mca blog

as i've mentioned in this blog before, one of my favorite features of ASP.NET is the ability to write ASHX scripts. basically, they're HttpHandlers, but you don't even have to compile them. they're *sweet*!

today was another example..

we needed the ability to have browser clients 'ping' the server to confirm that the current session had not timed out. we use an encrypted cookie to track this (i know, let's not get into that...) and we use lots of Ajax calls. it can get messy when a browser client attempts to make a call to a secured resource[g]. anyway, our back-end tools already had the right parts, we just needed an HTTP end-point to hit. so i whipped out my ASHX script!

it took me just a few minutes to write a script that uses our back-end tools to confirm an authenticated session against our data store and respond accordingly. here's the total code set (minus some pre-amble):

    public void ProcessRequest(HttpContext ctx)
    {
        DICollection topParameters = new DICollection();
        Utility util = new Utility();

        string auth_cookie = string.Empty;
                
        try
        {
            // pull any args that exist
            topParameters = util.GetArgs(ctx);
            
            if(!util.ConfirmSession(ctx,ref topParameters))
            {
                ctx.Response.StatusCode=400;
                ctx.Response.StatusDescription="Invalid Session";
                ctx.Response.Write("Invalid Session");
            }
            else
            {
              auth_cookie = (topParameters["session-auth"]!=null?topParameters["session-auth"].ToString():string.Empty);
              if(auth_cookie==string.Empty || auth_cookie==Constants.empty_guid)
              {
                ctx.Response.StatusCode=400;
                ctx.Response.StatusDescription="Unauthenticated Session";
                ctx.Response.Write("Unauthenticated Session\n");
              }  
              else
              {
                ctx.Response.StatusCode=200;
                ctx.Response.StatusDescription="Authenticated Session";
                ctx.Response.Write("Authenticated Session\n");
              }                
            }
            
            ctx.Response.ContentType="text/plain";
            ctx.Response.AddHeader("Cache-Control","private,must-revalidate,post-check=1,pre-check=2,no-cache");
            ctx.Response.End();
            
        }
        catch (System.Threading.ThreadAbortException taex)
        {
            // no problem - redirecting, just move on
            ctx.Server.ClearError();
        }
        catch (Exception ex)
        {
            // bummer
            util.EmitClientAlert("500", ex.Message);
        }
    }

next, i coded up a small javascript object that included a timer and an HTTP GET to this end-point. no muss, no fuss! we have a nice session validator that can respond when a user times out (or is near their time-out threshold). not bad for a day's work, eh [g]?