Monday, March 26, 2012

Loop in Global.asax

I have an aspx page : AccessDenied.aspx

In Global.Asax I have this:

Sub WindowsAuthentication_OnAuthenticate(ByVal SourceAs Object, _ByVal eAs WindowsAuthenticationEventArgs)'Try ' If e.Identity.IsAuthenticated And Not (e.Identity.IsAnonymous) And _ ' e.Identity.AuthenticationType.Length <> 0 Then ' Dim userIdentity As String ' userIdentity = e.Identity.Name() ' ElseHttpContext.Current.Response.Redirect("AccessDenied.aspx?Authenticated=" + e.Identity.IsAuthenticated.ToString +"&Anonymous=" + e.Identity.IsAnonymous.ToString +"&Type=" + e.Identity.AuthenticationType.ToString)' End If 'Catch ex As Exception ' HttpContext.Current.Response.Redirect("AccessDenied.aspx?Error=" + ex.Message.ToString) 'End TryEnd Sub

I've commented out the rest of the code.I just want to see if Global.asax will call the error page in case of any errors. When I run it, it calls the AccessDenied.aspx but it keeps calling it and calling it and calling...the green status bar keeps going up. I see "website found waiting for reply" in the status bar. Then I have to stop the page...

Any ideas as to why I cant test this?

I *think*, and someone else could correct me on this, that it is waaaay too early in the page's lifecycle to be able to do a Response.Redirect in that event, that user is never going to be authenicated because you have yet to do so! (you're still in "OnAuthenticate", which come before the actual authentication process)... Raise an error instead and let the built in error handling do it's thing and hang your code off that

Secondly i noticed you have a Response.Redirect in the Catch block, that doesn't work and could cause strange happenings (it was a prob in 1.1 anyways)


I could be wrong (it's been known to happen), but I believe OnAuthenticate is not an event -- it is a method that raises the Authenticate event to authenticate the user. Hence, the user is never being authenticated here. You need to put this code in an event handler for the Authenticate event.

Found my answer...It's not early to do error checking in global.asax...if a user is not authenticated, somehow i need to redirect the user to another page. I was getting a loop because onAuthenticate gets called for each request.. so i added this line of code and if on error page, i just dont authenticate anymore:

Dim fileNameAsString = LCase(HttpContext.Current.Request.Url.LocalPath)

If InStr(fileName,"accessdenied") > 0ThenExitSub

Posted by dilutemqwp at 11:58 PM
Labels: , , , , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)