JavaScript PageMethods 调用丢失 HttpContext.Current State
我的处境有点棘手。我正在使用 JavaScript 的 PageMethod 功能,在其中调用一个像 gem 一样工作的 PageMethod。但是,我在访问 HttpContext 的状态时遇到问题,它返回
HttpContext.Current.User.Identity.Name
的值“SYSTEM”,这不是实际的当前用户名。
我知道有几个选项,例如将 HttpContext.Current 存储在会话中或将 Context 的状态保存在其他自定义容器中,但考虑到网络场环境,我假设这不会按预期工作。
这是我正在处理的代码,
function MyFunction(){
PageMethod.MyPageMethod();
}
这里是服务器方法的签名
[System.Web.Services.WebMethod()]
public static void MyPageMethod()
{
// gives me "SYSTEM"
var user = HttpContext.Current.User.Identity.Name;
}
另外,如果我使用上面的代码在页面的 OnLoad 事件中访问用户名,那么它可以正常工作并返回 CurrentUserName。
我试图让上面的代码在 ASP.NET Webform 中工作...:)
所以我想知道是否有一种方法可以在页面方法中访问当前的实际用户而不使用会话。
任何帮助将不胜感激。
尼克...
I am in a bit tricky situation. I am using JavaScript's PageMethod functionality where I am invoking a PageMethod which works like a gem. However I am having an issue in accessing the HttpContext's state which returns me a value "SYSTEM" for
HttpContext.Current.User.Identity.Name
which is not the actual current User Name.
I know there are couple options like storing HttpContext.Current in a Session or saving Context's state in some other custom container but given a web farm environment I am assuming that this will not work as expected.
Here is the code I am working on with
function MyFunction(){
PageMethod.MyPageMethod();
}
here is the signature of the server method
[System.Web.Services.WebMethod()]
public static void MyPageMethod()
{
// gives me "SYSTEM"
var user = HttpContext.Current.User.Identity.Name;
}
Also if I use the above code to access user name in OnLoad event of the page then it works fine and returns me the CurrentUserName.
I am trying to get the above code to work in an ASP.NET Webform... :)
So I am wondering if there is a way to access the current actual user in page methods without making use of sessions.
Any help will be deeply appreciated.
NiK...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过相当多的阅读后,我认为我正在尝试做一些关于页面方法如何工作的不正确的事情。当您的应用程序的身份验证系统基于 Windows 并且从 JavaScript 调用时这些页面方法不会导致回发并且不会调用 HttpModule 时,情况会变得相当棘手。相反,它只是调用该页面方法。
仅供参考,我们有自己的自定义 HTTPModule 来处理安全性。这甚至是在任何其他 HttpModule 发生之前,并且在调用页面方法时不会调用它,因为我们没有进行回发甚至部分回发(因此整个“利基”) HTTPPost 丢失)。此外,这得出的结论是,我们在没有任何身份验证的情况下进行服务调用,这对我们来说可能是一个很大的安全问题。
最重要的是,这是一个糟糕的设计,话虽如此,我想提一下我们提出的解决方案/解决方法,这就是我们所做的。因此,我们唯一的选择是进行回发以保持 UI 处于活动状态,并且我们希望异步更新标签的消息,我们通过使用 Sys.Application.add_init 进行黑客攻击来实现这一目标。
我们使用的标记非常简单,只有更新面板中的标签和调用“beginProcess()”函数的按钮。最后,在 OnLoad 中,我们添加了以下代码
,并且此解决方案不再使用 JavaScript 页面方法。基于这个解决方案,如果有人认为我在这里遗漏了一些东西,或者认为还有其他方法可以做到这一点,那么请用您的建议更新这篇文章。
After quite some reading I think I was trying to do something which is not correct as to how page methods work. It gets quite tricky when your application's authentication system is windows based and these page methods when you invoke from JavaScript will not cause a postback and do not invoke the HttpModules. Instead it just calls that page method.
FYI, we had our own custom HTTPModule to handle security.This is even before any other HttpModule occurs and this was not being invoked while calling the page method as we are not doing a postback or even a partial postback (so the whole "niche" of a HTTPPost was missing). Moreover this led to a conclusion that we were making service calls without any authentication and was potentially a big security issue for us.
The bottom line is it was a bad design, well having said that I would like to mention about the solution/workaround we came up with and here is what we did. So, the only option we had is to do a postback keeping the UI alive and we wanted to update a label's message asynchronously and we achieved it by doing a hack using Sys.Application.add_init.
The markup we had in place was pretty simple with a label in the update panel and a button that invokes the "beginProcess()" function. Finally in the OnLoad we had the following code in place
And this solution is no longer using the JavaScript Page methods. And based on this solution if anyone thinks I am missing something here or think there is any other other way of doing this then do update this post with your suggestions.