In my MVC5 application, I have a data-grid which has it's filter/sort criteria specified inside the URL. When a user selects a Record to Edit/Create/Delete, I needed to save the URL value so that when the Controller POST action completed, they would be returned to the exact same layout they were on before the GET action was triggered (same data-grid with sort/filter criteria applied).
In my pursuit of this funcitonality, I began using a session variable in my Controller. On GET:
Session["returnURL"] = Request.UrlReferrer.AbsoluteUri;
I set a session variable of returnURL to the current full path URL of my Browser. The on the post, after my changes to the record/database are saved, I have check the returnURL variable for null and perform a Redirect():
var returnURL = (Session["returnURL"] != null) ? Session["returnURL"].ToString() : Url.Action("Index", "Home");
return Redirect(returnURL);
This all works perfectly fine on my localhost, but when I publish it to my Server each time I attempt to navigate to Edit/Create/Delete actions for my record, the Session Variable on the GET actions causes:
Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error: [No relevant source lines]
After a lot of trial and error I diagnosed that it is my Session Variable that is causing this NullReferenceException as when I remove that specific code line from my GET action method, everything else functions fine and the appropriate View loads.
Can anyone helps with this? I'm at a loss for why my Session Variable is working on my Localhost but not on my Server. I took a look at the following MSDN article https://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.71).aspx, but I'm still getting the same result even with <configuration><system.web> <sessionState mode="InProc"></sessionState>... specified in my Web.Config.
EDIT:
At ps2goat's suggestion, I modified my Web.Config to include:
<system.web>
<sessionState mode="InProc"></sessionState>
// ....
<pages enableSessionState="true">
<namespaces>
<add namespace="GridMvc" />
<add namespace="MvcSiteMapProvider.Web.Html" />
<add namespace="MvcSiteMapProvider.Web.Html.Models" />
</namespaces>
</pages>
// ....
</system.web>
Still receiving the same NullReferenceException error...? I have now specified the sessionState = InProc and set <pages enableSessionState="true">.
I found the answer in this post (The Session object is null in ASP.NET MVC 4 webapplication once deployed to IIS 7 (W 2008 R2)), wherein I modified my <modules> section to do an add/remove of the below specified values:
<configuration>
...
<system.webServer>
...
<modules>
<remove name="Session" />
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
...
</modules>
</system.webServer>
</configuration>
I'm still not entirely sure WHY this is the answer, but it worked for my issue in this case.
Related
I have set the routing api/Exchange/Groups/Members/{samAccountName} on my web api and is working
But if the value of samAccountName contains wording "prn.", It will return The resource cannot be found.
Example
http://localhost:4483/api/Exchange/Groups/Members/prn.agency1
http://localhost:4483/api/Exchange/Groups/Members/prn.agency2
http://localhost:4483/api/Exchange/Groups/Members/prn.agency3
I not sure where is wrong. Here is my code snippet
[HttpGet]
[Route("api/Exchange/Groups/Members/{samAccountName}")]
public HttpResponseMessage GetMembers(string samAccountName)
{
//Query from Exchange
}
Any idea?
The problem is in your samAccountName format - it contains dot, which is interpreted by IIS as a file extension. IIS tries to find handler for file type *.agency1 (agency2, agency3), cannot find it and throws an error.
You either should change format to exclude dot, like change it to dash/underscore, or enable this parameter in your web.config
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
Some more information and drawbacks about runAllManagedModulesForAllRequests flag can be found in this blog post: https://weblog.west-wind.com/posts/2012/Oct/25/Caveats-with-the-runAllManagedModulesForAllRequests-in-IIS-78
In web.config, add
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true" />
</system.web>
More details explained here.
I have an old website based on asp.net webform. I need to change the url to friendly using the same site and also keep support for old url.
