By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,573 Members | 903 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,573 IT Pros & Developers. It's quick & easy.

Programmatically turn off custom errors for current request

P: n/a
Hello all,

The app we are working on uses custom errors extensively to provide
friendly error pages to users whilst logging the actual exceptions
behind the scenes.

However.... We are now having to integrate some Web services into the
application using the existing architecture. These Web services are
secured using Forms Authentication. Hence, we need to turn the default
behavior of Forms Authentication (redirects to login pages, etc) into
exceptions that can be handled by a non GUI client (ie. Web service
consumer).

Heres the problem....

In the AuthenticateRequest event, we check if a secure Web service is
being called. If so, we check for an authentication ticket in the Soap
header. If its not there, we throw a "MissingAuthenticationTicket"
custom exception. This gets wrapped in a SoapException and we want
this to get passed to the client.

However.... the custom error page gets called instead, redirecting the
client to Error.aspx and logging the exception on the server. This is
secure, but very hard to handle at the client.

Anyway, what I would like to be able to do is just before throwing the
MissingAuthenticationTicket exception, turn off custom errors for this
request only. Hence the exception would get passed to the client as
expected.

Is there anyway to achieve this?

Thanks in advance for any help,
Regards,
Matt
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Hi Matt:

Since no one has responded as yet I though I'd through out an idea I
had.

If you handle the Application_Error event in global.asax you might be
able to prevent the redirect with a call to ClearError. I have not
tried this, mind you, just an idea.

If you need to get "state" information from AuthenticateRequest to
Application_Error, you could use the Content.Items collection to hold
some sort of sentinal object.

HTH,

--
Scott
http://www.OdeToCode.com

On 30 Jun 2004 05:36:11 -0700, Ma********@BTInternet.com (Matt) wrote:
Hello all,

The app we are working on uses custom errors extensively to provide
friendly error pages to users whilst logging the actual exceptions
behind the scenes.

However.... We are now having to integrate some Web services into the
application using the existing architecture. These Web services are
secured using Forms Authentication. Hence, we need to turn the default
behavior of Forms Authentication (redirects to login pages, etc) into
exceptions that can be handled by a non GUI client (ie. Web service
consumer).

Heres the problem....

In the AuthenticateRequest event, we check if a secure Web service is
being called. If so, we check for an authentication ticket in the Soap
header. If its not there, we throw a "MissingAuthenticationTicket"
custom exception. This gets wrapped in a SoapException and we want
this to get passed to the client.

However.... the custom error page gets called instead, redirecting the
client to Error.aspx and logging the exception on the server. This is
secure, but very hard to handle at the client.

Anyway, what I would like to be able to do is just before throwing the
MissingAuthenticationTicket exception, turn off custom errors for this
request only. Hence the exception would get passed to the client as
expected.

Is there anyway to achieve this?

Thanks in advance for any help,
Regards,
Matt


Nov 18 '05 #2

P: n/a
Hi Scott,

Thanks for the suggestions. I have tried sticking some code in the
Application OnError handler to prevent the redirect.

What I did was check for a SoapException, and do a Repsonse.End if so.
This prevents the redirect and returns the exception.... However, as in
text/html format!!!

In desperation, I tried something along the lines you say about getting
the error to bubble using the context.items collection.

What I have done is... (and its a BIGGGGG hack!)..
If the authentication ticket is missing:
1) Set SkipAuthentication to true on the current context
2) Add "MissingAuthTicket" to context items collection
3) In the actual secured Web service (!), check for MissingAuthTicket in
the context, and throw the exception if it is!
The point is, the exception gets thrown properly in the Web service
without being redirected by the custom error handler.

Im not proud of this code ;)

Thanks again,
Kind regards,
Matt

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.