Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Once the necessary site instance mappings are created, the rest of the per-request configuration is handled exclusively by the <RequestMapper> component, which essentially takes the place of what would be done in Apache with its command format.


Accessing Server Variables in ASP and ASP.NET

Access to server variables in ASP does work, but appears to require the use of upper-case variable names. Most of the default mappings of attributes are lower or camel case, as are the "standard" variables that are exported by default with miscellaneous data. While not 100% correctable, attribute mappings are of course customizeable, and most of the standard variables can also be obtained by configuring the AssertionAttributeExtractor.

ASP.NET does not have this limitation but apparently only supports the use of server variables when the Application Pool is in "Integrated" rather than "Classic" pipeline mode.

The following file, saved with extension .aspx will display the specific information an application can see.may be able to see. As far as anybody has been able to determine, the usual mechanisms to loop over and dump all available variables or headers don't always include the ones set by the SP module, but accessing them directly does work. The names below are just examples.

Code Block
<% @ Page Language="C#" %>
Response.Write("<h3>Server Variables</h3>");
foreach (string var in
  Response.Write(var + "eduPersonPrincipalName = " + Request[var"eduPersonPrincipalName"] + "<br>");
Response.Write("<h3>HTTP HEADERS</h3>");
foreach (string var in Request.Headers)
 eduPersonScopedAffiliation = " + Request["eduPersonScopedAffiliation"] + "<br>");
Response.Write(var + "displayName = " + Request.Headers[var"displayName"] + "<br>");

If you are using HTTP headers (which is not recommended) be aware that allowing end users to see the HTTP headers en masse will compromise the header spoofing checks the SP implements because it exposes the random value used to detect manipulation (it's like a secret password).