For this i thought of using HTTP Handler so that i can intercept the old url and redirect them to correct page with new url
example
old url: /news.aspx?newsID=10
new url: /news/10/title-of-the-news
Using handler file URLHandler.ashx i want to redirect page to right page or recreate the new url.
what i did so far
create URLHandler.ashx wrote logic to redirect to new url or let us say i created the new URL and redirected the page
registered the handler in we.config
This is not working for me when i run /news.aspx?newsID=10 first it should execute handler file and the redirect to the page based on the url.
I am not sure if i have done something wrong.
web.config
<system.webServer>
<!-- Un Comment This Part on web server Un Comment This Part on web server -->
<handlers>
<add name="url-handler" verb="*" path="*.aspx" type="URLHandler" resourceType="Unspecified" />
<add name="ChartImg" path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
SAMPLE Handler file code
<%# WebHandler Language="C#" Class="URLHandler" %>
using System;
using System.Web;
public class URLHandler : IHttpHandler {
public void ProcessRequest (HttpContext context) {
// context.Response.ContentType = "text/plain";
//context.Response.Write("Hello World");
HttpResponse r = context.Response;
r.Write(context.Request.Url.AbsoluteUri);
}
public bool IsReusable {
get {
return false;
}
}
}
Place the code in a .cs file. I've reproduced your project (with the code in an .ashx file) and received the following error:
Could not load type 'URLHandler'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Having the code in a .cs file in App_Code resulted in it working as you expected. I suspect that this is something to do with the fact that code inside .ashx files gets compiled slightly differently to account for the fact that it's responding to a specific URL (URLHandler.ashx) as it's a physical file, rather than being a class that's referenced from web.config which may be sufficient to mangle the name/location of the type so IIS can't find it when referenced in config.
I have a form at which I use ckeditor. This form worked fine at Asp.Net 2.0 and 3.5 but now it doesn't work in Asp.Net 4+. I have ValidateRequest="false" directive. Any suggestions?
Found solution on the error page itself. Just needed to add requestValidationMode="2.0" in web.config
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
MSDN information: HttpRuntimeSection.RequestValidationMode Property
There is a way to turn the validation back to 2.0 for one page. Just add the below code to your web.config:
<configuration>
<location path="XX/YY">
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
</location>
...
the rest of your configuration
...
</configuration>
I know this is an old question, but if you encounter this problem in MVC 3 then you can decorate your ActionMethod with [ValidateInput(false)] and just switch off request validation for a single ActionMethod, which is handy. And you don't need to make any changes to the web.config file, so you can still use the .NET 4 request validation everywhere else.
e.g.
[ValidateInput(false)]
public ActionMethod Edit(int id, string value)
{
// Do your own checking of value since it could contain XSS stuff!
return View();
}
This works without changing the validation mode.
You have to use a System.Web.Helpers.Validation.Unvalidated helper from System.Web.WebPages.dll. It is going to return a UnvalidatedRequestValues object which allows to access the form and QueryString without validation.
For example,
var queryValue = Server.UrlDecode(Request.Unvalidated("MyQueryKey"));
Works for me for MVC3 and .NET 4.
Note that another approach is to keep with the 4.0 validation behaviour, but to define your own class that derives from RequestValidator and set:
<httpRuntime requestValidationType="YourNamespace.YourValidator" />
(where YourNamespace.YourValidator is well, you should be able to guess...)
This way you keep the advantages of 4.0s behaviour (specifically, that the validation happens earlier in the processing), while also allowing the requests you need to let through, through.
In an ASP.NET MVC4 application I have a custom output cache provider defined.
My configuration is like this:
<system.web>
<caching>
<outputCache defaultProvider="DiskOutputCache" enableOutputCache="true" >
<providers>
<add name="DiskOutputCache" type="ProExam.DMC.MvcUtil.DiskOutputCache, ProExam.DMC.MvcUtil, Version=1.0.0.0, Culture=neutral"/>
</providers>
</outputCache>
<outputCacheSettings>
<outputCacheProfiles>
<add name="forever" duration="2147483647" varyByParam="id" />
</outputCacheProfiles>
</outputCacheSettings>
</caching>
I have an action like this:
[OutputCache(CacheProfile = "forever")]
public ActionResult View(UrlParamString id)
{
...
