简体繁体 English

需要有关ASP.Net或IIS请求URL处理的建议

[英]Need Suggestions for ASP.Net or IIS Request URL Mangling

原文 2011-09-29 19:02:53 0 2 asp.net/ iis-7/ webforms-routing

Environment: 环境：

Server 2008 服务器2008
IIS 7, integrated mode IIS 7，集成模式
.Net 4 .Net 4
ASP.NET WebForms Routing (which uses the same .dll as MVC routing, though I'm not sure which version) ASP.NET WebForms路由（与MVC路由使用相同的.dll，尽管我不确定哪个版本）
Cookieless sessions (session ID travels around on the user's URL). 无Cookie会话（会话ID在用户的URL上移动）。

We have an application that uses routing to identify which organization a user is associated with. 我们有一个使用路由来识别用户与哪个组织关联的应用程序。 The URL will take the form domain/Organization/OrganizationSubCategory. 该URL将采用domain / Organization / OrganizationSubCategory的形式。 The user follows their custom URL and sees a landing page. 用户遵循其自定义URL并看到登录页面。 When they hit next, they are directed to a page that collects some demographic info, then they hit next to proceed to the application. 当他们单击下一步时，他们将被定向到收集一些人口统计信息的页面，然后单击下一步以继续该应用程序。 When they do, the user is added (if necessary) to their organization in our database. 当他们这样做时，将用户（如果需要）添加到我们数据库中的组织中。 After the initial landing page, routing no longer applies - the user is directed to regular aspx pages. 在初始登录页面之后，路由不再适用-将用户定向到常规的aspx页面。

The site is receiving a fair amount of users entering the app; 该网站吸引了大量进入该应用程序的用户； an average of 850 per day. 平均每天850个。

The problem is that a small number (less than 1%) of users are getting added to the wrong organization. 问题是少数用户（少于1％）被添加到错误的组织中。

We are logging information on the landing page and when they submit the demographic page. 我们正在登录页面以及他们提交人口统计页面时记录信息。 One thing we log is Request.RawUrl. 我们记录的一件事是Request.RawUrl。 We started noticing users who are associated with one organization being logged as having requested the full correct URL (including the sub-category) of another organization. 我们开始注意到与一个组织相关联的用户被记录为已请求另一组织的完整正确的URL（包括子类别）。 Sometimes nobody legitimately came in following the incorrect organization URL even in the same day. 有时，即使在同一天，也没有人合法地跟随错误的组织URL。 We've had people report directly that they just created the "sub category" (using an administrative application), instructed a user to follow their unique URL, and yet the logs show an entirely different URL for that very user (I know it's that user because I'm logging email address and session ID so I can associate the same user's path through the landing page and the demographic page). 我们已经有人直接报告说他们只是创建了“子类别”（使用管理应用程序），指示用户遵循其唯一的URL，但是日志为该用户显示了完全不同的URL（我知道这是用户，因为我正在记录电子邮件地址和会话ID，因此我可以通过登录页面和受众特征页面关联同一用户的路径）。 It's as if IIS is sometimes creating a new session, and simply assigning some previously requested URL to that user. 好像IIS有时在创建一个新会话，并只是向该用户分配一些先前请求的URL。

In an attempt to eliminate some sort of caching, we have: 为了消除某种形式的缓存，我们有：

Set the config httpRuntime element's enableKernelOutputCache attribute to false 将config httpRuntime元素的enableKernelOutputCache属性设置为false
Disabled caching in IIS settings 在IIS设置中禁用缓存
Set the config sessionState element's regenerateExpiredSessionId attribute to false (even though we haven't seen the session ids being re-used). 将config sessionState元素的regenerateExpiredSessionId属性设置为false（即使我们没有看到会话ID都被重用）。

Other suggestions? 还有其他建议吗？

2 个解决方案

Are these internal users? 这些是内部用户吗？ Are there proxy considerations? 有代理人注意事项吗？ That wouldn't explain a wrong url though. 但这并不能解释错误的网址。 Are you 100% certain the users were given url A and they show up with URL b? 您是否100％确定为用户指定了网址A，并且显示了网址b？ Do you have any routing modules currently assigned? 当前是否已分配任何路由模块？ Are you sure its not getting rewritten by a rule in another module? 您确定它不会被另一个模块中的规则重写吗？

Could this be an application issue where their 'new user' email (for ex) contains the wrong url? 这可能是他们的“新用户”电子邮件（例如ex）包含错误网址的应用程序问题吗？

Well, we still don't know with complete confidence, but it seems that users in one organization were most likely searching the Internet to find URLs into the system and following those. 嗯，我们仍然没有完全的把握，但是似乎一个组织中的用户最有可能在Internet上搜索以找到进入系统的URL并对其进行跟踪。
I can't explain the report we had as I described in the original post. 我无法解释我在原始帖子中描述的报告。
When I tried to enhance logging to capture pre-post session creation to prove it for sure, the logging on the begin request event worked in our QA environment (same as production), but just flat wouldn't work in production. 当我尝试增强日志记录以捕获发布前会话的创建以确认这一点时，begin request事件的日志记录在我们的QA环境（与生产环境相同）中起作用，但在生产环境中仅工作平缓。 I could never determine why. 我永远无法确定原因。