HttpContext 用户值自行更改?
我正在开发 ASP.Net 2.0 应用程序,并且遇到一个涉及 HttpContext User 的奇怪问题。当我转到特定页面/目录时,它似乎会自行更改。
我们所有的页面都继承自基页面。在该基页的 Page_Load() 方法中,我们运行授权检查以查看用户是否可以看到他们要访问的页面。
我们检索用户以使用以下代码进行检查:
GenericPrincipal objPrincipal = (GenericPrincipal)Context.User;
当我进入这个不寻常的目录时,用户值不是我,而是我从未听说过的其他用户名。该用户名无权查看这些页面,因此授权失败。
这个神秘的目录不是虚拟网络,只是我们网站中的一个常规目录,但是我注意到它有自己的 Web.Config 文件。我猜这就是这里出现麻烦的原因。
我的问题是,如何进一步调查此问题,以确定当我进入此目录时是什么改变了 User 值?
[编辑] -- 当我删除或重命名此目录中的 web.config 文件时,用户值不再更改。但是,正如下面的评论中提到的,它没有任何价值,所以我不确定 Primary.User 值如何仅根据文件的存在而改变?当然一定是我缺少的东西。
I'm working on an ASP.Net 2.0 application and am having a strange issue involving the HttpContext User. It appears to be changing on its own when I go to a particular page/directory.
All of our pages inherit from a base page. In that base page's Page_Load() method we run an authorization check to see if the user can see the page they're going to.
We retrieve the user to check against with this code:
GenericPrincipal objPrincipal = (GenericPrincipal)Context.User;
When I go to this unusual directory the User value isn't me, it's some other username I've never heard of. This username isn't authorized to see these pages, so authorization fails.
This mysterious directory isn't a virtual web, just a regular directory in our website, however I've noticed it has its own Web.Config file. I'm guessing that's a cause of the trouble here.
My question is, how can I investigate this further, in determining what's changing the User value when I go to this directory?
[edit] -- when I remove or rename the web.config file in this directory, the User value no longer changes. However, as mentioned in a comment below there's no value in it so I'm not sure how the Principal.User value could change based simply on the presence of the file? Must be something I'm missing of course.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论