before a couple of days ,I started to work on Vista and IIS 7, and since the default installation for Vista doesn't includes IIS7 ,
I started by trying to install IIS 7, I went to control panel, Programs and features, then to " turns windows features on or off",
After the dialog displayed , I navigate to application development features and checked asp.net and IIS management console,
then I selects to install them , after the installation finishes , I prompted to restart the computer and i did ,
after i logged in a gain , and after i added an existing website to in IIS, i requested the website from the browser,then the problems started ,
the browser displayed an empty page with no images , no scripts ... I tried to restart, reinstall with no , after many hours I find it ,
I didn't check the "Static Content service" , look at the red Box in the Image below :
Note that the "static content" service is responsible for serving the Static contents like images, scripts , style sheets file, ....
In my opinion , if the user doesn't checked this option( which will be checked by default if you checked the " internet information service " root node ) windows vista must displays an alert or something , so that the user doesn't waste the time to know the problem ...
So I posted this problem and hoping to help some one in the future ,
Best Regards,
Anas Ghanem
While I'm helping the Folks on asp.net forums, I noticed that there is a lot of develoeprs trying to access the Http Session in Page Constructor !
Most of them used this to Implement a kind of Secured Base Page that checks the session value ,and if its missing , it will redirect to login or whatever page,
some of them write this Class :
public class AdminSecuredPage : System.Web.UI.Page
{
public AdminSecuredPage()
{
if (Session["AdminUser"] == null) {
Response.Redirect("~/login.aspx");
}
}
}
Note that the above class will throws HttpException ,
which tells :
"Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration> ..."
well the above exception will be thrown because the session is not ready when the Page constructor was called .
The Solution :
One solution is to Move the Code from Page Constructor to Page_init , Note that the page_init for this class will be called before the the Page_init of its Sub Page Class,
so you can check the Session value as follows:
public class AdminSecuredPage : System.Web.UI.Page
{
public AdminSecuredPage()
{}
protected override void OnInit(EventArgs e)
{
// if the user is not Admin , redirect to Login Page
if (Session["AdminUser"] == null)
Response.Redirect("~/login.aspx");
// this needed to initialize its base page class
base.OnInit(e);
}
}
Edit 1:
Note that using the session for that purpose is not a good practice , because there is al ready a built in FormsAuthentication services for asp.net,
however , i will not discuss the security approches here...
Edit 2:
I want to mention that you should also avoid accessing the Session in the Page Local Variables , like this example ( look at the Bold word)
Partial Class Page1
Inherits System.Web.UI.Page
Private LocalVar as string=Session("MyVar")
that will also throw the HttpException !
Hope It Helps,
Anas Ghanem