问题
Added an AuthorizeImage eventhandler to image access restriction. Noticed the following when i was trying to check the users name and authenticationstatus:
Below will not result in exception, but seem to break it. Default icon for image not found is displayed no matter authenticated or not. Tested this.User = same result. HttpContext.Current.User = same result
Config.Current.Pipeline.AuthorizeImage += delegate(IHttpModule sender, HttpContext context, IUrlAuthorizationEventArgs e)
{
if (context.User.Identity.IsAuthenticated) { context.Response.Redirect("http://db2.stb00.s-msn.com/i/AF/263B63C5E656379CEE93E7A8692EC7.gif"); }
};
The below work just fine(this.User and HttpCOntext.Current.User as well)
Config.Current.Pipeline.AuthorizeImage += delegate(IHttpModule sender, HttpContext context, IUrlAuthorizationEventArgs e)
{
context.Response.Redirect("http://db2.stb00.s-msn.com/i/AF/263B63C5E656379CEE93E7A8692EC7.gif");
};
This always redirects
Config.Current.Pipeline.AuthorizeImage += delegate(IHttpModule sender, HttpContext context, IUrlAuthorizationEventArgs e)
{
if (context.User == null)
context.Response.Redirect("http://db2.stb00.s-msn.com/i/AF/263B63C5E656379CEE93E7A8692EC7.gif");
};
I started testing in Application_Start but actually tried Application_PostAuthenticateRequest as well. Though the result where the same. Im authenticating via custom code but using standard formsatuhentication to set the cookie. [Authorize] works fine in the application. Any suggestion to what could have gone wrong here?
回答1:
Your server is configured to only run the FormsAuthenticationModule for certain request extensions, such as .aspx, .ashx, etc. There are two ways to solve this.
- Remove and re-add the FormsAuthenticationModule in
<system.webServer> <modules>(For Integrated Mode), dropping the precondition="managedHandler" attribute: - Enable RAMMFAR (runAllManagedModulesForAllRequests)
This post contains more details about implementing #1 and #2:
How do I protect static files with ASP.NET form authentication on IIS 7.5?
来源:https://stackoverflow.com/questions/11730569/image-resizer-user-identity-in-eventhandler