我目前在Global.ascx中有以下代码。它在调试时工作正常,但在实时站点上它会导致与会话相关的问题,似乎会话在某些点上不可用/创建,因此它会爆炸。该设置存储在会话中(AppSettings.IsSslEnforced是从会话中检索的),所以我必须从那里读取,现在我们正在考虑放入母版页,但是觉得这会使一些请求容易受到攻击。还有更好的选择吗?
protected void Application_BeginRequest(object sender, EventArgs e)
{
try
{
if (!Request.IsSecureConnection && AppSettings.IsSslEnforced)
{
Response.Redirect(Request.Url.ToString().Replace("http:", "https:"));
}
}
catch (Exception ex)
{
LogManager.InsertErrorLog(ex);
}
}
答案 0 :(得分:1)
尝试使用Application_PreRequestHandlerExecute而不是Application_BeginRequest:
protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e) {
try
{
if (!Request.IsSecureConnection && AppSettings.IsSslEnforced)
{
Response.Redirect(Request.Url.ToString().Replace("http:", "https:"));
}
}
catch (Exception ex)
{
LogManager.InsertErrorLog(ex);
}
}