解决重定向循环

时间:2013-06-12 00:16:56

标签: c# asp.net redirect

我知道在我的代码中导致Redirect循环的原因,我只是不确定如何解决它。首先,我的代码。

switch (Request.QueryString["Error_ID"])
{
    case "1":
        // Error Code 1 is when a user attempts to access the Admin section and does not have rights to.
        MultiView1.ActiveViewIndex = 1;
        break;
    case "2":
        // Error Code 2 is when a user is not currently Active.
        MultiView1.ActiveViewIndex = 2;
        break;
    default:
        // Default is View Index 0 for default access.
        MultiView1.ActiveViewIndex = 0;
        break;
}

// Get current username.
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

// Test to see if user is Active.
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["HSEProjRegConnectionString1"].ConnectionString))
{
    conn.Open();
    using (SqlCommand cmd = new SqlCommand("SELECT [active] FROM [tbl_Person] WHERE username LIKE @username", conn))
    {
    cmd.Parameters.AddWithValue("@username", "%" + userName + "%");

    var res = cmd.ExecuteScalar();
    bool registeredAndActive = (bool)res;

    if (registeredAndActive)
    {
        // Active Condition. The DEFAULT in SWITCH() will take care of displaying content.
    }
    else
    {
        // !Active Condition.  Shows an alternative version of the default page where the user is told they do not have access.
        Response.Redirect("default.aspx?Error_ID=2");
    }
}

代码的要点是首先检查SWITCH()方法中的查询字符串,以防在后一页上提供一个查询字符串。然后它获取当前登录的AD用户名,然后检查用户数据库以查看用户是否标记为“活动”。如果是这样,它什么都不做,因为它将允许页面正常加载。如果没有,则它会重定向到同一页面,但会附加一个Error_ID,以便我可以显示另一个视图,说明该用户没有访问权限。我很确定这是重定向循环的来源。有没有人对如何消除Redirect Loop有任何想法?我尝试使用Request.Url.ToString()然后使用!var.Contains来执行重定向,但我也无法做到这一点。

编辑:我应该注意,我有兴趣听听是否有人有Response.Redirect()的替代方案。它很有效,但最初我使用的是Response.End()并且不允许任何代码运行,所以想出了使用Response.Redirect()QueryString做我想做的事。

3 个答案:

答案 0 :(得分:1)

您正在测试您的用户是否有效两次。此外,在第二次检查中,您将页面重定向到自身,从而继续进行检查。

您的第一张支票在这里:

switch (Request.QueryString["Error_ID"])
{
(...)
case "2":
    // Error Code 2 is when a user is not currently Active.
    MultiView1.ActiveViewIndex = 2;
    break;
(...)

你的第二张支票就在这里:

    if (registeredAndActive)
    {
        // Active Condition. The DEFAULT in SWITCH() will take care of displaying content.
    }
    else
    {
        // !Active Condition.  Shows an alternative version of the default page where the user is told they do not have acces.
        Response.Redirect("default.aspx?Error_ID=2");
    }

所以第二次检查会将页面重定向到自身,并且它会一直循环。

最简单的解决方法是恕我直言,如果您的错误代码为“2”,则不会检查当前用户是否处于活动状态,即您可以:

1)如果Error_ID为2,则停止页面执行,即将第一次检查更改为:

case "2":
  // Error Code 2 is when a user is not currently Active.
  MultiView1.ActiveViewIndex = 2;
  Response.End(); // <--- this will stop the execution before reaching the first block
  break;

2)如果Error_ID为2,请不要再次重定向页面,即将第二次检查更改为:

if (registeredAndActive)
{
    // Active Condition. The DEFAULT in SWITCH() will take care of displaying content.
}
else
{
    // !Active Condition.  Shows an alternative version of the default page where the user is told they do not have acces.

    if (MultiView1.ActiveViewIndex != 2) { // check if the page has already been redirected
      Response.Redirect("default.aspx?Error_ID=2");
    }
}
恕我直言,解决方案2似乎是两个中最干净,最优雅的

答案 1 :(得分:1)

做这样的事情怎么样:

if(MultiView1.ActiveViewIndex != 2)
{
  using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["HSEProjRegConnectionString1"].ConnectionString))
  {
    conn.Open();
    using (SqlCommand cmd = new SqlCommand("SELECT [active] FROM [tbl_Person] WHERE username LIKE @username", conn))
    {
      cmd.Parameters.AddWithValue("@username", "%" + userName + "%");

      var res = cmd.ExecuteScalar();
      bool registeredAndActive = (bool)res;

      if (registeredAndActive)
      {
        // Active Condition. The DEFAULT in SWITCH() will take care of displaying content.
      }
      else
      {
        // !Active Condition.  Shows an alternative version of the default page where the user is told they do not have acces.
        Response.Redirect("default.aspx?Error_ID=2");
      }
    }
  }
}

答案 2 :(得分:1)

如果查询字符串值(Error_ID)不是1或2,您只需要执行数据库检查。编写逻辑的方式,您将始终检查用户是否处于活动状态,如果不是,然后它会继续向页面发送Error_ID = 2查询字符串值,你将陷入循环。我建议将用于测试查询字符串的逻辑分离为单独的方法,并让它返回一个是否尝试在数据库中查询Active值的布尔值。