views:

112

answers:

1

Following the solution found at http://stackoverflow.com/questions/276355/can-i-access-session-state-from-an-httpmodule, I am able to access the session state from an IHttpModule. I'm using it to control access to some files, so in the event someone doesn't have access, I would like to redirect them to a login page. When I try to do a HttpContext.Current.Response.Redirect(page); it locks the web server up. So my post acquire request state function looks like this...

 void Application_PostAcquireRequestState(object source, EventArgs e)
    {            
        HttpApplication app = (HttpApplication)source;

        MyHttpHandler resourceHttpHandler = HttpContext.Current.Handler as MyHttpHandler;

        if (resourceHttpHandler != null)
        {
            // set the original handler back
            HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
        }

        HttpContext context = HttpContext.Current;
        string filePath = context.Request.FilePath;
        context.Trace.Write("HttpDownloadModule", "File path: " + filePath);

        Boolean hasAccess = true;

        if (filePath.Contains("content/downloads"))
        {
            //check to make sure a session has been established already....
            if (context.Session == null)
                hasAccess = false;

            SecurityBLL security = new SecurityBLL();
            string fileName = filePath.Split('/').Last();

            //check to see if a user is logged in
            if (!CitrixAccess.loggedin)
                hasAccess = false;

            //check access for download
            if (!security.checkSecurityByDownload(fileName))
                hasAccess = false;

            if (!hasAccess)
            {
                HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
                HttpContext.Current.Response.Redirect("../../login.aspx");
            }
        }

    }

Any thoughts? Thanks for the help!

A: 

Ok, so I found a workaround... I moved my hasAccess variable to be global and added an EndRequest handler. So I'm checking for hasAccess in EndRequest and doing the redirect from there.

Arthurdent510