ASP.NET MVC – Prevent Browser Back Button Openning Page After Logout

If you have ASP.NET MVC application with login / logout functionality (for example using Forms Authentication), you may have noticed that after logout, if you hit back button in your browser, last page you were on will open. In secure application this could present a problem, as it could expose information that only authorized users should view.

Culprit in this scenario is our browser, as it will quite happily show cached version of the page after you’ve logged out.

There isn’t much you can do, except tell your browser to not cache your application’s pages. You can do this for individual pages in your applications, or if you want all pages not to be cached, you can add an event in Global.asax file.

Add Application_BeginRequest() method to your application’s Global.asax file, and add code below which will disable browser caching for each request.

        protected void Application_BeginRequest()
        {
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
            Response.Cache.SetNoStore();
        }
Advertisements

Exchange Web Service – “You must load or assign this property before you can read its value” error message when trying to read message property

Recently I was writing some C# code to connect to Exchange Web Service and get email attachments. While trying to get “From” email address property, I got an exception “You must load or assign this property before you can read its value”.

The problem is that even when you have the message item, property values are not loaded, and hence can not be read. What you need to do then is call Load() method on message object.

FindItemsResults findResults = service.FindItems(WellKnownFolderName.Inbox, new ItemView(mailboxPageSize));

foreach (Item item in findResults.Items)
{
      EmailMessage message = EmailMessage.Bind(service, item.Id, new PropertySet(ItemSchema.Attachments));

      message.Load();

      string fromAddress = message.From.Address;

      //Do other stuff
}