0

I declared a private property in an httpmodule attached to PostAuthenticateRequest this way:

Private Property roles as New List(Of Integer)

Then in the various methods of the module I added a role to the List this way:

roles.Add(AppSettings.AnonymousRoleId)

But I'm experiencing an odd behaviour... each time I refresh the page the roles list becomes longer always adding the same role just like if Private Property roles is remembered on each page refresh. Just like an application static variable. Shouldn't this property be private to the module?

Manight
  • 500
  • 5
  • 26

3 Answers3

0

The PostAuthenticateRequest event may be called many times per page. Look here PostAuthenticateRequest fires several times

Community
  • 1
  • 1
artygus
  • 605
  • 4
  • 11
  • Ouch! that hurts... I'mo not doing anything with DB but I read from cookies and create a custom IPrincipal wich is quite complex (multiapplication with roles, taks, paths) so I guess it can be a good Idea to set a flag in the context.items to skip the whole process after the first time! So I guess this happens with all httpmodules, they are triggered on each request, even for static files like images, css, js and so on? Even if I put them on another domain like static.mysite.com? Strange there is no way to exlude static contents from triggering httpmodules – Manight Dec 25 '12 at 17:06
0

Ok I did some other testing on this and I'm experiencing a very odd behaviour....

I tryed to implement a flag to skip the processing in the module if the module has been read at least once. I did this simply putting a flag var in HttpContext.Current.Items this way:

       Private Sub Application_PostAuthenticateRequest(ByVal source As Object, ByVal e As EventArgs)
        ' A flag to prevent multiple execution on each request for static files like images, css, js
        If HttpContext.Current.Items("UserCheck") Is Nothing AndAlso _
        DirectCast(HttpContext.Current.Items("UserCheck"), String) <> "1" Then
            GlobalAppSettings.debug += 1

GlobalAppSettings.Debug is a static (vb shared) property I use for debugging purprose of httpmodules. Now with this code in place the debug variable shoulde be +1 on each page refresh (I check this with a simple Response.Write(GlobalAppSettings.debug) in the code behind of Default.aspx. This is because at the end of the Application_PostAuthenticateRequest method I set HttpContext.Current.Items("UserCheck") = "1"

So why on each page refresh GlobalAppSettings.debug variable increments in steps of 3 or 5? Is driving me mad

Manight
  • 500
  • 5
  • 26
0

Ok I think I find an answer to all the stuff. The check on HttpContext.Current.Items("UserCheck") was not working because each request to jpg, css, js would fire it's own HttpContext so there's no use for a global flag that way.

After a bit of searching I found a much more clean and conventional solution. If you don't want your modules to be fired on stati content requests (wich includes static resources in your page) you have to set in the web config in the section:

    <modules runAllManagedModulesForAllRequests="false">

Also you have to add to your modules the attribute: precondition="managedHandler". Example:

    <add name="ReadUserSettings" type="namespace.to.type" preCondition="managedHandler" />

For some reason I didn't have those settings in my web.config. Now I'm stuck with another little issue but now that I have a better idea of what's going on, I think I should open a more specific topic on the subject, that is how to exclude .axd handlers (or just WebResources.axd handler would do) from firing my custom modules, since .axd handler is threated has managed code since it has preCondition="integratedMode,runtimeVersionv4.0" and this is how it should be. I just don't want my modules to be fired from it or other .axd.

Manight
  • 500
  • 5
  • 26