I have an HttpModule with the code show below in it.
It seems to work fine in development and in test. However on our production
server (which does get used a lot more) it seems that the
Application_Aut henticateReques t event doesn't fire after a while.
Other websites on the same server that use the same module/dll don't have
problems. Could something be happening to kill the event listeners and the
init not being restarted because of the locking code? Or an Ajax problem?
The websites use Forms Authentication.
#region Intialize
static object _initLock = new object();
static bool _initialized = false;
public virtual void Init(HttpApplic ation application)
{
if (!_initialized)
{
lock (_initLock)
{
if (!_initialized)
{
if (application == null) throw new
ArgumentNullExc eption("applica tion");
//this module is dependent on Exception handling
module because we log authorization exceptions
//exception handling module requires application
settings in web.config and checks for them
//Verify exception handling module is loaded
if (null ==
HttpContext.Cur rent.Applicatio nInstance.Modul es.Get("ASPExce ptionHandler"))
throw new Exception("The Forms Authentication
Module is dependent on the Exception Handling Module. Please add the module
to your web.config.");
//this will force read of the web.config; otherwise
no checking of whether section is even present until first use
Util.WebLogin.F ormsAuthenticat ionConfiguratio n
ConfigInfo =
(Util.WebLogin. FormsAuthentica tionConfigurati on)Configuratio nManager.GetSec tion("FormsAuth enticationConfi guration");
if (null == ConfigInfo)
throw new Exception("The Forms Authentication
Configuration section was not found in the web.config. Please add the section
to your web.config.");
m_ConfigInfo = ConfigInfo;
application.Aut henticateReques t += new
EventHandler(Ap plication_Authe nticateRequest) ;
application.End Request += new
EventHandler(Ap plication_EndRe quest);
_initialized = true;
}
}
}
}
#endregion
void Application_Aut henticateReques t(object sender, EventArgs e)
{
if (HttpContext.Cu rrent.Request.I sAuthenticated)
{
FormsCookie.Use rData UserData = new FormsCookie.Use rData();
IpSpoofingCheck (UserData.Remot eAddress);
//token still good check
if (UserData.Authe nticationMode ==
WebLogin.HowAut henticated.TOKE N && m_ConfigInfo.To kenCardVerifyEa chRequest)
{
TokenCard.AuthR esults results =
Util.WebLogin.T okenCard.LanlCo okieValidate(m_ ConfigInfo.Toke nCardServerDnsN ame);
if (!results.Resul t)
{
FormsCookie.Kil l();
HttpContext.Cur rent.Response.R edirect(HttpCon text.Current.Re quest.Url.ToStr ing(), true);
}
}
//authentication mode use is allowed on this site
if
(!m_ConfigInfo. AuthenticationM ethodsAllowed.C ontains(UserDat a.Authenticatio nMode.ToString( ).Split('_')[0]))
{
FormsCookie.Kil l();
HttpContext.Cur rent.Response.R edirect(HttpCon text.Current.Re quest.Url.ToStr ing(), true); //Application_End Request will append allowed methods
}
}
else //not authenticated
{
CheckForFullyQu alifiedDomainNa me();
}
}
/// <summary>
/// If not a Fully Qualified Domain Name in Request, convert it
/// </summary>
/// <remarks>
/// if the user specifies hostname without the domain (i.e., company
not company.com, netbios resolution or network configuration appends domain)
/// cookie sharing across the domain will fail because the cookie
doman will be company not company.com
/// </remarks>
private void CheckForFullyQu alifiedDomainNa me()
{
string requestURL = HttpContext.Cur rent.Request.Ur l.AbsoluteUri;
if (!(HttpContext. Current.Request .Url.Host == "localhost" ) &&
!HttpContext.Cu rrent.Request.U rl.Host.Contain s("."))
{
string strFullyQualifi edHostName =
System.Net.Dns. GetHostEntry(Ht tpContext.Curre nt.Request.Url. Host).HostName;
System.Text.Reg ularExpressions .Match match;
Regex r = new Regex(@"^http(s )?://[-a-z0-9_.]*" +
HttpContext.Cur rent.Request.Ur l.Host, RegexOptions.Ig noreCase);
match = r.Match(HttpCon text.Current.Re quest.Url.ToStr ing());
int iMatchLength = match.Length;
requestURL = requestURL.Remo ve(0, iMatchLength);
requestURL =
match.ToString( ).Replace(HttpC ontext.Current. Request.Url.Hos t,
strFullyQualifi edHostName)
+ requestURL;
HttpContext.Cur rent.Response.R edirect(request URL,
true);//comeback and see me with fully qualified hostname.
}
}