null ==
HttpContext.Cur rent.Applicatio nInstance.Modul es.Get("ASPExce ptionHandler"))
throw new Exception("The Forms Authentication
Module is dependent on the Exception Handling Module. Please add the module
to your web.config.");

//this will force read of the web.config; otherwise
no checking of whether section is even present until first use
Util.WebLogin.F ormsAuthenticat ionConfiguratio n
ConfigInfo =
(Util.WebLogin. FormsAuthentica tionConfigurati on)Configuratio nManager.GetSec tion("FormsAuth enticationConfi guration");

if (null == ConfigInfo)
throw new Exception("The Forms Authentication
Configuration section was not found in the web.config. Please add the section
to your web.config.");

m_ConfigInfo = ConfigInfo;

_initialized = true;
}
}
}
}

Oct 19 '07 #4

Similar topics

1379

Application_AuthenticateRequest not triggered

by: Daniel Brown | last post by:

I am using forms based authentication and this is working fine at user level. I have put code in the global.asax file to get the roles from the database however it seems that this code is not being called once the login button is pressed so therefore no roles are assigned to the currently logged on user.

.NET Framework

3531

Form-based security and Application_AuthenticateRequest - help?!

by: Mike Kingscott | last post by:

Hi there, Getting into ASP.Net finally, looks good but I'm having a bit of trouble here. I'm protecting my web site via form-based security (I won't go into the ins and outs, suffice to say it's all in one web.config file and not amazing). Basically, I'm holding a list of roles in a database for each user. Once the user has got past the login form, the Application_AuthenticateRequest fires. In there, I'm doing a database lookup on the...

ASP.NET

272

Application_AuthenticateRequest

by: Nugs | last post by:

Hey there again, Well I am still having this problem with my forms authentication. My previous post describes my problem. But I have another question and thought I would post a new topic for it. In my last post I mentioned the following note: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h tml/SecNetch13.asp]

ASP.NET

2187

Forms Authentication - Not timing out, not redirecting.

by: AVance | last post by:

Hi, I've come across this scenario in ASP.NET 1.1 with forms authentication where the forms auth doesn't seem to timeout correctly, nor redirect to the login page. I have done some testing, and I believe I've found a solution, but I would like some insight from Microsoft on whether the code I've implemented is correct, and why it is even working. Here is my scenario:

ASP.NET

3992

Application_AuthenticateRequest cannot read Session variable

by: danman226 | last post by:

I will be using a companyname, user name, and password to authenicate users in my system. I am trying to save the company name in the session for later use. I cannot access the Session object in the Application_AuthenticateRequest function. I need the companyname to lookup the users group to build the GenericPrincipal for the user. My code is below. Login Page: int c = SiteSecurity.DBAuthenticate(txtCompanyName.Text, txtUsername.Text,...

ASP.NET

1053

Application_AuthenticateRequest Problem

by: Alessio Brizi | last post by:

Hi to all, I have a problem with the method Application_AuthenticateRequest in the global.asax file. I developed a web application with an url rewriting module, with a private area. In the web.config I set up the authentication mode to forms and I have no authorization tags cause the url rewriting module is responsible to check if the user has requested a private page. When a user requests a private page the...

ASP.NET

5121

When does Application_AuthenticateRequest fires?

by: the friendly display name | last post by:

I am using .net 1.1 In the global.asax.cs file, there is this entry: protected void Application_AuthenticateRequest(Object sender, EventArgs e) as far as I know, it is wired with the FormsAuthentication_OnAuthenticate event.

ASP.NET

1998

Why do we need more code in Application_AuthenticateRequest()?

by: Andrew | last post by:

Hello, friends, I am implementing a role based authentication (Forms authentication) for our web app using .net 1.1. I read the paper: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp However, what I could not understand was: After adding a new cookie with user's roles, string encryptedTicket = FormsAuthentication.Encrypt(authTicketWithRoleInfo);

ASP.NET

1844

Custom IPrincipal // Hacking the Application_AuthenticateRequest method // Something better in 2.0?

by: sloan | last post by:

I've been reading this article: http://msdn2.microsoft.com/EN-US/library/aa302401.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication (the article is for 1.1) (i'm using 2.0) The article is good. Then you get to the part about:::::::::::::

ASP.NET

8428

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8335

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8851

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8747

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8627

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7356

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

4175

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4335

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1737

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General