在 GlimpseSecurityPolicy RuntimeEvent.ExecuteResource 中检索会话
Retrieve the Session in the GlimpseSecurityPolicy RuntimeEvent.ExecuteResource
使用 glimpse 我可以访问使用 RuntimeEvent.ExecuteResource 时接受的会话信息。如果没有这个,axd 文件就会暴露出来,除非特定用户登录,否则我宁愿禁用它。在下面的两个示例中,会话将为空。我也试过让 class 实现 IRequiresSessionState 但这也没有帮助。
namespace Glimpse
{
public class GlimpseSecurityPolicy:IRuntimePolicy
{
public RuntimePolicy Execute(IRuntimePolicyContext policyContext)
{
try
{
var name = HttpContext.Current.Session["username"];
var name2 = policyContext.GetHttpContext().Session["username"];
}
catch (Exception)
{
}
// You can perform a check like the one below to control Glimpse's permissions within your application.
// More information about RuntimePolicies can be found at http://getglimpse.com/Help/Custom-Runtime-Policy
// var httpContext = policyContext.GetHttpContext();
// if (!httpContext.User.IsInRole("Administrator"))
// {
// return RuntimePolicy.Off;
// }
return RuntimePolicy.On;
}
public RuntimeEvent ExecuteOn
{
// The RuntimeEvent.ExecuteResource is only needed in case you create a security policy
// Have a look at http://blog.getglimpse.com/2013/12/09/protect-glimpse-axd-with-your-custom-runtime-policy/ for more details
get { return RuntimeEvent.EndRequest | RuntimeEvent.ExecuteResource; }
}
}
}
原因是 Glimpse HttpHandler which processes the requests for Glimpse.axd does not implement the IRequireSessionState 界面。
HttpHandler 最终将执行所有 IRuntimePolicy 个实例,这些实例将 RuntimeEvent.ExecuteResource 配置为 ExecuteOn 属性 值的一部分。
我认为对您来说最简单的解决方案是创建自己的 IHttpHandler 来实现 IRequireSessionState 接口并将所有调用转发给 Glimpse HttpHandler,如下所示。
public class SessionAwareGlimpseHttpHandler : IHttpHandler, IRequiresSessionState
{
private readonly HttpHandler _glimpseHttpHandler =
new Glimpse.AspNet.HttpHandler();
public void ProcessRequest(HttpContext context)
{
_glimpseHttpHandler.ProcessRequest(context);
}
public bool IsReusable
{
get { return _glimpseHttpHandler.IsReusable; }
}
}
不要忘记更新您的 web.config 以使用该处理程序而不是原来的处理程序:
...
<system.webServer>
...
<handlers>
<add name="Glimpse" path="glimpse.axd" verb="GET" type="YourNamespace.SessionAwareGlimpseHttpHandler, YourAssembly" preCondition="integratedMode" />
</handlers>
...
</system.webServer>
...
完成所有这些后,您应该能够访问 IRuntimePolicy 中的 Session。
使用 glimpse 我可以访问使用 RuntimeEvent.ExecuteResource 时接受的会话信息。如果没有这个,axd 文件就会暴露出来,除非特定用户登录,否则我宁愿禁用它。在下面的两个示例中,会话将为空。我也试过让 class 实现 IRequiresSessionState 但这也没有帮助。
namespace Glimpse
{
public class GlimpseSecurityPolicy:IRuntimePolicy
{
public RuntimePolicy Execute(IRuntimePolicyContext policyContext)
{
try
{
var name = HttpContext.Current.Session["username"];
var name2 = policyContext.GetHttpContext().Session["username"];
}
catch (Exception)
{
}
// You can perform a check like the one below to control Glimpse's permissions within your application.
// More information about RuntimePolicies can be found at http://getglimpse.com/Help/Custom-Runtime-Policy
// var httpContext = policyContext.GetHttpContext();
// if (!httpContext.User.IsInRole("Administrator"))
// {
// return RuntimePolicy.Off;
// }
return RuntimePolicy.On;
}
public RuntimeEvent ExecuteOn
{
// The RuntimeEvent.ExecuteResource is only needed in case you create a security policy
// Have a look at http://blog.getglimpse.com/2013/12/09/protect-glimpse-axd-with-your-custom-runtime-policy/ for more details
get { return RuntimeEvent.EndRequest | RuntimeEvent.ExecuteResource; }
}
}
}
原因是 Glimpse HttpHandler which processes the requests for Glimpse.axd does not implement the IRequireSessionState 界面。
HttpHandler 最终将执行所有 IRuntimePolicy 个实例,这些实例将 RuntimeEvent.ExecuteResource 配置为 ExecuteOn 属性 值的一部分。
我认为对您来说最简单的解决方案是创建自己的 IHttpHandler 来实现 IRequireSessionState 接口并将所有调用转发给 Glimpse HttpHandler,如下所示。
public class SessionAwareGlimpseHttpHandler : IHttpHandler, IRequiresSessionState
{
private readonly HttpHandler _glimpseHttpHandler =
new Glimpse.AspNet.HttpHandler();
public void ProcessRequest(HttpContext context)
{
_glimpseHttpHandler.ProcessRequest(context);
}
public bool IsReusable
{
get { return _glimpseHttpHandler.IsReusable; }
}
}
不要忘记更新您的 web.config 以使用该处理程序而不是原来的处理程序:
...
<system.webServer>
...
<handlers>
<add name="Glimpse" path="glimpse.axd" verb="GET" type="YourNamespace.SessionAwareGlimpseHttpHandler, YourAssembly" preCondition="integratedMode" />
</handlers>
...
</system.webServer>
...
完成所有这些后,您应该能够访问 IRuntimePolicy 中的 Session。