HttpHandlers and directory authentication/HttpModules

I decided to implement  Admin Rss Feeds after a particularly draining Friday. For the most part it went pretty smoothly, and learned something about working with a different team too ;). I Implemented an HttpModule that looked for FormsAuthentication redirects for rss feeds and changed it over to use basic authentication so rss readers could authenticate.

And for a while all was good. In fact other then unit tests I had thought I was done.

Then just to be thorough I set up several subfolder blogs off of localhost, and everything stopped working. Apparently something in the way that the rss HttpHandlers in Subtext are called skips all of the HttpModules set up in the web.config. I have a fix for this, I loop through all of the modules in the application and initialize them. I dont think this is the right solution since it also stops the <authorization> section in the /Admin folder is not being looked at either.


Technorati Tags: , ,

Subtext Admin Rss Feeds

I just committed the changes to provide 3 administrative rss feeds:

  • Comments Needing Moderation
  • Referrals
  • Errors

The change also uses the HttpModule that will convert forms authentication into basic authentication so that the feeds can be viewed in an Rss reader. After seeing I had thought about changing over to use it instead of the simple module I wrote. I decided not to however because it would have meshed well with Subtexts security model.

This was one of the more interesting things I have worked on in a while, though I am already thinking of several improvements that could be made (in the next version). These include:

  • A module for digest authentication.
  • A Configuration section for the new authentication modules to allow them to work with other file times outside of rss feeds.
  • A rework of the way that rss writers are done. Currently a new one needs to be added, along with a HttpHandler when a feed is going to serve up a new object type. It would be nice to be able to configure the feeds using the web.config or setting stored in database to be able to create feeds on any available subtext object collection.
  • Something seems off with the Error feed’s times. I think the local time is being stored without converting it to UTC or specifying a timezone.


Technorati Tags: , ,

HttpHandlers and web.config settings

I figured out what was happening in my previous post. It makes a bit more sense now that I have seen it, being able to just stop working on something is handy, basically the Rss feeds don’t do URL rewriting. So the call to /test1/Admin/ModeratedCommentRss.aspx uses the /web.config and would use the /test1/Admin/web.config, but it has no reason to look at the /Admin/web.config.

Not completely sure how I should change this. Right now I have the ModeratedCommentRss.aspx checking to see if the requestor is an Admin, and if not it calls FormsAuthentication.RedirectToLoginPage(). This works, but I would rather a solution that didn’t involve people needing to know to put the check in.

I also found this module helpful when I was figuring out where to do the conversion:  

public class DebugModule:System.Web.IHttpModule
    public EventHandler GetEventhandler(string name)
        return new EventHandler(delegate(object sender, EventArgs e)
            HttpApplication app = (HttpApplication)sender;
            HttpContext context = app.Context;
            if (context != null)
                Debug.WriteIf(context.Response.StatusCode == 302, "Redirecting - ");

    public void Init(HttpApplication app)

        Debug.WriteLine("Module Init");
        Type appType = app.GetType();
        EventInfo[] events = appType.GetEvents();
        foreach (EventInfo eventInfo in events)
            eventInfo.AddEventHandler(app, GetEventhandler(eventInfo.Name));

I used that class and a small test web project to figure out how to change the FormsAuthentication over to Basic authentication (seems like mixed authentication should have already been there though). 

Of course shortly after I figured most of it out I saw the link to the MSDN article Phil Haack had posted for the feature request.

Blog Alias Recap

Well the blog alias feature is in, and the self spam in my referral section has reduced significantly since I started using it last night. Its also nice not seeing Google and Yahoo spidering my blog on 4 different domains (still don’t know how they got 2 of them).

How To Use

  • Blog edit screen has a list all the domain aliases, and a button to add a new alias.
  • If an alias is found, redirects request to the associated blog.
  • Aliases can be at both the host and subfolder level.
    Note: Requests are validated against blogs first, so if there is only one blog with a give host name then subfolder aliases would not work.


