Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Global.asax to set/check session variable and redirect (for user testing)

I would like to add very simple, temporary security to my site.

I made a page at Home/UnderConstruction where people testing the site can enter a hard-coded password which will then set the "underconstruction" session variable to "false".

This is what I have so far, but it results in too many redirects:

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
    }

    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
                if (HttpContext.Current != null && HttpContext.Current.Session != null)
                {
                    var underconstruction = HttpContext.Current.Session["underconstruction"];
                    if (underconstruction != null)
                    {
                        string oc = underconstruction.ToString();
                        if (oc != "false") Response.Redirect("~/Home/UnderConstruction");
                    }
                }

    }

Is this close to what I would need to do?

Here is the code we got to work:

Controller Code for UnderConstruction View

    public ViewResult UnderConstruction()
    {
        return View();
    }


    [HttpPost]
    public ActionResult UnderConstruction(string ocp)
    {
        if (ocp == "mypassword")
        {
            Session["underconstruction"] = "false";
            return RedirectToAction("Index", "Home");
        }
        else
        {
            Session["beingredirected"] = "false";
            return View();
        }
    }

Global.Asax

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
        HttpContext.Current.Session["beingredirected"] = "false";
    }


    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
        if (HttpContext.Current != null && HttpContext.Current.Session != null)
        {
            bool uc = false;
            var underconstruction = HttpContext.Current.Session["underconstruction"];
            if (underconstruction != null)
            {
                uc = Boolean.Parse(underconstruction.ToString());
            }

            bool redirected = false;
            var beingredirected = HttpContext.Current.Session["beingredirected"];
            if (beingredirected != null)
            {
                redirected = Boolean.Parse(beingredirected.ToString());
            }

            if (uc && !redirected)
            {
                if (Request.HttpMethod == "GET")
                {
                    HttpContext.Current.Session["beingredirected"] = "true";
                    Response.Redirect("~/Home/UnderConstruction");
                }
                else if (Request.HttpMethod == "POST")
                {
                }

            }

            HttpContext.Current.Session["beingredirected"] = "false";
        }
    }
like image 340
Dave Avatar asked Nov 29 '12 01:11

Dave


1 Answers

Is ~/Home/UnderConstruction in a different website? If not, wont it always redirect because oc will always be true? ie - do you also need to add a check for the page you're requesting so you can bypass the redirect if already going to the UnderConstruction page?

UPDATE

Not sure if checking the page name is a great idea, but something like this might work:

protected void Session_Start(Object sender, EventArgs e)
{
    HttpContext.Current.Session["underconstruction"] = "true";
    HttpContext.Current.Session["beingredirected"] = "false";
}

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
    if (HttpContext.Current != null && HttpContext.Current.Session != null)
    {
        bool uc = false;
        var underconstruction = HttpContext.Current.Session["underconstruction"];
        if (underconstruction != null)
        {
            uc = Boolean.Parse(underconstruction);
        }

        bool redirected = false;
        var beingredirected = HttpContext.Current.Session["beingredirected"];
        if (beingredirected != null)
        {
            redirected = Boolean.Parse(beingredirected);
        }

        if (uc && !redirected)
        {
            HttpContext.Current.Session["beingredirected"] = "true";
            Response.Redirect("~/Home/UnderConstruction");
        }

        HttpContext.Current.Session["beingredirected"] = "false";
    }
}

Note that I would clean that up, that example was to just give the general idea.

UPDATE

If you want to use roles as mentioned in the comments, then this article from ScottGu's Blog may help. Its a little more complicated, but has the added benefit of not introducing temporary code as the above solution will

like image 175
Mightymuke Avatar answered Sep 20 '22 00:09

Mightymuke