by Njål

Cancelling old S-* PayPal Subscriptions from code


PayPal does not support cancelling old S-* subscriptions from code/api’s. This means that either you (as a merchant) or the customer has to log in to PayPal’s API and cancel these subscriptions manually. #Pain.

Luckily – it can be automated using Phantom.js. Phantom.js is basically a rock solid webbrowser without a UI which you can program (JS) to do stuff for you. I have made a PayPal.js script which lets you input Email, Password and the old S- SubscriptionID you want to cancel.

Here’s how to use it:

  1. Download Phantom.js (2.0.0) – and Unpack it to a new folder –
  2. Download PayPal.js and place it in the same folder
  3. Run phantomjs.exe –ssl-protocol=any paypal.js MySecretPass S-123455634545234
  4. While it’s running – keep an eye on the folder. PNG screenshots will appear there providing you a peepshow of the progress.
  5. When done – your website will receive a IPN Callback from PayPal.


by Njål

Intelligencia UrlRewriter – Ashx Sessions getting lost


When debugging a Windows Azure website I kept getting null Sessions for my ashx pages. They worked perfectly on  IISExpress, so I thought this was a Azure flaw. It turned out that it was IIS 7.5 + Url Rewriting (I’m using the Intelligencia module) that caused the problem.



After adding this to my Web.config everything worked like expected again – also in IIS 7.5

    <modules runAllManagedModulesForAllRequests="true" >

Also – make sure your ashx code implements IRequiresSessionState

public class ApiHandler : IHttpHandler, IRequiresSessionState
by Njål

Downloading blobs from Windows Azure


Enabling users to download files (blobs) in Windows Azure can be done in 4 ways ;
(as Microsoft evangelist Sean Harris explains in this blogpost)

  • Direct Download – Set the Access of the Container to Public Read Access or Full Public Read Access and expose the URL to the end user. The drawback of this method is obviously security – you have no way of controlling access when the URL is exposed. There is also no way of detecting downloads, and to execute code before/after the download.
  • API Download – The user must run a Windows App, Silverlight etc. Also – the app must contain the store account name and key – which might compromise security. Especially if you have several customers using the same account (they can still have their own containers of course).
  • Proxy Download – Have the user access a URL on YOUR server – which then retrieves the file from Azure and sends it to the user. The advantage of this is that you have full control of downloads, you can execute code before/after downloading and you don’t have to expose any Azure URL’s / account info. In fact – the end user will not even see that the file is stored in Azure. You can also override the filename this way.  A downside is that all traffic passes through your server – so you’ might get a bottleneck here.
  • Pass-through Download (Azure Shared Access Signature) – Creates a signature and inserts this signature in a URL where the user is redirected to Azure. The signature enables the user to access the file for a limited period of time. This is most likely your best option. It enables custom code to be executed before downloading, it will ensure max download speed for your users, and a good level of security is also ensured.

Our client has files stored as Guids in Azure – and we keep track of files (names, sizes etc) and folders in a MS Sql database. This is the reason we have to use the Proxy Download option – when users are downloading files.

Sean Harris has developed such a proxy which streams the file directly from Azure to the end user. This code however requires a third party framework, and seems to overcomplicate things a lot. Here’s a version which does the job just as well (.ashx generic handler):


//Retrieve filenname from DB (based on fileid (Guid))
// *SNIP*
string filename = "some file name.txt";

//IE needs URL encoded filename. Important when there are spaces and other non-ansi chars in filename.
if (HttpContext.Current.Request.UserAgent != null && HttpContext.Current.Request.UserAgent.ToUpper().Contains("MSIE"))
    filename = HttpUtility.UrlEncode(filename, System.Text.Encoding.UTF8).Replace("+", " ");

context.Response.Charset = "UTF-8";
//Important to set buffer to false. IIS will download entire blob before passing it on to user if this is not set to false
context.Response.Buffer = false;
context.Response.AddHeader("Content-Disposition", "attachment; filename="" + filename + """);
context.Response.AddHeader("Content-Length", "100122334"); //Set the length the file
context.Response.ContentType = "application/octet-stream";

//Use the Azure API to stream the blob to the user instantly.
// *SNIP*