473,396 Members | 1,970 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > application_authenticaterequest

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Application_AuthenticateRequest

I have an HttpModule with the code show below in it.
It seems to work fine in development and in test. However on our production
server (which does get used a lot more) it seems that the
Application_AuthenticateRequest event doesn't fire after a while.

Other websites on the same server that use the same module/dll don't have
problems. Could something be happening to kill the event listeners and the
init not being restarted because of the locking code? Or an Ajax problem?

The websites use Forms Authentication.

#region Intialize
static object _initLock = new object();
static bool _initialized = false;

public virtual void Init(HttpApplication application)
{
if (!_initialized)
{
lock (_initLock)
{
if (!_initialized)
{
if (application == null) throw new
ArgumentNullException("application");
//this module is dependent on Exception handling
module because we log authorization exceptions
//exception handling module requires application
settings in web.config and checks for them

//Verify exception handling module is loaded
if (null ==
HttpContext.Current.ApplicationInstance.Modules.Ge t("ASPExceptionHandler"))
throw new Exception("The Forms Authentication
Module is dependent on the Exception Handling Module. Please add the module
to your web.config.");

//this will force read of the web.config; otherwise
no checking of whether section is even present until first use
Util.WebLogin.FormsAuthenticationConfiguration
ConfigInfo =
(Util.WebLogin.FormsAuthenticationConfiguration)Co nfigurationManager.GetSection("FormsAuthentication Configuration");

if (null == ConfigInfo)
throw new Exception("The Forms Authentication
Configuration section was not found in the web.config. Please add the section
to your web.config.");
m_ConfigInfo = ConfigInfo;

application.AuthenticateRequest += new
EventHandler(Application_AuthenticateRequest);
application.EndRequest += new
EventHandler(Application_EndRequest);

_initialized = true;
}
}
}
}
#endregion
void Application_AuthenticateRequest(object sender, EventArgs e)
{

if (HttpContext.Current.Request.IsAuthenticated)
{

FormsCookie.UserData UserData = new FormsCookie.UserData();

IpSpoofingCheck(UserData.RemoteAddress);

//token still good check
if (UserData.AuthenticationMode ==
WebLogin.HowAuthenticated.TOKEN && m_ConfigInfo.TokenCardVerifyEachRequest)
{
TokenCard.AuthResults results =
Util.WebLogin.TokenCard.LanlCookieValidate(m_Confi gInfo.TokenCardServerDnsName);
if (!results.Result)
{
FormsCookie.Kill();

HttpContext.Current.Response.Redirect(HttpContext. Current.Request.Url.ToString(), true);
}

}

//authentication mode use is allowed on this site
if
(!m_ConfigInfo.AuthenticationMethodsAllowed.Contai ns(UserData.AuthenticationMode.ToString().Split('_ ')[0]))
{
FormsCookie.Kill();

HttpContext.Current.Response.Redirect(HttpContext. Current.Request.Url.ToString(), true); //Application_EndRequest will append allowed methods
}
}
else //not authenticated
{
CheckForFullyQualifiedDomainName();
}

}

/// <summary>
/// If not a Fully Qualified Domain Name in Request, convert it
/// </summary>
/// <remarks>
/// if the user specifies hostname without the domain (i.e., company
not company.com, netbios resolution or network configuration appends domain)
/// cookie sharing across the domain will fail because the cookie
doman will be company not company.com
/// </remarks>
private void CheckForFullyQualifiedDomainName()
{
string requestURL = HttpContext.Current.Request.Url.AbsoluteUri;
if (!(HttpContext.Current.Request.Url.Host == "localhost") &&
!HttpContext.Current.Request.Url.Host.Contains("." ))
{
string strFullyQualifiedHostName =
System.Net.Dns.GetHostEntry(HttpContext.Current.Re quest.Url.Host).HostName;
System.Text.RegularExpressions.Match match;
Regex r = new Regex(@"^http(s)?://[-a-z0-9_.]*" +
HttpContext.Current.Request.Url.Host, RegexOptions.IgnoreCase);
match = r.Match(HttpContext.Current.Request.Url.ToString() );
int iMatchLength = match.Length;

requestURL = requestURL.Remove(0, iMatchLength);
requestURL =
match.ToString().Replace(HttpContext.Current.Reque st.Url.Host,
strFullyQualifiedHostName)
+ requestURL;

HttpContext.Current.Response.Redirect(requestURL,
true);//comeback and see me with fully qualified hostname.
}

}
Oct 18 '07 #1
3 9683
When the application.EndRequest stops firing. The other websites continue to
work.
All the applications share the same application pool. If I recycle the
pool, it works again for a little while.
Oct 18 '07 #2
Hi Chuck,

First, I'm not sure if you've already known this or not: there might be
multiple instances of an Http Module in a web application. One
HttpApplication instance will only have one instance of each configured
Http Module, but there might be mulitple HttpApplication instances since
each request will need an instance. These instances will be reused by
different requests.

