Response.Redirect in Application_AcquireRequestState has resulted in too many redirects
Response.Redirect in Application_AcquireRequestState has resulted in too many redirects Using role-base security the most ideal place to ch...

Using role-base security the most ideal place to check if a user is still login is the Global.asax event: Application_AcquireRequestState.
And the most usual solution is:
if(Session["xxx"] != null) {
Respose.Redirect("xxx");
}
That will work on debug mode but not if deployed on web server. It produce different errors on different browsers, on chrome it has the most obvious error:
"The webpage at http://localhost/newctdnet/Error.aspx has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer."
The solution is to check first for new session:
if(Session.IsNewSession)
{
var pageName = HttpContext.Current.Request.Url.PathAndQuery.ToLower();
//special allowed page
var allowedPage = new[] { "/page1.aspx", "/page2.aspx" };
var listAllowedPage = new ArrayList(allowedPage);
if (!listAllowedPage.Contains(pageName))
{
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.RedirectToLoginPage();
}
}
}
Post a Comment