Monday, March 16, 2009

Does the code use MapPath?

Review code for the use of MapPath. MapPath should be used to map the virtual path in the requested URL to a physical path on the server to ensure that cross-application mapping is not allowed.

The application should not contain code similar to the following example.

string mappedPath = Request.MapPath( inputPath.Text, Request.ApplicationPath);

Instead, the application should contain code similar to the following.

try
{

string mappedPath = Request.MapPath( inputPath.Text, Request.ApplicationPath, false);
}

catch (HttpException)
{
// Cross application mapping attempted.
}

Do You Use the HttpChannel?

If you use the HttpChannel for .NET remoting, you should prefer IIS as the host for the remote component because the component is loaded in the ASP.NET worker process. The ASP.NET worker process loads the server garbage collector, which is more efficient for garbage collection on multiprocessor machines. If you use a custom host, such as a Windows service, you can use only the workstation garbage collector. The HttpChannel also enables you to load balance components hosted in IIS.