#INFO: Application Instances, Application Events, and Application State in
ASP.NET
http://support.microsoft.com/kb/312607
In your code, note the static variable is shared among the entire AppDomain
(the web application). Therefore second and other instances of
HttpApplication will initialize a new instance of your Http Module without
hooking up the AuthenticateRequest event.

It appears to me that you're using the static variables to make sure the
Init is only called once, actually you don't need this. In an
HttpApplication instance, it's guranteed the Http Module will only be
initialized once.

Hope this helps.

Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Oct 19 '07 #3
Walter,

Thanks,
I didn't realize that multiple Modules instances could be present.

I changed my code as shown below.
I believe the !_initialized section will simulate the application_start
event, so those things only will get run once.

In a different module I put the following within the !_initialized section:
AppDomain.CurrentDomain.UnhandledException += new
UnhandledExceptionEventHandler(OnUhe);

I guess this even hooks into AppDomain so it needs to be in !_initialized
section.


public virtual void Init(HttpApplication application)
{

application.AuthenticateRequest += new
EventHandler(Application_AuthenticateRequest);
application.EndRequest += new
EventHandler(Application_EndRequest);

// HttpModules can get reused and their can be multiple modules
active.
// The above events need to get called every init, the below
just once per Application Start
if (!_initialized)
{
lock (_initLock)
{
if (!_initialized)
{
if (application == null) throw new
ArgumentNullException("application");

//Verify exception handling module is loaded
if (null ==
HttpContext.Current.ApplicationInstance.Modules.Ge t("ASPExceptionHandler"))
throw new Exception("The Forms Authentication
Module is dependent on the Exception Handling Module. Please add the module
to your web.config.");

//this will force read of the web.config; otherwise
no checking of whether section is even present until first use
Util.WebLogin.FormsAuthenticationConfiguration
ConfigInfo =
(Util.WebLogin.FormsAuthenticationConfiguration)Co nfigurationManager.GetSection("FormsAuthentication Configuration");

if (null == ConfigInfo)
throw new Exception("The Forms Authentication
Configuration section was not found in the web.config. Please add the section
to your web.config.");

m_ConfigInfo = ConfigInfo;

_initialized = true;
}
}
}
}
Oct 19 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Application_AuthenticateRequest not triggered
by: Daniel Brown | last post by:
I am using forms based authentication and this is working fine at user level. I have put code in the global.asax file to get the roles from the database however it seems that this code is not being...
.NET Framework
0
Form-based security and Application_AuthenticateRequest - help?!
by: Mike Kingscott | last post by:
Hi there, Getting into ASP.Net finally, looks good but I'm having a bit of trouble here. I'm protecting my web site via form-based security (I won't go into the ins and outs, suffice to say it's...
ASP.NET
0
Application_AuthenticateRequest
by: Nugs | last post by:
Hey there again, Well I am still having this problem with my forms authentication. My previous post describes my problem. But I have another question and thought I would post a new topic for it....
ASP.NET
1
Forms Authentication - Not timing out, not redirecting.
by: AVance | last post by:
Hi, I've come across this scenario in ASP.NET 1.1 with forms authentication where the forms auth doesn't seem to timeout correctly, nor redirect to the login page. I have done some testing, and...
ASP.NET
4
Application_AuthenticateRequest cannot read Session variable
by: danman226 | last post by:
I will be using a companyname, user name, and password to authenicate users in my system. I am trying to save the company name in the session for later use. I cannot access the Session object in...
ASP.NET
0
Application_AuthenticateRequest Problem
by: Alessio Brizi | last post by:
Hi to all, I have a problem with the method Application_AuthenticateRequest in the global.asax file. I developed a web application with an url rewriting module, with a private area. In the...
ASP.NET
1
When does Application_AuthenticateRequest fires?
by: the friendly display name | last post by:
I am using .net 1.1 In the global.asax.cs file, there is this entry: protected void Application_AuthenticateRequest(Object sender, EventArgs e) as far as I know, it is wired with the ...
ASP.NET
1
Why do we need more code in Application_AuthenticateRequest()?
by: Andrew | last post by:
Hello, friends, I am implementing a role based authentication (Forms authentication) for our web app using .net 1.1. I read the paper:...
ASP.NET
0
Custom IPrincipal // Hacking the Application_AuthenticateRequest method // Something better in 2.0?
by: sloan | last post by:
I've been reading this article: http://msdn2.microsoft.com/EN-US/library/aa302401.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication (the...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!