asp.net c＃仅使用全局asax将文件夹访问限制为登录的用户

Question

I am trying to discipline users and also search engines not to be anywhere near a folder where logged in users are uploading files and only logged in users have access to view files. 我正在尝试对用户和搜索引擎进行管教，使其不要位于已登录用户正在上载文件且仅已登录用户有权查看文件的文件夹附近。 I must be using global asax setting to achieve this as any other method such as Membership framework has become too late in my life. 我必须使用全局asax设置来实现此目的，因为诸如Membership Framework之类的任何其他方法都已经太晚了。 When a users logs in a session(thisuser) is fired - so I tried many variations of this: 当用户登录会话时（此用户）被触发-因此我尝试了许多这种变化：

protected void Application_PreRequestHandlerExecute(object sender, EventArgs e) 
    {
        string url = HttpContext.Current.Request.Url.AbsoluteUri;
         url = url.ToUpper();
         if (System.Web.HttpContext.Current.Session == null && url.Contains("CONFIDENTIAL"))

        {                
                Response.Redirect("Login.aspx");                                
        }

        if (System.Web.HttpContext.Current.Session != null && url.Contains("CONFIDENTIAL"))
        {                    
            if (Session["THISUSER"].ToString() != "OK")
            {
                Response.Redirect("Login.aspx ");
            }                                
        }
    }

//I tried  using below also with pretty much same logic as above 

     void Application_BeginRequest(object sender, EventArgs e)

//and also

      void Application_AcquireRequestState(object sender, EventArgs e)

Notwithstanding my tireless efforts, global asax in not cooperating at all ; 尽管我孜孜不倦地努力，但全球都没有合作。 and all my pleas to global asax are falling on deaf ears resulting in (1) access to all users (2) or System.NullReferenceException. 而且我对全局asax的所有请求都充耳不闻，导致（1）对所有用户（2）或System.NullReferenceException的访问。 What do I do so that global asax starts listening to me? 我该怎么做才能使全局asax开始听我说话？ Please advise. 请指教。

Answer 1

Typo in your code (May not be the only cause to the problem, but you should try) 您的代码中有错别字（可能不是导致此问题的唯一原因，但您应该尝试）

protected void Application_PreRequestHandlerExecute(object sender, EventArgs e) 
    {
        string url = HttpContext.Current.Request.Url.AbsoluteUri;
         url = url.ToUpper();
         if (System.Web.HttpContext.Current.Session == null && url.Contains("CONFIDENTIAL"))

        {                
                Response.Redirect("Login.aspx");                                
        }

        if (System.Web.HttpContext.Current.Session != null && url.Contains("CONFIDENTIAL"))
        {                    
            if (Session["THISUSER"].ToString() != "OK")
            {
                Response.Redirect("Login.aspx");
            }                                
        }
    }

Answer 2

A NullReferenceException will occur if "THISUSER" is not present in session. 如果会话中不存在“ THISUSER”，则会发生NullReferenceException。 You should also use ToUpperInvariant() on strings. 您还应该在字符串上使用ToUpperInvariant（）。

I'm not convinced this is actually a secure solution however. 我不相信这实际上是一个安全的解决方案。

asp.net c＃仅使用全局asax将文件夹访问限制为登录的用户

问题描述

2 个解决方案

解决方案1
0 2014-04-06 22:17:18

解决方案2
0 2014-04-06 22:21:14

asp.net c＃仅使用全局asax将文件夹访问限制为登录的用户

问题描述

2 个解决方案

解决方案1 0 2014-04-06 22:17:18

解决方案2 0 2014-04-06 22:21:14

解决方案1
0 2014-04-06 22:17:18

解决方案2
0 2014-04-06 22:21:14