I'm using an action class that implements SessionAware and SerlvetResponseAware.
I'm trying to rewrite the response by using data that I have stored in the Session.
However, when I debug my action class it seems that setServletResponse() is called BEFORE setSession().
Is there another way to do this? Or am I trying to do something wrong?
Related
I am doing some ajax calls (with jquery) from browser.
I notice that the session id is not sent by the browser.
What I want to do is to pass the session ID as a parameter.
But on server side, i do not know how to tell asp.net "Now, you will use this value as session_id".
In PHP, i was used to do something like that:
session_start($_POST['my_session_id']);
I want to do the same thing in ASP.Net
Thanks
You want a custom ISessionIdManager.
The ISessionIDManager interface identifies the methods that you must implement to create a custom manager for session-identifier values. An ISessionIDManager interface implementation creates and validates session-identifier values, and manages the storage of a session identifier in the HTTP response as well as the retrieval of a session-identifier value from the HTTP request.
[...]
If you only want to supply custom session-identifier values to be used by ASP.NET session state, you can create a class that inherits the SessionIDManager class and override only the CreateSessionID and Validate methods with your own custom implementation. This enables you to supply your own session-identifier values, while relying on the base SessionIDManager class to store values to the HTTP response and retrieve values from the HTTP request.
Based on another question:
Creating a Child object in MVC4 - Parent's information not being passed to Create() controller
Does MVC provide a mechanism to send data from the HttpGet Create() to the HttpPost Create() without going through the client? If I need to send some data to the Post method that is meaningless to the client, how can I avoid cluttering the Views and over-exposing model properties to potential attackers?
Your GET and POST actions are just methods on a class. It really doesn't sound like there's any reason to use POST here, if your only concern is to execute a block of code under certain conditions.
Change your POST (drop the attribute) and make it a private method so it is inaccessible to the client. In your GET, do whatever checks you need to do, then invoke the method.
If you do need to expose the POST, refactor the code in question out to a seperate private method that you can call from either GET or POST. A better implementation would be a separate class with the method located there for reuse/testing/SoC.
Just a caution if you are working with a DB here...while there are some legitimate reasons to write to the DB during a GET, note that this is not the indempotent nature of the GET in most circumstances (http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html).
Cheers.
Yes - as I mentioned in the other answer you can use TempData - however you don't need this. You are using nothing but an id and a name from your entity, just pass only those in the view model. You don't need the full entity.
On the server side ensure your user has access to those records. For example if I was editing a Customer record, I'd ensure the current user has access via something like:
var currentUsersCompanyId = GetCurrentUserCompanyId();
ctx.Customers.Single(o=>o.CustomerId = customerId and currentUsersCompanyId == customerId)
There are a variety of ways to do this based on how you control permissions - and third party platforms for .net such as Apprenda that help do this more automatically behind the scenes.
I want to get the URL accessed by the Struts2 web application. For instance, if user accesses http://www.webpage.com or https://www.webpage.com, I need the protocol; http or https. I tried implementing the action with ServletRequestAware and using request.isSecure() or request.getScheme(). However, I am getting false and 'http' even if I access 'https://..' link.
Is there any way to get the protocol ?
You can extract it from the header:
System.out.println(request.getHeader("referer"));
OUTPUT:
https://www.webpage.com
I think you forgot to try one more thing.
Implement Action with ServletRequestAware and use
request.getProtocol();
Else you can use the following code in your action class:
HttpServletRequest request=ServletActionContext.getRequest();
String protocol=request.getProtocol();
System.out.println("Protocol Used::"+protocol);
In my asp.net mvc project I store two objects in the session when the user logs in. One is a User object (representing the logged in user) and the other is the Organisation object (representing the user's organisation).
I need one or both of these objects to be available in every action method. What's the most elegant way of dealing with this? At the moment each action takes parameters for each of these objects, with a custom model binder retrieving the objects from session. This at least encapsulates the session access but it's annoying to have the params in every method signature. Is there a better way?
Here's what most of the action methods look like.
public ActionResult Pending(IUser CurrentUser)
{
var users = CurrentUser.GetMyOrgPendingUsers();
return View(users);
}
Since you need to access IUser in almost every action you can have a base controller from where every other controller is derived.
In the base controller put IUser as a member variable and override the
OnActionExecuting() method in the base controller, in which you can put the code to access the session variables.
OnActionExecuting() will be called every time a action is called.
The Controller class has a User property. Have you considered using this rather than designing your own way to track the current user?
I'd rethink using IPrincipal here--it is very handy and allows you to work your way into the rest of the .NET authentication bits very seamlessly.
As for the problem at hand, perhaps the easiest clean course of action would be to wire them into a base controller class as protected properties. Slightly more elegant would be to create a user context class, that takes a reference to Session (or better yet, whatever base interfaces you are using in the session) and expose that class from the controller. The main advantage there is it makes it easier to change the backing store if need be and lets one encapsulate more behavior in general.
In ASP.NET MVC the convention is that a controller action method should return an ActionResult (or a type derived from ActionResult).
However, you can write a public method that returns pretty much anything and if that method is called (from a browser) the framework will package the return value up as a ContentResult and the browser receives a page of plain text.
This is all very interesting - but would you ever want to do this?
When you want to render something directly from your controller? e.g. using Response.Write(...); (or using other Response methods).
Not returning anything from an action method is essentially not responding to the client's HTTP request with a response.
An empty request might make sense in some cases (HTTP status being enough of a reply), but all web application patterns return something more than this (including, if I understand it correctly, REST: the new state of the entity).