Following the solution found at Can I access session state from an HTTPModule?, I am able to access the session state from an IHttpModule. I'm using it to control access to some files, so in the event someone doesn't have access, I would like to redirect them to a login page. When I try to do a HttpContext.Current.Response.Redirect(page); it locks the web server up. So my post acquire request state function looks like this...
void Application_PostAcquireRequestState(object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
MyHttpHandler resourceHttpHandler = HttpContext.Current.Handler as MyHttpHandler;
if (resourceHttpHandler != null)
{
// set the original handler back
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
}
HttpContext context = HttpContext.Current;
string filePath = context.Request.FilePath;
context.Trace.Write("HttpDownloadModule", "File path: " + filePath);
Boolean hasAccess = true;
if (filePath.Contains("content/downloads"))
{
//check to make sure a session has been established already....
if (context.Session == null)
hasAccess = false;
SecurityBLL security = new SecurityBLL();
string fileName = filePath.Split('/').Last();
//check to see if a user is logged in
if (!CitrixAccess.loggedin)
hasAccess = false;
//check access for download
if (!security.checkSecurityByDownload(fileName))
hasAccess = false;
if (!hasAccess)
{
HttpContext.Current.Handler = resourceHttpHandler.OriginalHandler;
HttpContext.Current.Response.Redirect("../../login.aspx");
}
}
}
Any thoughts? Thanks for the help!
Ok, so I found a workaround... I moved my hasAccess variable to be global and added an EndRequest handler. So I'm checking for hasAccess in EndRequest and doing the redirect from there.