7

我想为我的站点添加非常简单的临时安全性。

我在 Home/UnderConstruction 创建了一个页面,测试站点的人可以输入硬编码密码,然后将“underconstruction”会话变量设置为“false”。

这是我到目前为止所拥有的,但它导致了太多的重定向:

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
    }

    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
                if (HttpContext.Current != null && HttpContext.Current.Session != null)
                {
                    var underconstruction = HttpContext.Current.Session["underconstruction"];
                    if (underconstruction != null)
                    {
                        string oc = underconstruction.ToString();
                        if (oc != "false") Response.Redirect("~/Home/UnderConstruction");
                    }
                }

    }

这接近我需要做的吗?

这是我们开始工作的代码:

UnderConstruction 视图的控制器代码

    public ViewResult UnderConstruction()
    {
        return View();
    }


    [HttpPost]
    public ActionResult UnderConstruction(string ocp)
    {
        if (ocp == "mypassword")
        {
            Session["underconstruction"] = "false";
            return RedirectToAction("Index", "Home");
        }
        else
        {
            Session["beingredirected"] = "false";
            return View();
        }
    }

全球阿萨克斯

    protected void Session_Start(Object sender, EventArgs e)
    {
        HttpContext.Current.Session["underconstruction"] = "true";
        HttpContext.Current.Session["beingredirected"] = "false";
    }


    protected void Application_AcquireRequestState(Object sender, EventArgs e)
    {
        if (HttpContext.Current != null && HttpContext.Current.Session != null)
        {
            bool uc = false;
            var underconstruction = HttpContext.Current.Session["underconstruction"];
            if (underconstruction != null)
            {
                uc = Boolean.Parse(underconstruction.ToString());
            }

            bool redirected = false;
            var beingredirected = HttpContext.Current.Session["beingredirected"];
            if (beingredirected != null)
            {
                redirected = Boolean.Parse(beingredirected.ToString());
            }

            if (uc && !redirected)
            {
                if (Request.HttpMethod == "GET")
                {
                    HttpContext.Current.Session["beingredirected"] = "true";
                    Response.Redirect("~/Home/UnderConstruction");
                }
                else if (Request.HttpMethod == "POST")
                {
                }

            }

            HttpContext.Current.Session["beingredirected"] = "false";
        }
    }
4

1 回答 1

10

~/Home/UnderConstruction在不同的网站吗?如果不是,它会不会总是重定向,因为它总是oc正确的?即 - 您是否还需要为您请求的页面添加检查,以便您可以绕过重定向(如果已经进入该UnderConstruction页面)?

更新

不确定检查页面名称是否是一个好主意,但这样的事情可能会起作用:

protected void Session_Start(Object sender, EventArgs e)
{
    HttpContext.Current.Session["underconstruction"] = "true";
    HttpContext.Current.Session["beingredirected"] = "false";
}

protected void Application_AcquireRequestState(Object sender, EventArgs e)
{
    if (HttpContext.Current != null && HttpContext.Current.Session != null)
    {
        bool uc = false;
        var underconstruction = HttpContext.Current.Session["underconstruction"];
        if (underconstruction != null)
        {
            uc = Boolean.Parse(underconstruction);
        }

        bool redirected = false;
        var beingredirected = HttpContext.Current.Session["beingredirected"];
        if (beingredirected != null)
        {
            redirected = Boolean.Parse(beingredirected);
        }

        if (uc && !redirected)
        {
            HttpContext.Current.Session["beingredirected"] = "true";
            Response.Redirect("~/Home/UnderConstruction");
        }

        HttpContext.Current.Session["beingredirected"] = "false";
    }
}

请注意,我会清理它,这个例子只是给出一般的想法。

更新

如果您想使用评论中提到的角色,那么ScottGu 博客中的这篇文章可能会有所帮助。它有点复杂,但具有不引入临时代码的额外好处,因为上述解决方案将

于 2012-11-29T02:46:02.697 回答