April 2011 Entries

Using an HttpModule to Clean Up Form and QueryString Input

"A potentially dangerous Request.Form value was detected from the client". To avoid XSS attacks, ASP.NET throws a lovely yellow screen of death with that message. But sometimes you want to accept potentially dangerous input, or you just don't want to have that error splashed across the screen. Being a fan of prevention rather than cure, I figured I'd make an IHttpModule to screen input before it gets to my application.

Self-Configuring Unity Interception

The application I'm currently working on performs user authorization using authorization objects injected into Service Layer methods using Unity Interface Interception. There's quite a lot of these objects, which means quite a lot of configuration, so I decided I'd make them configure themselves :)

So I did a grok talk on Unity Interception...

Yesterday I did my first grok talk - it was on Unity Interception at Dot Net Dev Net in Bristol, UK. It went ok! The feedback was that the content was very good but the presentation could have been a bit better, which is very possibly the story of my programming life :) For posterity, I've put the content on Github.

Using an HttpModule to Redirect a Request When an Uploaded File is Too Big

Today I wanted to build something into an ASP.NET MVC application to impose a size limit on uploaded files. I wanted to use an HttpModule so I could get at the upload before any Controllers got involved, and redirect the request if the file was too big. I did this without much fuss, but the redirect went to an ASP.NET "Maximum request length exceeded" error page. I just wanted to do a redirect, darnit!

Using a custom IValueProvider for domain model objects in ASP.NET MVC 2

I had a series of ASP.NET MVC controllers which took identifiers for various domain objects, loaded the objects, then passed them to ViewModels. In order to DRY out the code a bit I decided to factor the object-loading logic into a customer IValueProvider - it turned out pretty neat, and this is how I did it :)