Programmatically turn off custom errors for current request

M

Matt

Hello all,

The app we are working on uses custom errors extensively to provide
friendly error pages to users whilst logging the actual exceptions
behind the scenes.

However.... We are now having to integrate some Web services into the
application using the existing architecture. These Web services are
secured using Forms Authentication. Hence, we need to turn the default
behavior of Forms Authentication (redirects to login pages, etc) into
exceptions that can be handled by a non GUI client (ie. Web service
consumer).

Heres the problem....

In the AuthenticateRequest event, we check if a secure Web service is
being called. If so, we check for an authentication ticket in the Soap
header. If its not there, we throw a "MissingAuthenticationTicket"
custom exception. This gets wrapped in a SoapException and we want
this to get passed to the client.

However.... the custom error page gets called instead, redirecting the
client to Error.aspx and logging the exception on the server. This is
secure, but very hard to handle at the client.

Anyway, what I would like to be able to do is just before throwing the
MissingAuthenticationTicket exception, turn off custom errors for this
request only. Hence the exception would get passed to the client as
expected.

Is there anyway to achieve this?

Thanks in advance for any help,
Regards,
Matt
 
S

Scott Allen

Hi Matt:

Since no one has responded as yet I though I'd through out an idea I
had.

If you handle the Application_Error event in global.asax you might be
able to prevent the redirect with a call to ClearError. I have not
tried this, mind you, just an idea.

If you need to get "state" information from AuthenticateRequest to
Application_Error, you could use the Content.Items collection to hold
some sort of sentinal object.

HTH,
 
M

Matt Caton

Hi Scott,

Thanks for the suggestions. I have tried sticking some code in the
Application OnError handler to prevent the redirect.

What I did was check for a SoapException, and do a Repsonse.End if so.
This prevents the redirect and returns the exception.... However, as in
text/html format!!!

In desperation, I tried something along the lines you say about getting
the error to bubble using the context.items collection.

What I have done is... (and its a BIGGGGG hack!)..
If the authentication ticket is missing:
1) Set SkipAuthentication to true on the current context
2) Add "MissingAuthTicket" to context items collection
3) In the actual secured Web service (!), check for MissingAuthTicket in
the context, and throw the exception if it is!
The point is, the exception gets thrown properly in the Web service
without being redirected by the custom error handler.

Im not proud of this code ;)

Thanks again,
Kind regards,
Matt

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top