访问 IHttpModule 中的会话并能够执行response.redirect
void Application_PostAcquireRequestState(object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
MyHttpHandler resourceHttpHandler = HttpContext.Current.Handler as MyHttpHandler;
if (resourceHttpHandler != null)
{
// set the original handler back
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
}
HttpContext context = HttpContext.Current;
string filePath = context.Request.FilePath;
context.Trace.Write("HttpDownloadModule", "File path: " + filePath);
Boolean hasAccess = true;
if (filePath.Contains("content/downloads"))
{
//check to make sure a session has been established already....
if (context.Session == null)
hasAccess = false;
SecurityBLL security = new SecurityBLL();
string fileName = filePath.Split('/').Last();
//check to see if a user is logged in
if (!CitrixAccess.loggedin)
hasAccess = false;
//check access for download
if (!security.checkSecurityByDownload(fileName))
hasAccess = false;
if (!hasAccess)
{
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
HttpContext.Current.Response.Redirect("../../login.aspx");
}
}
}
有什么想法吗?感谢您的帮助!
Following the solution found at Can I access session state from an HTTPModule?, I am able to access the session state from an IHttpModule. I'm using it to control access to some files, so in the event someone doesn't have access, I would like to redirect them to a login page. When I try to do a HttpContext.Current.Response.Redirect(page); it locks the web server up. So my post acquire request state function looks like this...
void Application_PostAcquireRequestState(object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
MyHttpHandler resourceHttpHandler = HttpContext.Current.Handler as MyHttpHandler;
if (resourceHttpHandler != null)
{
// set the original handler back
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
}
HttpContext context = HttpContext.Current;
string filePath = context.Request.FilePath;
context.Trace.Write("HttpDownloadModule", "File path: " + filePath);
Boolean hasAccess = true;
if (filePath.Contains("content/downloads"))
{
//check to make sure a session has been established already....
if (context.Session == null)
hasAccess = false;
SecurityBLL security = new SecurityBLL();
string fileName = filePath.Split('/').Last();
//check to see if a user is logged in
if (!CitrixAccess.loggedin)
hasAccess = false;
//check access for download
if (!security.checkSecurityByDownload(fileName))
hasAccess = false;
if (!hasAccess)
{
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
HttpContext.Current.Response.Redirect("../../login.aspx");
}
}
}
Any thoughts? Thanks for the help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好的,所以我找到了一个解决方法...我将 hasAccess 变量移至全局并添加了 EndRequest 处理程序。所以我在 EndRequest 中检查 hasAccess 并从那里进行重定向。
Ok, so I found a workaround... I moved my hasAccess variable to be global and added an EndRequest handler. So I'm checking for hasAccess in EndRequest and doing the redirect from there.
我的答案包括 Arthurdent510 的答案,但我没有足够的声誉来简单地评论他的答案哈哈。他的回答帮助我弄清楚了我必须去哪里,但对我来说还不太完整。
将 Response.Redirect 调用放入 EndRequest 处理程序会导致无限循环。我认为这是因为 Response.Redirect 导致 EndRequest 被调用。所以 EndRequest 永远被一遍又一遍地调用。
为了解决这个问题,我添加了一个私有布尔值来指示我是否已经调用了重定向。如果我已经调用了重定向,那么我不会再次调用 Response.Redirect。这就是我的 EndRequest 方法的样子:
My answer includes Arthurdent510's answer but I don't have enough reputation to simply comment on his answer haha. His answer helped me A LOT to figure out where I had to go, but it wasn't quite complete for me.
Putting the Response.Redirect call in the EndRequest handler caused an infinite loop. I think this is because the Response.Redirect causes EndRequest to be called. So EndRequest was being called over and over forever.
To get around this, I added a private boolean to indicate if I already called for the redirect. If I already called for the redirect, then I won't call Response.Redirect again. This is what my EndRequest method looked like: