As part of my company’s Technical Council, we are working on defining our process for promoting code from one environment to the next. One of the items we wanted to standardize across our enterprise was how we stop a site during a promotion.
ASP.NET 2.0 has a nice feature for shutting down a site called App Offline. As Scott Guthrie from Microsoft puts it, “the way [App Offline] works is that you place this file in the root of the application. When ASP.NET sees it, it will shut-down the app-domain for the application (and not restart it for requests) and instead send back the contents of the app_offline.htm file in response to all new dynamic requests for the application. When you are done updating the site, just delete the file and it will come back online.” You can find more out about this technique from the original blog entry here.
Unfortunately, our requirements were a bit more complicated than was intended with the app_offline.htm. First, most of our applications were written with the 1.1 framework, so this built-in functionality was not available for our use. In addition, we wanted the ability for testers to be able to validate the site once the changes had been made. However, we didn’t want to have to bring the site back up in order to do that.
As I was looking on line, I found another option called the SiteAvailabilityHttpModule. This module allowed for the site to be shut down by merely configuring an HttpModule within the web.config. In the Init() event, the module subscribes to the PostAuthorizeRequest event. Within the event handler, the system determines whether or not the request occurred during an accepted time frame and whether or not the requesting user belonged to the administrator role.
We didn’t need either of those features for our deployment. Instead of using a role-based mechanism for determining a user’s access, we wanted to base access on a configured list of client IP addresses. As a result, we didn’t need to wait until the PostAuthorizeRequest event – we could check these aspects within the first event – BeginRequest instead. The code is listed below.
void context_BeginRequest(object sender, EventArgs e)
{
string ext = Path.GetExtension(HttpContext.Current.Request.Path).ToLower();
if(ext == ".aspx")
{
if (this.IsEnabled)
{
if (!IsClientIPValid())
{
HttpContext.Current.RewritePath("~/SiteUnavailable.htm");
}
}
}
}
Notice that you must place a SiteUnavailable.htm file at the root of the site in order to display content if the user’s client IP address does not match one that is configured in the web.config. You can find the current release for this component here.
