Custom Rss Admin feeds

I fixed up the Rss Admin feeds so that modifying web.config (along with new handler classes) would not needed to add a new Admin Rss feed.

Also added a simple form to allow administrators to created their own. It is a bit limited, but adding additional options should not be to hard. Though those will have to wait till a later date.

On a side note, I found that if I had the option of returning the non-generic  base class, or a generic subclass it makes the code a lot more flexible if you return the non-generic base class if you do not have a need to have the generic type.



Technorati Tags:

HttpHandlers and directory authentication/HttpModules

I decided to implement  Admin Rss Feeds after a particularly draining Friday. For the most part it went pretty smoothly, and learned something about working with a different team too ;). I Implemented an HttpModule that looked for FormsAuthentication redirects for rss feeds and changed it over to use basic authentication so rss readers could authenticate.

And for a while all was good. In fact other then unit tests I had thought I was done.

Then just to be thorough I set up several subfolder blogs off of localhost, and everything stopped working. Apparently something in the way that the rss HttpHandlers in Subtext are called skips all of the HttpModules set up in the web.config. I have a fix for this, I loop through all of the modules in the application and initialize them. I dont think this is the right solution since it also stops the <authorization> section in the /Admin folder is not being looked at either.


Technorati Tags: , ,

Subtext Admin Rss Feeds

I just committed the changes to provide 3 administrative rss feeds:

  • Comments Needing Moderation
  • Referrals
  • Errors

The change also uses the HttpModule that will convert forms authentication into basic authentication so that the feeds can be viewed in an Rss reader. After seeing I had thought about changing over to use it instead of the simple module I wrote. I decided not to however because it would have meshed well with Subtexts security model.

This was one of the more interesting things I have worked on in a while, though I am already thinking of several improvements that could be made (in the next version). These include:

  • A module for digest authentication.
  • A Configuration section for the new authentication modules to allow them to work with other file times outside of rss feeds.
  • A rework of the way that rss writers are done. Currently a new one needs to be added, along with a HttpHandler when a feed is going to serve up a new object type. It would be nice to be able to configure the feeds using the web.config or setting stored in database to be able to create feeds on any available subtext object collection.
  • Something seems off with the Error feed’s times. I think the local time is being stored without converting it to UTC or specifying a timezone.


Technorati Tags: , ,

HttpHandlers and web.config settings

I figured out what was happening in my previous post. It makes a bit more sense now that I have seen it, being able to just stop working on something is handy, basically the Rss feeds don’t do URL rewriting. So the call to /test1/Admin/ModeratedCommentRss.aspx uses the /web.config and would use the /test1/Admin/web.config, but it has no reason to look at the /Admin/web.config.

Not completely sure how I should change this. Right now I have the ModeratedCommentRss.aspx checking to see if the requestor is an Admin, and if not it calls FormsAuthentication.RedirectToLoginPage(). This works, but I would rather a solution that didn’t involve people needing to know to put the check in.

I also found this module helpful when I was figuring out where to do the conversion:  

public class DebugModule:System.Web.IHttpModule
    public EventHandler GetEventhandler(string name)
        return new EventHandler(delegate(object sender, EventArgs e)
            HttpApplication app = (HttpApplication)sender;
            HttpContext context = app.Context;
            if (context != null)
                Debug.WriteIf(context.Response.StatusCode == 302, "Redirecting - ");

    public void Init(HttpApplication app)

        Debug.WriteLine("Module Init");
        Type appType = app.GetType();
        EventInfo[] events = appType.GetEvents();
        foreach (EventInfo eventInfo in events)
            eventInfo.AddEventHandler(app, GetEventhandler(eventInfo.Name));

I used that class and a small test web project to figure out how to change the FormsAuthentication over to Basic authentication (seems like mixed authentication should have already been there though). 

Of course shortly after I figured most of it out I saw the link to the MSDN article Phil Haack had posted for the feature request.

Blog Alias Recap

Well the blog alias feature is in, and the self spam in my referral section has reduced significantly since I started using it last night. Its also nice not seeing Google and Yahoo spidering my blog on 4 different domains (still don’t know how they got 2 of them).

How To Use

  • Blog edit screen has a list all the domain aliases, and a button to add a new alias.
  • If an alias is found, redirects request to the associated blog.
  • Aliases can be at both the host and subfolder level.
    Note: Requests are validated against blogs first, so if there is only one blog with a give host name then subfolder aliases would not work.


  • Rob Conery is for the most part right about the provider model. Having both a data provider and an object provider with wrapper objects over that on top of that seemed to be a little overkill. But even so, figuring out where to put the changes was one of the more enjoyable parts of the change, which was paid for when I implemented the change. I also learned that it is better then the way we do it at work (think really big Page_Load functions).
  • I still don’t care much post backs, especially after a pseudo-AJAX/JavaScript framework at work since .Net 1.0. They aren’t as bad as I remembered them being, but the refresh popup when navigating is annoying.
  • Seeing a message appear in my email about the build being broken within 30 minutes of committing is somewhat disheartening. Thankfully it wasn’t my code, though it did make me look at aggregate blogs which I had missed when testing.
  • That I learned far more from making changes to the code then I would have from just reading through it.

Areas for improvement

  • The formatting of the host admin page could likely be improved some.
  • Possibly add more validation to prevent overlap of aliases between blogs.
  • The requests seem a little bit chatty with the database, looks to be something with the lookup for cookie paths.

What’s Next