}
When I run in debug, only the get method of my custom output cache provider is called. Never the set or the add. Any help would be appreciated...
Try reducing the duration. You defined an almost infinite cache duration this means while the app is running, it will not try to store your cache item again.
Duration is set in seconds... Try duration="10" or something and see what happens.
Apart from that you can also try to define enabled="true" location="Server" in your cache profile.
Try adding location attribute to web.config entry.
<add name="LongLivedProfile" duration="86400" location="Any" varyByParam="*" />
Check that you do not write any cookies during the request. Outputcache does not call add/set if you write a cookie.
Check This: Custom OutputCache provider is not working (get is called but not set or add)
It doesn't work if you are using cookies.
Also Check Note Section for CacheProfile: https://msdn.microsoft.com/en-us/library/vstudio/hdxfb6cy(v=vs.100).aspx
This attribute is not supported for # OutputCache directives included in user controls (.ascx files). When specified on a page, the value must match the names of one of the available entries in the outputCacheProfiles element under the outputCacheSettings section. If the name does not match a profile entry, an exception is thrown.
I have an application that has to deal with getting "special" characters in its URL (like &, +, %, etc). When I'm sending a request to the application using these characters (of course I'm sending them escaped) I'm getting "Bad Request" response code with the message "ASP.NET detected invalid characters in the URL". Tracing the request shown me that the error was thrown from the "Authentication Module".
I've searched a bit and found that every page has a ValidateRequest and changing its value to false solves the problem. Unfortunately I'm using Httphandler. Does anyone know how to stop the request validation using http handler?
I ran into the same problem (creating an IHttpHandler that needed to receive requests with special characters in the URL). I had to do two things to fix it:
Create the following DWORD registration entry with a value of 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\VerificationCompatibility
In the web.config, set the allowDoubleEscaping attribute of the requestFiltering element to true.
I had the same problem and got it working by setting validateRequest="false" as well as requestValidationMode="2.0", like below. No registry edits.
<system.web>
<httpRuntime requestValidationMode="2.0" />
...
<pages ... validateRequest="false" />
</system.web>
Wholesale changes at the application or machine level were not acceptable to me. I only had one parameter that a client was sending incorrectly that I needed to scrub.
I found that when a request is made with html or other potentially dangerous items in the query string, you can scrub the string by using the context.Request.RawUrl and, once the query string is scrubbed, use context.RewritePath(scrubbedUrl).
First thing in the handler, get the context.Request.RawUrl
Scrub the bad request RawUrl for bad input
context.RewritePath(srubbedUrl)
Profit
It seems like request validation only cares about accessing context.Request.Params[], so if you scrub and rewrite path (to the same path) before the Params collection is accessed, you're golden.
Below solution worked for me-
Create the following DWORD registration entry with a value of 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\VerificationCompatibility
In the web.config, set the allowDoubleEscaping attribute of the requestFiltering element to true.
You can remove all the modules with
<httpModules>
<clear />
</httpModule>
to make the request get to your handler. Or maybe you can remove the specific modules that are stopping your request.
This is the list of modules loaded by default in ASP.NET 2.0 from here
<httpModules>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />
<add name="Session" type="System.Web.SessionState.SessionStateModule" />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" />
<add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule" />
<add name="Profile" type="System.Web.Profile.ProfileModule" />
</httpModules>
How about this?
<system.web>
<pages validateRequest="false">
</pages>
</system.web>
Since .NET Framework 4.5, you can use the Unvalidated property on HttpRequest or HttpRequestBase to access form, query string and URL data in a way that will not trigger request validation. If you avoid accessing these values in any other way (including in helper methods or other HTTP modules running in the same request), you will not require anything else to avoid request validation.
You can set validateRequest to false in the pages section of the web.config. Maybe that works for HttpHandlers as well?