HTTPModule - an interceptor indeed, but without communication skills!

From: Girish (gbajaj_at_tietronixinc.com)
Date: 03/05/04 

Date: Fri, 5 Mar 2004 00:16:15 -0600

Ok, Ive been thinking about this problem for a while.

I have 30 odd aspx pages (already built) on my website that I need to have
some validation occur before the page should load. The validation is - TEST
if javascript is enabled on the browser + some other plugin checks via
javascript.

Id rather implement this check without touching any of the aspx files.
Reason is the usual - I dont want "same code" clutter in all pages
(javascript is a mess) and implementing page templates id rather not do
cause all my aspx pages have the <head> tag defined and I need to imbed the
common <script> tags inbetween the <head> tags. If i were to use page
templates- id have to remove the head tag in all my aspx files and render it
from my page template along with my <script> tags.. Also I dont want to use
includes or user controls cause that still involves touching all files.

Whats left? HttpModules.

Heres the javascript code declared in default.aspx:

<script language="Javascript">
window.location="main.aspx"
</script>
<body>
This is for js-disabled browsers
</body>

What this does is simple - if javascript is enabled, it will replace the
browsers URL to the new url. The problem is that I can only implement this
in default.aspx. If somebody were to bookmark main.aspx - there would be no
check. Id be back to square one. Heres where HttpModules came in. Atleast I
though!

Ive gradually realized that the HttpModule is a interceptor and acts similar
to a human being having the job of bouncer at some fancy club. What the
bouncer lacks here is communication skills. Heres what I mean:

In order to detect if the client supports javascript - you have to ask the
client that question! So the request goes back to the client and it needs to
respond with a yes or a no for accessing the real page. How do we do this?
By request parameters being passed via the url. eg
window.location="main.aspx?ok=ok".

Heres my sample code:

using System;
using System.Text;
using System.Web;

namespace com.tietronix.vaweb.module
{
 /// <summary>
 /// Summary description for BrowserValidator.
 /// </summary>
 public class BrowserValidator : System.Web.IHttpModule
 {
  public void Init(HttpApplication application)
  {
   application.PreRequestHandlerExecute += (new
EventHandler(this.Application_PreRequestHandlerExecute));
  }

  public void Dispose()
  {
  }

  private void Application_PreRequestHandlerExecute(Object source, EventArgs
e)
  {
   HttpApplication application = (HttpApplication)source;
   HttpRequest request = application.Request;
   HttpResponse response = application.Response;
   //check the request
   //if request variable is set to ok, allow request to continue.
   //else return requested url with checker code.
   if (request["ok"] != "ok")
   {
    String url = application.Request.RawUrl;
    response.Write(checkerCode(url));
    response.End();
   }
   else
   {
    //pass through with removing "ok" from the request
    //response.Redirect
   }
  }

  private string checkerCode(string url)
  {
   StringBuilder s1 = new StringBuilder();
   s1.Append("<script language=\"Javascript\">");
   s1.Append("location=\"" + url + "?ok=ok\";");
   s1.Append("</script>");
   s1.Append("<html><body>");
   s1.Append("This is for js-disabled browsers");
   s1.Append("</body></html>");

   return s1.ToString();
  }
 }
}

So now you see my little commented out response.Redirect? Im dead in the
water. Im thinking this is not even possible. I would like to remove the
ok=ok from the url cause i dont want it displayed. People could easily
bypass my validation otherwise. Yes, I know - you can get the url by looking
at it through a browser with disabled javascript cause it would render the
complete url - but thats ok. I want to make this a hindrance rather than
bullet proof. So anyways - i want to remove the ok=ok from the url and
redirect to the same page, but then my module would again test the page for
javascript and id be in an infinite loop! See where im stuck?

Am I making a mess of the whole thing? Is this not possible at all? Well,
there is another way - intercepting and parsing the output string to the
browser and embedding the code in there. Id rather not do that.

Any help would be greatly appreciated.

Thanks,
Girish

Relevant Pages

  • Re: Clarification of Page and Resource Request Processing Sequence
    ... generally to be server friendly, the browser will only do two concurrent requests to the same server. ... IIS forwards the request to ASP.NET ... ASP.NET then executes the requested .aspx page, ... ASP.NET ultimately sends HTML markup back down to the browser. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Pop up index.aspx
    ... ASPX generates content dynamically, no more. ... You can still "remote-control" a browser by using special commands in your ... These commands are written in JavaScript, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How do I detect a user leaving the site?
    ... First you need to define for yourself "exit time". ... a request to aspx. ... At the end when user closes the browser you will have ... JavaScript is disabled. ...
    (microsoft.public.dotnet.framework.aspnet)
  • comp.lang.javascript FAQ - META 2009-03-04
    ... The official Big 8 Usenet newsgroup dealing with javascript is ... relates to javascript in a web browser. ... Questions that are specific to Microsoft's JScript may also ... This FAQ provides URLs to further information about ECMAScript ...
    (comp.lang.javascript)
  • comp.lang.javascript FAQ - Quick Answers- 8.0 - 2004-03-15
    ... Internationalisation in javascript. ... How can I see in javascript if a web browser accepts cookies? ... This is the official _comp.lang.javascript_ FAQ. ...
    (comp.lang.javascript)
Quantcast