Archive for the ‘ASP.Net’ Category

« Older Entries

ASP.Net Cookieless Session and Absolute URLs

Monday, February 18th, 2013

For one of our ASP.Net websites, we have been using the Cookies mode to “AutoDetect” (by adding cookieless=”AutoDetect” in sessionState tag in web.config). This has worked well for years in serving the website correctly to users with all types of securities (even who don’t allow the web cookies).

When the cookies are disabled by the user security policies, then ASP.Net auto detect this and adds the session info in the URL of the each request, something like::
~/(X(1)S(cp53yq30mtagv555unhr0t45))/system/index.aspx

The cryptic path “(X(1)S(cp53yq30mtagv555unhr0t45))” in the URL is actually used to indicate the session ID. ASP.Net auto manage the addition and removal of this session info, and in the ASP.Net codebehind, you don’t need to worry about this. Even you don’t get this URL with session info with Request.URL or any other property.

The only limitation is that this breaks when you try to redirect from ASP.Net to an absolute URL e.g. “/system/index.asp”. We normally don’t use any absolute URL in our application, but there are few places where the absolute path is used (mostly to handle protocol changes), and we discovered that it was causing mysterious automatic log-out for some users (which were not allowing cookies).

The fix, fortunately, was very simple. The ASP.Net naively provides a method which add the current session ID to the URL if using the Cookieless mode. The method is HttpResponse.ApplyAppPathModifier and you can apply this by simply calling and passing required absolute URL:

1

string redirectUrl = Response.ApplyAppPathModifier("/system/index.aspx")

The beauty of this method is that it auto detects the session mode and only appends session info, if required. If want to know more about Cookieless session in general, I would suggestion this MSDN article:
http://msdn.microsoft.com/en-us/library/aa479314.aspx

Tags: , ,
Posted in ASP.Net | No Comments »

ASP.Net SecurityProtocol (for SSL Version Control)

Thursday, January 3rd, 2013

Recently, when working on an integration API written in ASP.Net which communicates with a web-services developed using PHP, the tech support requested to force all the secure communication (over HTTPS) to use only the SSL v3 version.

This can be controlled in PHP CURL via single line of code as shown blow:

1

curl_setopt($curl, CURLOPT_SSLVERSION,3);

For more details on this, please check curl-setopt. Doing this in the ASP.Net was a single line of code as well, but finding it was not that easy. Here is the code which did the trick for me:

1
2
3
4
5
6
7
8
9
10
11
12
13

try
{
	// Take back-up of current protocl and force use of only SSL3
	SecurityProtocolType activeProtocol = ServicePointManager.SecurityProtocol;
	ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
 
	// The ASP.Net communciation (using HttpWebRequest) goes here
}
catch {}
finally {
	// Restore the orignal protocol
	ServicePointManager.SecurityProtocol = activeProtocol;
}

I hope this helps.

Tags: , , ,
Posted in ASP.Net, C# | No Comments »

ASP.Net Error CVT1108: Cannot open C:\Windows\TEMP for writing

Tuesday, December 18th, 2012

When I restarted my Windows 7 machine today after a few days (I usual put this to hibernate mode), I got a weird error when starting the ASP.Net web application. The error was:

Compiler Error Message: CVT1108: cannot open C:\Windows\TEMP\RESA33F.tmp for writing

This was a bit weird, because it was working fine before the restart. I tried clearing all the files in the above TEMP folder, but the error still persistent.

After trying various solutions, I was finally able to solve this by simply re-applying the full permissions to “CREATOR OWNER” group in the Security page of folder properties dialog.

I still wonder how these properties got corrupt, and it’s still a mystery, but the good thing is that system is finally back to working state.

Tags: , , ,
Posted in ASP.Net, Windows | No Comments »

ASP.Net designer.cs Not Auto Updating

Sunday, August 26th, 2012

If you use the ASP.Net Web Application project, then there are chances that you have to face a problem, where the designer.cs for the wep page stop auto upadating as you add the new controls to the page. When this happens, it’s really frustrating as you don’t get the error on why it’s not being auto updated. Plus I can’t seem to find some intutive for force regenerate this too.

Today was one such day. I ended up wasting around an hour on the issue where the designer.cs was not being updating for new controls for the Site.Master page. Usually when this happens, the trick which works for me is that I manually add a new ASP.Net server control, switch to the designer.cs and save it. It works almost 99% of the time.

However today was a bad day (that 1% time), where the above solution didn’t worked. Tired up, I started reviewing all the ASP.Net server tags (have to remove couple of those too), and finally found the issue. The problem was that one of the ASP.Net custom control tag was mis-spelled. Once I fixed that typo, the designer.cs started updating correctly. But what was frustrating that there was no error for this, instead the designer.cs just stopped auto updating after that control.

During all this research (and frustrating) process, I found the following nice tip to force regnerate the designer.cs file:

1) Right-Click the designer.cs file and then select ‘Delete’
2) Once the designer file is created, select on the main .aspx, .ascx or .master page, right-click and select ‘Convert to Web Application’.
3) See the magic.

If there was an error due to which the designer.cs file was not being auto updated, you should see the detail of that error too. Yeah!

Tags: , ,
Posted in ASP.Net | No Comments »

SSL Certificate Validation Error in .Net

Tuesday, July 17th, 2012

When working on a .Net project (in Frame 2.0), I was having a hard time connecting with the local secure server using the self signed SSL certificate. When connecting to that server using the HttpWebRequest object, it was throwing the following error:
“The remote certificate is invalid according to the validation procedure”

Looking for the workaround, I found that the simplest method for this is to ignore this error when in development mode. For this, first you need to define a static global event handler for the SSL certificate validation.

1
2
3
4
5
6
7
8
9
10
11
12

// This callback method is used to validate the certificate in an SSL conversation
// Changed the handle to ignore the SSL Certificate errors in the development mode.
private static bool ValidateCertificateCallback(object sender, X509Certificate certificate, 
                                                X509Chain chain, SslPolicyErrors policyErrors)
{
	// When running the developer mode, ignore all type of SSL connection error
	if (System.Configuration.ConfigurationManager.AppSettings["developMode"] == "true")
		return true;
	else
		// Return true only if there are no SSL Policy errors
		return policyErrors == SslPolicyErrors.None;
}

The extra check here make sure that we do this only in the development mode (based on configuration). Next you need to change your HTTP request get/post object code to something like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

// Register a callback function to listen for all the SSL certificate errors (for push completion notification)
RemoteCertificateValidationCallback callbackHandler = new RemoteCertificateValidationCallback(ValidateCertificateCallback);
ServicePointManager.ServerCertificateValidationCallback += callbackHandler;
 
try
{
	// HTTP Get/Post request code goes here
}
catch (Exception exc)
{
	// Handle any other exceptions gracefully
}
finally
{
	// As the SSL certificate handler callback is global, so remove it as soon as push notification is sent to avoid
	// conflict with other HTTPS connections
	ServicePointManager.ServerCertificateValidationCallback -= callbackHandler;
}

This should ignore all your certificate related errors when running the application in the development mode (where System.Configuration.ConfigurationManager.AppSettings["developMode"] configuration is true).

Just a reminder: Please remember to do this only in the development mode. Ignoring SSL certificate error in the production application is a serious blunder and this might put you in serious trouble when not carefully used. So, know what you are doing, and implement this at your own risk.

Tags: , , ,
Posted in ASP.Net | 2 Comments »

« Older Entries