RE: HTTPModule - an interceptor indeed, but without communication skills!
From: Steven Cheng[MSFT] (v-schang_at_online.microsoft.com)
Date: 03/05/04
- Next message: Kevin Yu [MSFT]: "Re: "System.InvalidCastException: Specified cast is not valid." during connection.open"
- Previous message: S. Hussain Akbar: "Get all domain users"
- In reply to: Girish: "HTTPModule - an interceptor indeed, but without communication skills!"
- Next in thread: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 05 Mar 2004 08:53:09 GMT
Hi Girish,
Thanks for posting in the community!
>From your description, you'd like to implement a pre-validating on the
clientside's script abitlity before the request are processed by the
certain page handler. And you're currrently making efforts on using the
httpModule to check in the certain event before request has been processed
but encountered some problems, yes?
If there is anything I misunderstood, please feel free to let me know.
I've viewed the code logic you provided. Well, I think your idea is correct
and the only problems is that you used the url querystring to perform the
flag which represent whether the client side has passed the validation,
yes? As you've found that this is not quite good because some user can
easily manually append such querystring to bypass the validation.
My suggestion is what about the cookie? In the httpMOdule's certain event,
you can check the Request.Cookies collection for a certain cookie value, if
the value is set, then do nothing. If not set, then redirct the request to
the certain page which contains some certain code to validate whether the
client support javascript. In the validation code, you can use javascript
to set the cookie flag value and then use "window.location" to redirect it
to the orginal requested page. In fact, the ASP.NET's FormsAuthentication
's validation mechanism is just implemented via this means. Use the cookie
to store the authentication token and then checking this token in the
certain FormsAuthentication httpmodule. How do you think of this solution?
In addition, here are some tech articles on how to set cookie using
clientside javascript:
#JavaScript Cookies
http://www.comptechdoc.org/independent/web/cgi/javamanual/javacookie.html
#Netscape 6 compatible Cut and Paste Code Snippets - JavaScript and DHTML
http://www.the-cool-place.co.uk/javascript/cutandpaste/cutandpaste15.html
#The JavaScript Source: Cookie: User Name
http://javascript.internet.com/cookies/favorite-bg.html
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
- Next message: Kevin Yu [MSFT]: "Re: "System.InvalidCastException: Specified cast is not valid." during connection.open"
- Previous message: S. Hussain Akbar: "Get all domain users"
- In reply to: Girish: "HTTPModule - an interceptor indeed, but without communication skills!"
- Next in thread: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Reply: Girish: "Re: HTTPModule - an interceptor indeed, but without communication skills!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
