forcing code to run - httpmodule etc.

[Guest]

Let's say i have something, that will eat up a lot of cpu cycles, that i
want to run for the whole webpage( asp.net application and all subfolders
underneath). What's the best way to accomplish this? I can't have anyone
'turn off' this feature or atleast not anyone who is not an administrator on
the box(win 2k3). If the check fails i want any asp.net request to not
return the page they requested but an error message.


I implemented it as an http module that checks given a timespan. So it does
a check every 24 hours etc. If the check fails it will return an http status
code of 503 with a specific error msg. I know it's kind of drastric but thats
what the guys asked for. Kill any request that comes in once it fails and
until the admin addresses the issue.

I would like to know the best way to approach this. Should i put this in the
web.config of the system([1])? Or the machine.config? I notice a power user
can modify these files.. is it safe to deny everyone but administrators to
write to this file?

[1]
C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG

Cisco

 

[Walter Wang [MSFT]]

Hi Cisco,

Thank you for your post.

After reviewing the problem description, I am not clear on some points.
Could you please help me on the following questions so that we can work
more closely?
1) What do you mean "eat up a lot of cpu cycles, that i want to run for the
whole webpage"?
2) When you mean "the check fails", does that mean check for administrator
privilege?

As for the NTFS security of web.config or machine.config, I think the
ASP.NET worker account will not need writing access to the file, therefore
just give full access to the administrators would be ok.

If there is anything you like to add, please feel free to reply here. I am
glad to work with you on it.


Regards,
Walter Wang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Walter, my response is inline.

Hi Cisco,

Thank you for your post.

After reviewing the problem description, I am not clear on some points.
Could you please help me on the following questions so that we can work
more closely?
1) What do you mean "eat up a lot of cpu cycles, that i want to run for the
whole webpage"?

Well something that is cpu intensive or takes a long time. I need to check
this throughout the lifetime of the server but i don't necessarily have to(or
want to) check it every request.

2) When you mean "the check fails", does that mean check for administrator
privilege?

Well basically i need to read something from a slow hardware device. The
check is something specific about that hardware. I want this check to be done
at a specific interval(hours) but once it fails i want to return a specifc
error and return a specific http status code. i want any request after that
to fail with user defined error message so that the admin can address the
problem. Currently i'm accomplishing this by creating an http module and
adding it to the web.config but i want to see what the best approach is. I
don't want any user to be able to remove this http module from the asp.net
page lifecycle.


if( CheckIfHardwareFails() ) {
// set response to 503 and end request completely
// write out some friendly message to the administrator so he can
correct the
// hardware issue
}

As for the NTFS security of web.config or machine.config, I think the
ASP.NET worker account will not need writing access to the file, therefore
just give full access to the administrators would be ok.

If there is anything you like to add, please feel free to reply here. I am
glad to work with you on it.

Appreciate it!!

Cisco

 

[Walter Wang [MSFT]]

Hi Cisco,

Thank you for your update.

I think using an HttpModule here is reasonable. Following is the official
MSDN documentation about ASP.NET Required ACLs:

#ASP.NET Required Access Control Lists (ACLs)
http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx

Another approach in my opinion would be using a timer to check the hardware
periodically, and sets an application variable when the check failed. You
check the application variable in Application's OnBeginRequest event, if it
failed, threw an exception.

Some example code:

void Application_Start(object sender, EventArgs e)
{
Timer t = new Timer(3000);
t.Enabled = true;
GC.KeepAlive(t);
t.Elapsed += new ElapsedEventHandler(t_Elapsed);
Application["timer"] = t;
}

void t_Elapsed(object sender, ElapsedEventArgs e)
{
if (checkHardwareFailed()) {
Application["failed"] = "1";
// you might then disable the timer since the application needs
restart anyway
}
}

void Application_OnBeginRequest(object sender, EventArgs e)
{
string status = Application["failed"] as string;
if (status == "1")
{
throw new Exception("Hardware check failed!");
}
}

This way you don't need to use an HttpModule and don't need to modify
web.config or machine.config.

Hope this helps. Please feel free to post here if anything is unclear.


Regards,
Walter Wang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.