X-MicrosoftAjax header being stripped out by firewalls

C

Chris Chamberlain

Hi,

I am using the ms ajax library with an update panel in a user web control.
The update panel contains two linked dropdownlists whose contents are
modified (on autopostback) depending on the selection in eachother. This
also modifies the imageurl of an image control, also in the same update
panel.

This works fine locally, but as soon as I host it on our webserver (outside
our firewall) and access it from inside our firewall, it throws an error:
"Sys.WebForms.PageRequestManagerParserErrorException: The message received
from the server could not be parsed...". It works fine when called from a
browser on the webserver itself.

I have discovered this is down to our firewall stripping out the "unknown
header" X-MicrosoftAjax, which is added to the web request by the
ScriptManager during the postback. This causes the server to think it's a
full-page postback and sends back the entire page in the response, not just
the partial update. The page works fine when I remove the "unknown headers"
filter from our firewall.

This will also happen to other visitors who have similar filters on their
firewalls and, I assume, must affect *every* website that uses ajax update
panels.

I have only found one solution so far for this, which involves BeginRequest
in global.asax and requires adding the header back in to the collection if
it is found to be missing on an ajax partial postback, (code below).

However, I am receiving the error "Operation is not supported on this
platform." at System.Web.HttpHeaderCollection.Add(String name, String
value).

Does anyone have any idea how to get around either of these problems?

Kind regards

Chris Chamberlain
Head of IT
VEF (UK) Ltd
www.vefuk.com
------------------------------------------------------------------

Code (found on http://forums.asp.net/p/1144748/1850717.aspx):

On the page with the UpdatePanel...
<script type="text/javascript>
function beginRequest(sender, args) {
var r=args.get_request();
if (r.get_headers()["X-MicrosoftAjax"])
{
b=r.get_body();
var a="__MicrosoftAjax=" +
encodeURIComponent(r.get_headers()["X-MicrosoftAjax"]);
if (b!=null && b.length>0)
{
b+="&";
}
else
b="";
r.set_body(b+a);
}
}
Sys.WebForms.PageRequestManager.getInstance().add_beginRequest(beginRequest);
</script type="text/javascript>

And in BeginRequest (Global.asax or in an HttpHandler).....
HttpRequest request = HttpContext.Current.Request;
if (request.Headers["X-MicrosoftAjax"] == null &&
request.Form["__MicrosoftAjax"] != null)
{
request.Headers.GetType().InvokeMember("MakeReadWrite",
System.Reflection.BindingFlags.InvokeMethod |
System.Reflection.BindingFlags.NonPublic |
System.Reflection.BindingFlags.Instance, null, request.Headers, null);
request.Headers.Add("X-MicrosoftAjax", request.Form["__MicrosoftAjax"]);
request.Headers.GetType().InvokeMember("MakeReadOnly",
System.Reflection.BindingFlags.InvokeMethod |
System.Reflection.BindingFlags.NonPublic |
System.Reflection.BindingFlags.Instance, null, request.Headers, null);
}
 
S

Sean Moran

Did you ever figure this out? I am having a similar problem and getting the same error message.

Thanks,

Sean
 
S

Sean Moran

Did you ever figure this out? I am having a similar problem and getting the same error message.

Thanks,

Sean
 
J

jonelf

This will also happen to other visitors who have similar filters on their
firewalls and, I assume, must affect *every* website that uses ajax update
panels.

Yes, but it is very uncommon that corporate firewalls strips headers
for users accessing a site (outbound). It is way more common that a
strip occurs on the way in to a server (inbound).
However, I am receiving the error "Operation is not supported on this
platform." at System.Web.HttpHeaderCollection.Add(String name, String
value).

Does anyone have any idea how to get around either of these problems?
Code (found onhttp://forums.asp.net/p/1144748/1850717.aspx):

The guy who posted that code has posted an update there that does not
give that error message for me.

It looked really promising until I got:
Sys.WebForms.PageRequestManagerParserErrorException: The message
received from the server could not be parsed...
Details: Error parsing near 'sdfsdfsdfsdf=|64'.
Where sdfsdfsdf is the end of the ViewState.

Analyzing the responses from the server, first going through the
firewall and then while accessing the site directly I notice some
small differences.

This a part of the response for direct connection:
Content-Type: text/plain; charset=utf-8

1c3a5
115566|updatePanel|ctl00_mainPlaceHolder_UpdatePanel2|

and this is while going through the firewall/proxy:
Content-Type: text/plain; charset=utf-8

115566|updatePanel|ctl00_mainPlaceHolder_UpdatePanel2|

Somehow 1c3a5 has been removed. If anyone of you can tell my why or
even what 1c3a5 is in this context you would make my day.

Also if you do have another solution to the problem with firewalls
stripping the x-microsoftajax header that would also be very
interesing.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top