  • Rob Conery is for the most part right about the provider model. Having both a data provider and an object provider with wrapper objects over that on top of that seemed to be a little overkill. But even so, figuring out where to put the changes was one of the more enjoyable parts of the change, which was paid for when I implemented the change. I also learned that it is better then the way we do it at work (think really big Page_Load functions).
  • I still don’t care much post backs, especially after a pseudo-AJAX/JavaScript framework at work since .Net 1.0. They aren’t as bad as I remembered them being, but the refresh popup when navigating is annoying.
  • Seeing a message appear in my email about the build being broken within 30 minutes of committing is somewhat disheartening. Thankfully it wasn’t my code, though it did make me look at aggregate blogs which I had missed when testing.
  • That I learned far more from making changes to the code then I would have from just reading through it.

Areas for improvement

  • The formatting of the host admin page could likely be improved some.
  • Possibly add more validation to prevent overlap of aliases between blogs.
  • The requests seem a little bit chatty with the database, looks to be something with the lookup for cookie paths.

What’s Next

Committing to subtext, blog/domain aliases

Well, I got my first major feature for Subtext done, blog/domain aliases for the blog, but I find myself hesitant to click commit. Its not that I doubt it works, it is currently running on my blog right now. I just don’t feel comfortable checking in code that I can’t respond to problems with for about 19 hours, and would hate to really foobar stuff so soon after getting commit access ;).

After I do check it in, something along the lines this will be showing in the host admin:

This works a lot like the www prefix currently does.

So I’ve decided to wait till tomorrow after work to commit. Will likely type of some what I learned type of post too, mostly to get in the habit.

I wish C# 3.0 was here already

I was reading IHttpContext And Other Interfaces For Your Duck Typing Benefit over on Haacked. It reminded my of something I did Thursday, which made me wish that .Net 3.5 was already usable.

I actually finally convinced my boss to let me try to automate at least some of the testing. So first order of business, change our the SQL installer program we use to allow it run without user interaction.

After a good amount of refactoring of the monolithic control function, I get that part working. It can now do everything it needs to do by passing in all the stuff I need on the command line. After answering some several questions from the junior developers, several of which they answered them selves during the course of the conversation, I start to move onto making it into something useful.

I decide to make a simple API that I could use to inside of programs, so I can make a quick proof of concept for my boss who is skeptical that it would be feasible to make tests for the SQL (business logic). Something along the lines of here are your options, start and let me know how it went. That’s when the fun started, its a single executable file and “needs” to stay that way (which I agree with overall). After my momentary amnesia about not being able to reference exe files, I decide that I am going to use reflection.

My first attempt went something like:

//The installer has a start method
interface IInstaller{void Start();} 
public IInstaller Bind()
	Assembly assembly = Assembly.LoadFile("<Path>");
	Type type = assembly.GetType("namespace.frm");
	ConstructorInfo constructorInfo = type.GetConstructor(new Type[]{});
	IInstaller installer = (IInstaller)constructorInfo.Invoke(new object[]{});

That didnt work so well, since while namespace.frm object had a Start method, it wasn’t from that interface, and shared no assemblies in common that I could use an interface from. In the end I decided to make a wrapper class that would take the object and make use a delegate to keep a reference to the Start method.

Something close to this:

public interface IInstaller{void Start();}
public class InstallerWrapper:IInstaller
	private delegate void StartMethod();
	StartMethod startDelegate;
	object _installer;
	public InstallerWrapper(object installer)
		_installer = installer;
		startDelegate = (StartMethod)Delegate.CreateDelegate(typeof(StartMethod), installer, "Start");
	public void Start()
public IInstaller Bind()
	Assembly assembly = Assembly.LoadFile("<Path>");
	Type type = assembly.GetType("namespace.frm");
	ConstructorInfo constructorInfo = type.GetConstructor(new Type[]{});
	return new InstallerWrapper(constructorInfo.Invoke(new object[]{}));

Thinking about what I have read about the implementation of it in C# 3.0 I would likely have needed to do it this way anyways, since atleast from what I have read it is a compile time feature. Haven’t tested it yet on my VS 2008 beta VM yet though, so I could be wrong.

Oh, and please forgive the formatting of the code, haven’t done it much yet.