I created a custom RouteHandler for images that I want protected. My RouteHandler simply takes a new route (graphics/{filename}) and does a lookup for the true file path, sets the mime type, and serves it up. That works fine. (http://www.mikesdotnetting.com/Article/126/ASP.NET-MVC-Prevent-Image-Leeching-with-a-Custom-RouteHandler)
What I wanted to do next was to do a check within my custom handler for a session variable that I would set earlier to make sure the person trying to view the image had permission to do so.
Basically, they would pass a login (enter a code), which would set a session variable that I would look for in the custom RouteHandler.
My problem is that I can't seem to get at the session data from within the custom RouteHandler.
Finally, my question is: How can I set data in a controller and have it available to me from within a custom RouteHandler on a subsequent request?
First, from the RequestContext passed in to the GetHttpHandler method, can you not access the Session via requestContext.HttpContext.Session? I am not sure, I could see this not working by default since it is so early in the pipeline.
If not, you can always easily move the Session checking logic into the handler by adding the IRequiresSessionState interface to your handler.
Related
In my ASP.NET MVC solution I have a number of services.
One of them, SessionService, is used to access the currently selected region and time span.
I want to display those in a layout used to decorate views. What is the best design approach to access those values which are stored in the SessionService?
Right now I'm thinking about using calling a ChildAction from the layout which in turn calls the session service:
_Layout -> aController.ChildAction() -> SessionService.GetRegion()
Is it a good approach or can you recommend anything better?
UPDATE 1:
Other options for passing the values that are possible:
via ViewBag
via ViewModels
However the drawback for these options is the fact that it would be necessary to populate them in each and every action method which would lead to duplication of code (which could be mitigated by means of a filter, but again this will require decorating controllers with the filter).
UPDATE 2 (born in the discussion with O:rvar below):
Another option is to create a base controller which will be populating ViewBag properties upon creation. All other controllers should derive from it.
You should be able to access you session data in the view with the following code:
var region = #Session["Region"].ToString();
Or you could call the controller method as you mentioned with an ajax call and get the session data that way. Using the childaction approach is also a fine way of accomplishing what you want.
I want to know if it is possible to define a value for a session variable in a view page (.html.erb) and use it in a controller?
For example:
in order controller, new.html.erb:
session[:amount] = #order.amount
in payment controller file:
#amount = session[:amount]
I have a variable in my controller which its value should be changed based on variable I get in one of the views. As the value is stored in a session, I need to use the session value in my controller. Thank you in advance for descriptions and replies.
As I tried, I found that it's possible to pass a parameter from a view to a controller using a session variable. The problem I had was due to the type of the variable's value. I used a session variable and changed its type by using the "flood" function, and the problem is solved.
I asked the question in its general form to know more about the session variables but unfortunately I've not received proper answers.
You say
which its value should be changed based on variable I get in one of
the views
How does the view get the value ?
If you get it by user input:
Using ruby in the view won't help, since the user is interacting with a HTML page. You should use a form POST, possibly asynchronous to make a server call which will set the new value to the rails session.
If you get it by calculating something in ruby:
Then you could and should probably do it from the controller and not from the view. And yes, you can store values in the rails session.
Also, if you are not sure where your problem is (either session usage or Stripe API usage), I suggest you isolate both problems to figure out a solution.
For instance try setting any hardcoded value in the session in one controller method then reading it in another one. When that works, use it in combination with Stripe.
The problem you are facing is to have a persistence data across multiple requests.
You cannot set a session in the rails view. As the whole principle of session is to have persistent data on the server side. To tackle your problem, you can make use of cookies. Cookies are used for storing persistent data across the request on client side and are sent to the server with each server request. Setting a cookie in your view and using it in a controller will serve your purpose.
If someone goes to our website with a query string key of ref (for example mysite.com/AboutUs?ref=Test), is it possible to maintain that query string on all future links/form posts?
So for example, I may have a link on our website to go to mysite.com/Products. I would want this to be translated into mysite.com/Products?ref=Test.
Ideally I want to know if this is possible to do by inspecting the previous URL and adding it to the current URL when the request for the page is made, maybe by intercepting the route and appending the key (if it doesn't exist already).
The project is an MVC 4 application.
You could actually pass it along by adding it to every single URL, but that would require manually adding to each use of Html.ActionLink, etc. (or I suppose you could create a custom HTML Helper to do that for you, but then every developer who works on your project would need to remember to always use the custom helper), as well as all redirects and such in your controller actions. Long and short, this would be very time consuming and very fragile.
Your best bet is to simply intercept the initial request with the querystring parameter and then set a session var. Then, you can simply check for the presence of the session var instead of the querystring parameter.
To handle all this logic, your best bet is to create a global action filter. There's pretty extensive documentation on Filters at MSDN. Once you create your filter, you just have to register it in FilterConfig.cs (in App_Start) to make it global.
Set the URL parameter in a cookie, and later in your code do whatever you want to do based on presence of that value in either the cookie or URL.
if(parameter set in cookie OR URL)
// do stuff
if(parameter set in URL)
// set the cookie so that future actions are also tagged with that parameter
Alternatively if you want such tagging to happen only for the session, set a session variable.
To do it in the way you suggested - You could rewrite all links on your page based on this tag, but that would be a roundabout, and costly, way of doing this. Most languages allow a hook that allows your code to process the HTML output before it is sent out to browser; just run a appropriate regex search and replace to get what you want. e.g. PHP has ob buffering and associated functions. You could use the equivalent for .Net.
I'd like to store page titles in some place for later use. I used nifty-generators to generate layout.
How to access value, which was set by title() method in view? I need to catch it in controller. Is it stored somewhere in response?
or do I need to move title setting to controller action, as I wonder if what I want to do is possible from mvc nature?
If you want to use any variable in more than one request then you should keep it in controller. There are many ways to do this like:
You can pass this variable in URL.
keep it in the session
keep it in the cookie
In rails you can also use flash.now
I've created a object that I'd like to have accessible from wherever the request-object is accessible, and to "die" with the request, more or less like how you always in a mvc-application has access to the RouteData-collection. Especially it's important that I have access to this object in the execution of action-filters. And also there need to be created a new object of my class whenever a new request is made to the page (the object needs to be request-safe, ie. only one request modifies that one object).
Any thoughts about how to achieve this?
HttpContext is a good place for this. The Items dictionary could be used to store objects relative to the request.