tags:

views:

703

answers:

2
+2  Q: 

How to get WebResource.axd querystring in correct case?

I am getting the css files for minifying and compressing from QueryString["path"] everything works correctly for my own css files like main.css. But when I try to acess the webresource files I receive a 500 error. The parameter which comes after the webresource.axd is case sensitive and I receive it from QueryString["path"] lowercase.

This is what I get from QueryString["path"] :

http://localhost/test/webresource.axd?d=-phgrn6r6zgehvbi697-bxvkl_gidnplxpdeukz5kncgr9hvnfvttpgykwyw05cda-nymtz9od_bbww3ynzxha2&t=633789305460522066

The above link generate error : CryptographicException: Padding is invalid and cannot be removed.

This is what the correct link look like :

http://localhost/test/WebResource.axd?d=-pHGRn6r6ZGehvBI697-BxVKl_GIdNPlxPdEUKZ5KNcGR9hvnfVtTpgyKwYw05cDa-NymTz9OD_bBwW3ynZXhA2&t=633789305460522066

The only difference is in the case. CryptographicException seem to be common but even setting machineKey didn't fixed the problem. Any hint on how could I get the the webresource.axd in the original case?

EDIT

Code was requested :

public void ProcessRequest(HttpContext context) {
    Control c = new Control();
    string root = context.Request.Url.GetLeftPart(UriPartial.Authority);
    string path = context.Request.QueryString["path"];
    string content = string.Empty;

    if (!string.IsNullOrEmpty(path)) {
        if (context.Cache[path] == null) {
            List<string> dependencies = new List<string>();
            string[] styles = path.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
            foreach (string style in styles) {
                content += RetrieveStyle(root + c.ResolveUrl(style)) + Environment.NewLine;
                dependencies.Add(context.Server.MapPath(style));
            }
            content = StripWhitespace(content);
            context.Cache.Insert(path, content, new CacheDependency(dependencies.ToArray()), Cache.NoAbsoluteExpiration, new TimeSpan(DAYS_IN_CACHE, 0, 0, 0));
        }
    }
}

It crashes in RetreiveStyle when I call :

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
+1  A: 

The culprit looks like the code that is generating the “path” querystring csv or some hardware or filter between that source and your handler.

If the source of handler request is a browser what does the handler url look like through view source or firebug? Is it lowercase already?

Working forward from that, do you have any modules etc registered in you IIS pipeline?

Matthew Pelser  2009-07-06 23:34:19
A: 

I do not have an answer but we have experienced a similar problem and I have a few things to add, which could help identifying the issue. So, here it goes:

We have an iHTTPHandler (lets call it Login.ashx) that accepts a GET request, which contains a token in base64 format. The token is then decrypted using Rijndael algorithm.

This process is working most of the time, however, in the last month we had several requests that failed due to System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. error. This error is raised in our case when a token (base64 string) is in lowercase and cannot be decrypted.

After going through logs and activity records I can see that a particular user would attempt to come to our side via Login.ashx and the request would fail due to the error in question. The whole querystring of the request (there is more than just token) including names and values is in lowercase. Then the same user would attempt a login a few minutes later and is able to get in because the querystring was not transformed to lower case.

So, I have a feeling that the issue could be browser related. I am not sure if proxy could affect this.

Additional info: There is no browser information captured in the server variables. ALL_HTTP and ALL_RAW variables have almost no data:

  • ALL_HTTP HTTP_CACHE_CONTROL: no-cache HTTP_HOST:our server name
  • ALL_RAW Cache-Control: no-cache Host: our server name

There is also no HTTP_REFFERER.

I have tried to replicate this issue with different browsers (Safari3, Chrome1, Opera9.2, IE6,7,8, Firefox3) with no luck.

We have a web farm with 10 servers configured identically (at least I hope they are)

I will add more info if I get any progress.

 2009-07-14 18:43:25

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps