3

In my MVC3 application, I'm using Application_AuthenticateRequest to create my custom user context and create the session. However, I notice that this is getting fired for every file per page request, including images, js, css, etc.

Is this the right method to do what I'm trying to do, or should I be doing this somewhere else (i.e. action filter)? Or, is this the right place, I just need to put some checks and/or configuration to ensure this method (or my block of code) is just executed for page requests instead of requests for static files?

I searched for a while trying to find the answer, and found one specific to IIS7, but this is happening for me on my ASP.NET dev server (debugging) on WinXP. Other than that, I couldn't find much, which leads me to think I may be way off on something here, possibly overlooking something simple.

Thanks in advance.

Jerad Rose
  • 15,235
  • 18
  • 82
  • 153
  • Cassini (the VS web server) will run everything through the .net pipeline. You shouldn't have an issue on production. What you can do is check the extension and do a 'return;' in the beginning of your method. – turtlepick Apr 30 '11 at 16:52
  • @flaviotsf: It's not just Cassini, [IIS 7 also has an integrated pipeline mode](http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/). – Roman Apr 30 '11 at 17:16
  • You might be interested in this related question [IIS7 Integrated Mode - Bypass Forms Auth for static files](http://stackoverflow.com/questions/1942336/iis7-integrated-mode-bypass-forms-auth-for-static-files) – Roman Apr 30 '11 at 17:28
  • Yeah, I checked both of those, but like I said, they were specific to IIS7. So maybe I should look into action filters, as @counsellorben suggests. Sounds like it may be more appropriate than what I'm doing anyway. Or, not worry about it w/ Cassini and configure IIS7. – Jerad Rose Apr 30 '11 at 17:31

1 Answers1

2

Jerad,

You are correct that you would be better off creating an action filter to handle your user context. You can decorate those controllers where the user context is required.

This is a better solution than using code to investigate the request, just so you can ignore particular requests.

counsellorben

counsellorben
  • 10,924
  • 3
  • 40
  • 38
  • Thanks, counsellorben, this works well and seems much more elegant. Not sure why I didn't try this to begin with. – Jerad Rose Apr 30 '11 at 17:39