Vulnerability in EPiServer.Forms
I have a Catalog event listener that listens for CommerceProductUpdated. I need to be able to tell whether or not the request came from Commerce Manager or from the standard Commerce admin interface. Is there an easy way to determine this?
There are a couple of ways to determine if the current context is Commerce Manager or not, however none of them are beautiful or bullet proof. However you can try IApplicationContext (ServiceLocator for example). If HasContentModelTypes is false then it's supposed to be Commerce Manager. Or you can check if there is no Mediachase.ConsoleManager.dll assembly in the context of the application.
Thanks for the response. You mention this not being bulletproof, is there a reason HasContentModelTypes could return true in Commerce Manager? I tested this and it returns true when making edits in commerce manager.
Normally you should not have the assemblies which contain the strongly typed content types (the one you defined, such as FashionVariation etc) in bin folder of Commerce Manager. However there is no way to enforce that, hence the assemblies might present and HasContentModelTypes is true.
However I think the code listening to events is running in the context of the front-end site? Then it's expected to be true. In such case you will need to check for CatalogContentUpdateEventArgs.ApplicationHasContentModelTypes instead.
Depending on your setup this might not be the best solution, but it has worked consistently in our case when checking if an update event is triggered from the Commerce Manager.We look at the physical path of the current site context and could be implemented something along the lines like this:
private static bool IsInitiatedFromCommerceUi()
// If the event is triggered from a Scheduled Job HttpContext.Current is null, for example.
if (HttpContext.Current == null)
var physicalPathToTheProject = HttpContext.Current.Request.PhysicalApplicationPath?.ToLowerInvariant() ?? string.Empty;
var commerceManagerIdentifier = "commercemanager"; // The CommerceManager solution usually resides in a folder named YourName.SomeOtherNamePerhaps.CommerceManager
if (string.IsNullOrEmpty(physicalPathToTheProject) || string.IsNullOrEmpty(commerceManagerIdentifier))
Hope this helps.
I'm not saying that would not work, but assuming the path of commerce manager site is not something we recommend to. Checking the existence of ConsoleManager.dll in the current runtime is much more robust way, and it works universal (so you'll won't have to change your code when you change the environment). Again, my recommendations are as above.