Solved

Using a marker with a httpmodule to check for a session variable prior to page_load

Posted on 2006-07-19
8
518 Views
Last Modified: 2009-07-29
This is a follow-on question from http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/ASP_DOT_NET/Q_21916656.html

I have a httpmodule that checks for a session value before each page loads.  If the session value is nothing, then the user is redirected to a login page.  This module is detailed below.

The problem now is that I need this httpmodule to not affect the login.aspx page.  Every page EXCEPT for login.aspx should utilize this module.
I currently seem to get an infinite redirect taking place (according to Firefox).

Namespace myNS.Modules
      Public Class MyModule
            Implements IHttpModule

            Public Sub New()
            End Sub

            Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
                  AddHandler ctx.PreRequestHandlerExecute, AddressOf context_PreRequestHandlerExecute
            End Sub

            Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
            End Sub

            Private Sub context_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)
                  CaptureSessionContent()
            End Sub

            Private Sub CaptureSessionContent()
                  Dim ctx As HttpContext = HttpContext.Current
                  Dim session As HttpSessionState = ctx.Session
                  If session("integerValue") Is Nothing Then
                        ctx.Response.Redirect("login.aspx", True)
                  End If
            End Sub
      End Class
End Namespace
0
Comment
Question by:Rouchie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:rodmjay
ID: 17154478
Have you tried the solution i gave you, the marker interface?
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17154520
Hi rodmjay
If you're referring to the INoSessionCheck, then no I haven't because you suggested starting a new thread in which you would post the information.  I don't know how to implement this so any examples would be really helpful.

Thanks for getting back, btw!
0
 
LVL 8

Accepted Solution

by:
rodmjay earned 500 total points
ID: 17154868
OK, I couldnt figure out how to access the page object from the httpmodule.  I am thinking that it is not created yet??  Does anyone out there know?

Try this solution and tell me if it works if the login page is the only one that needs to be altered.

    Public Sub New()
    End Sub

    Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler ctx.PostAcquireRequestState, AddressOf context_PostAcquireRequestState
    End Sub

    Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
    End Sub

    Private Sub context_PostAcquireRequestState(ByVal sender As Object, ByVal e As EventArgs)
        CaptureSessionContent()
    End Sub

    Private Sub CaptureSessionContent()
        Dim ctx As HttpContext = HttpContext.Current
        Dim session As HttpSessionState = ctx.Session
        If ctx.Request.RawUrl.Contains("login.aspx") Then
            If session("integerValue") Is Nothing Then
                ctx.Response.Redirect("login.aspx", True)
            End If
        End If
    End Sub
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Author Comment

by:Rouchie
ID: 17166481
Hi rodmjay

>> Try this solution and tell me if it works if the login page is the only one that needs to be altered.
Sadly this didn't work.  I got the error in firefox again about a never-ending redirect when I tried to access login.aspx

>> OK, I couldnt figure out how to access the page object from the httpmodule.
I googled this and found a thread containing this C# code.  Apologies if it's not correct but I hope it is what you require...
    System.Web.UI.Page myPage = HttpContext.Current.Handler;
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17168268
Awesome, OK then try a simple check like this

If myPage isnot INoSessionCheck

and you should be good.  Im not sure why this is happening in firefox. You may want to step through with a debugger and see what is happening.
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17168521
Hi again,
Sorry to go back a step, but I think I might have solved it.  I read your code carefully and noticed that where you check to see if we are on the login.aspx page, the session check only happens if we ARE on the page, when it actually needs to be the other way around!

I changed the if statement to be IF NOT, like this:

If Not ctx.Request.RawUrl.Contains("login.aspx") Then
      If session("customerID") Is Nothing Then
            ctx.Response.Redirect("login.aspx", True)
      End If
End If

This has successfully stopped the never-ending loop, but I have a couple of other minor things to ask...:

 1. Can the code within CaptureSessionContent() be moved inside context_PostAcquireRequestState()?
     This would remove a few lines of code from the module if it is possible.

 2. Does PostAcquireRequestState occur automatically in the loading events of each individual page?
    Just making sure that this module will execute for every single page!

Thanks loads for your help btw.
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17171352
The post acqire does occur automatically, but before the page object is actually loaded.  I guess while you could say its still an embryo...

Basically when you create modules, you have to know what happens when, for example, the session variables do not become available until AcquireRequestState event.  So if you need to get the session variables, any event that occurs after this event will have access to them.  I changed the event to the PostAcquireRequestState, because this is the first event (that i know of) that will allow you to access the session variables.

0
 
LVL 25

Author Comment

by:Rouchie
ID: 17173741
Excellent explanation rodmjay, thank you for your help with this :-)
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question