M
MattB
I'm trying to implement this MS "best practice" to test for
canonicalization issues in my web application. I went to
http://support.microsoft.com/?kbid=887459 and pasted their code into my
Application_Start event in Global.asax:
If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
End If
but when I start my application I get the following error from that code:
Request is not available in this context
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Request is not available in
this context
Source Error:
Line 34: 'the following was added to adhere to MS "best
practices" to avoid a canonicalization exploit. (MB) FP# 7157
Line 35: 'see http://support.microsoft.com/?kbid=887459 for more
info
Line 36: If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
Line 37: System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Line 38: Throw New HttpException(404, "Not Found")
Source File: C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb Line: 36
Stack Trace:
[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpApplication.get_Request() +83
WebwareSales1.Global.Application_Start(Object sender, EventArgs e)
in C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb:36
----------------
Does anyone know what I need to do to make this work? I'm not sure what
my context issue is. I was just hoping the MS code would just work. Thanks!
Matt
canonicalization issues in my web application. I went to
http://support.microsoft.com/?kbid=887459 and pasted their code into my
Application_Start event in Global.asax:
If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
End If
but when I start my application I get the following error from that code:
Request is not available in this context
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Request is not available in
this context
Source Error:
Line 34: 'the following was added to adhere to MS "best
practices" to avoid a canonicalization exploit. (MB) FP# 7157
Line 35: 'see http://support.microsoft.com/?kbid=887459 for more
info
Line 36: If (Request.Path.IndexOf(Chr(92)) >= 0 Or _
Line 37: System.IO.Path.GetFullPath(Request.PhysicalPath) <>
Request.PhysicalPath) Then
Line 38: Throw New HttpException(404, "Not Found")
Source File: C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb Line: 36
Stack Trace:
[HttpException (0x80004005): Request is not available in this context]
System.Web.HttpApplication.get_Request() +83
WebwareSales1.Global.Application_Start(Object sender, EventArgs e)
in C:\Inetpub\wwwroot\WebwareSales1\Global.asax.vb:36
----------------
Does anyone know what I need to do to make this work? I'm not sure what
my context issue is. I was just hoping the MS code would just work. Thanks!
Matt