使用Global.asax设置/检查会话变量和重定向(用于用户测试)

Question

我想为我的网站添加非常简单的临时安全性.

我在Home/UnderConstruction上创建了一个页面,测试站点的人可以输入一个硬编码的密码,然后将"underconstruction"会话变量设置为"false".

这是我到目前为止,但它导致了太多的重定向:

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
    }

    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
                if (HttpContext.Current != null && HttpContext.Current.Session != null)
                {
                    var underconstruction = HttpContext.Current.Session["underconstruction"];
                    if (underconstruction != null)
                    {
                        string oc = underconstruction.ToString();
                        if (oc != "false") Response.Redirect("~/Home/UnderConstruction");
                    }
                }

    }

这接近我需要做的吗？

这是我们工作的代码:

UnderConstruction视图的控制器代码

    public ViewResult UnderConstruction()
    {
        return View();
    }


    [HttpPost]
    public ActionResult UnderConstruction(string ocp)
    {
        if (ocp == "mypassword")
        {
            Session["underconstruction"] = "false";
            return RedirectToAction("Index", "Home");
        }
        else
        {
            Session["beingredirected"] = "false";
            return View();
        }
    }

Global.asax中

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
        HttpContext.Current.Session["beingredirected"] = "false";
    }


    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
        if (HttpContext.Current != null && HttpContext.Current.Session != null)
        {
            bool uc = false;
            var underconstruction = HttpContext.Current.Session["underconstruction"];
            if (underconstruction != null)
            {
                uc = Boolean.Parse(underconstruction.ToString());
            }

            bool redirected = false;
            var beingredirected = HttpContext.Current.Session["beingredirected"];
            if (beingredirected != null)
            {
                redirected = Boolean.Parse(beingredirected.ToString());
            }

            if (uc && !redirected)
            {
                if (Request.HttpMethod == "GET")
                {
                    HttpContext.Current.Session["beingredirected"] = "true";
                    Response.Redirect("~/Home/UnderConstruction");
                }
                else if (Request.HttpMethod == "POST")
                {
                }

            }

            HttpContext.Current.Session["beingredirected"] = "false";
        }
    }

Answer 1

是~/Home/UnderConstruction在不同的网站？如果没有,它不会总是重定向因为oc永远是真的吗？即 - 您是否还需要为您要求的页面添加检查,以便在已经转到UnderConstruction页面时绕过重定向？

UPDATE

不确定检查页面名称是否是一个好主意,但这样的事情可能会起作用:

protected void Session_Start(Object sender, EventArgs e)
{
    HttpContext.Current.Session["underconstruction"] = "true";
    HttpContext.Current.Session["beingredirected"] = "false";
}

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
    if (HttpContext.Current != null && HttpContext.Current.Session != null)
    {
        bool uc = false;
        var underconstruction = HttpContext.Current.Session["underconstruction"];
        if (underconstruction != null)
        {
            uc = Boolean.Parse(underconstruction);
        }

        bool redirected = false;
        var beingredirected = HttpContext.Current.Session["beingredirected"];
        if (beingredirected != null)
        {
            redirected = Boolean.Parse(beingredirected);
        }

        if (uc && !redirected)
        {
            HttpContext.Current.Session["beingredirected"] = "true";
            Response.Redirect("~/Home/UnderConstruction");
        }

        HttpContext.Current.Session["beingredirected"] = "false";
    }
}

请注意,我会清理它,这个例子只是给出一般的想法.

UPDATE

如果您想使用评论中提到的角色,那么来自ScottGu博客的这篇文章可能有所帮助.它有点复杂,但有一个额外的好处,就是不像上面的解决方案那样引入临时代码