Hi Gyus,
We have a service in IIS and we want to perform a certain check every time someone calls one of our APIs, no matter which one.
To that end, we registered for the Global_AuthenticateRequest event in the Global.asax file of the service, as follows:
public override void Init()
{
base.Init();
AuthenticateRequest += Global_AuthenticateRequest;
}
Within the event we perform our business checks and assuming something is wrong,
we want to throw back to the user status code 401 with some message and end the call here
without the user getting to the logic in the API itself:
private void Global_AuthenticateRequest(object sender, EventArgs e)
{
try
{
if (SomeLogicTestAreBad())
{
Response.StatusCode = 401;
Response.StatusDescription = "This is our custome message";
Response.End();
}
}
catch (Exception ex)
{
NLogger.Instance.Error(ex);
}
}
This is where the problem begins:
In any other service where we apply this code - everything works fine.
Calling the API in any tool (Insomnia, Postman or any browser) returns with 401.
In this specific service we get status code 200 (OK) no matter what is done in the code.
Looking at the logs, we get a weird exception that says the following:
System.Threading.ThreadAbortException: Thread was being aborted.
at System.Web.HttpResponse.AbortCurrentThread()
at IDS_S.Global.Global_AuthenticateRequest(Object sender, EventArgs e)|
{
"Type": "System.Threading.ThreadAbortException",
"ExceptionState": "System.Web.HttpApplication+CancelModuleException",
"Message": "Thread was being aborted.",
"Data": {},
"TargetSite": "Void AbortInternal()",
"StackTrace": " at System.Threading.Thread.AbortInternal()\r\n
at System.Threading.Thread.Abort(Object stateInfo)\r\n
at System.Web.HttpResponse.AbortCurrentThread()\r\n
at IDS_S.Global.Global_AuthenticateRequest(Object sender, EventArgs e)",
"Source": "mscorlib",
"HResult": -2146233040
}
We visited the following link on the Microsoft website:
https://docs.microsoft.com/en-us/troubleshoot/developer/webapps/aspnet/development/threadabortexception-occurs-you-use-response-end
From this we understand the following:
"The Response.End method ends the page execution and shifts the execution to the Application_EndRequest event in the application's event pipeline.
The line of code that follows Response.End is not executed.
This problem occurs in the Response.Redirect and Server.
Transfer methods because both methods call Response.End internally."
Later in the article, they also recommend trying and using the following code as an alternative:
private void Global_AuthenticateRequest(object sender, EventArgs e)
{
try
{
if (SomeLogicTestAreBad())
{
Response.StatusCode = 401;
Response.StatusDescription = "This is our custome message";
HttpContext.Current.Response.SuppressContent = true;
HttpContext.Current.Response.TrySkipIisCustomErrors = true;
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
}
catch (Exception ex)
{
NLogger.Instance.Error(ex);
}
}
Unfortunately, all our attempts to obtain status code other than 200 failed.
We think this may be a specific setting in the web.config file but we are unable to put our finger on the right place.
Has anyone encountered such a case and / or can explain what causes it (and how to solve it of course)?
Thanks!
What I have tried:
In addition to all, we have tried to return the Response from other events in Global.asax without success.