test for canonicalization issues

M

MattB

I'm trying to implement this MS "best practice" to test for
canonicalization issues in my web application. I went to
http://support.microsoft.com/?kbid=887459 and pasted their code into my
Application_Start event in Global.asax:

If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
End If

but when I start my application I get the following error from that code:

Request is not available in this context
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Request is not available in
this context

Source Error:


Line 34: 'the following was added to adhere to MS "best
practices" to avoid a canonicalization exploit. (MB) FP# 7157
Line 35: 'see http://support.microsoft.com/?kbid=887459 for more
info
Line 36: If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
Line 37: System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Line 38: Throw New HttpException(404, "Not Found")


Source File: C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb Line: 36

Stack Trace:


[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpApplication.get_Request() +83
WebwareSales1.Global.Application_Start(Object sender, EventArgs e)
in C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb:36

----------------

Does anyone know what I need to do to make this work? I'm not sure what
my context issue is. I was just hoping the MS code would just work. Thanks!

Matt
 
J

Juan T. Llibre [MVP]

That code doesn't go in Application_Start
It goes in Application_BeginRequest

Change it, and let us know how it went.




Juan T. Llibre
===========
 
M

MattB

Thanks Juan. That did the trick. I guess I need to work on my reading
comprehension skills!

Matt
That code doesn't go in Application_Start
It goes in Application_BeginRequest

Change it, and let us know how it went.




Juan T. Llibre
===========
I'm trying to implement this MS "best practice" to test for
canonicalization issues in my web application. I went to
http://support.microsoft.com/?kbid=887459 and pasted their code into my
Application_Start event in Global.asax:

If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
End If

but when I start my application I get the following error from that code:

Request is not available in this context
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Request is not available in
this context

Source Error:


Line 34: 'the following was added to adhere to MS "best practices"
to avoid a canonicalization exploit. (MB) FP# 7157
Line 35: 'see http://support.microsoft.com/?kbid=887459 for more
info
Line 36: If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
Line 37: System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Line 38: Throw New HttpException(404, "Not Found")


Source File: C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb Line: 36

Stack Trace:


[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpApplication.get_Request() +83
WebwareSales1.Global.Application_Start(Object sender, EventArgs e) in
C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb:36

----------------

Does anyone know what I need to do to make this work? I'm not sure what my
context issue is. I was just hoping the MS code would just work. Thanks!

Matt
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top