čtvrtek 26. ledna 2012

Conditional compilation/execution


Sometimes you need to execute a code based on some settings in the execution environment, debug mode is typical example for this. An example from the real world: when I’m in debug mode I don’t want to check the incoming IP address of the client against my list of allowed IP addresses, but in production environment this is a required feature. How to achieve this?
  1. Comment and uncomment the call to CheckIpAddress manually – well, it works but I can bet all my money that you forget to uncomment it before doing deployment to release environment :)
  2. Use conditional compilation directives - #if #elif #endif etc., these work against some defined symbol in the assembly, the code block inside #if is compiled or skipped based the symbol in the condition. Skipped means that the code block won’t be in the assembly. This is better solution but the code can become quickly messy, fragmented and hard to read

    public void TestMethod()
         {
             #if IPCHECK
                 CheckIpAddress();         
             #endif         
         }
         
         private void CheckIpAddress()
         {
             // TODO ip check logic
         }

  3. Use the Conditional attribute – a method marked with this attribute is called only when the symbol defined in the attribute is present in the calling environment (e.g. assembly). This results in a clearer code than in  the previous case. The method is compiled to assembly, but it is not executed. This is a difference between conditional compilation and conditional attribute 

    public void TestMethod()
         {
             CheckIpAddress();  
         }

         [Conditional("IPCHECK")]
         private void CheckIpAddress()
         {
             // TODO ip check logic
         }

How can you define such a symbol? 
  1. Use the #define directive in code - #define IPCHECK
  2. In Visual Studio 2010 there is a possibility to set such symbols directly in the UI at the level of project and build configuration   
Project Properties in VS2010

Just a final note, on the picture you can see a checkbox define DEBUG constant, this is checked by default in the Debug configuration, this is why you can by default use the DEBUG symbol in your code (I didn’t recognize this and worked with DEBUG naturally without knowing how it works)

Links:
http://msdn.microsoft.com/en-us/library/aa664622%28v=vs.71%29.aspx
http://www.csharpfriends.com/Articles/getArticle.aspx?articleID=420   
Vystavil v Žádné komentáře:
Štítky:

sobota 7. ledna 2012

P3P - cookies in iframe

On the level of browser you can control how the browser handles cookies registered by the application. You can turn off cookies completely (if that's your case than stop reading :) or can turn off cookies only in some specific case. The default setting can be different in different browsers, but in most of the cases browsers allow working with cookies.
In one of my integration projects where I was integrating our asp.net web application to one of our partner's application I encountered a problem with cookies denial in internet explorer.

Our application is hosted inside an iframe and after successfull login it issues an authentication cookie (forms authentication). Cookie is registered and works fine in firefox and chrome, but IE doesn't register the cookie and the flow of pages ends on the default redirect page (loginpage) after requesting some protected page from the application.

I rarely work with iframe, so it was new to me. After searching the net I've found out, that IE's default privacy setting is Medium, which doesn't allow the acceptance of third party cookies without compact privacy policy.



Ok, I understand that our application running in an iframe under different domain than the hosting application is considered as third party, but what is compact privacy policy and how can i set it up?

Well, privacy policy is some "proclamation" of the web site creator, how he will handle the data that the user enters on the site... It is even standardised and can be in an xml document which you link to your pages or can be as a compact privacy policy (shorter) added to http header of your site. On the web there are generators where you click in what you will do with the data and they give you the xml or the compact privacy policy.
If the browser receives this privacy policy it doesn't block your site in an iframe and accepts it's cookies as well.

In ASP.NET you can add a p3p policy using:
HttpContext.Current.Response.AddHeader ("p3p","CP=\"IDC DSP COR
ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
If the browser receives this privacy policy it doesn't block your site in an iframe and accepts it's cookies as well.
I think this header needs to be on every page of your site, in my case the login was done by a http handler where I didn't know where to add this header (in process_request it was too late)
So I decided to put it to the http header directly in the IIS, this way every resource served by IIS will have this header which is acceptable for me.
After restarting IIS the application started to work in IE as well as in other browser.

Please note that this post is not giving the world something new, it is more a reminder or knowledge base article to me and I hope that it can help somebody else dealing with the same problem too.

Links which I've found useful:
http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies
Vystavil v Žádné komentáře:
Štítky: , , ,
Přihlásit se k odběru: Příspěvky (Atom)