How can I access session variables when the page is loaded using a SimpleWorkerRequest?_问答_开发者

How can I access session variables when the page is loaded using a SimpleWorkerRequest?

开发者 https://www.devze.com 2023-02-20 23:10 出处：网络

I\'m reading an ASPX file as a string and using the returned HTML as the source for an email message. This is the code:

I'm reading an ASPX file as a string and using the returned HTML as the source for an email message. This is the code:

public string GetEmailHTML(int itemId)
{
    string pageUrl = "HTMLEmail.aspx";

    StringWriter stringWriter = new StringWriter();
    HttpRuntime.ProcessRequest(new SimpleWorkerRequest(pageUrl, "ItemId=" + itemId.ToString(), stringWriter));
    stringWriter.Flush();
    stringWriter.Close();

    return stringWriter.ToString();
}

HTMLEmail.aspx uses the ItemId query string variable to load data from a DB and populate the page with results. I need to secure the HTMLEmail.aspx page so a manipulated query string isn't going to allow just anybody to see the results.

I store the current user like this开发者_C百科:

public User AuthenticatedUser
{
    get { return Session["User"] as User; }
    set { Session["User"] = value; }
}

Because the page request isn't made directly by the browser, but rather the SimpleWorkerRequest, there is no posted SessionId and therefore HTMLEmail.aspx cannot access any session variables. At least, I think that's the problem.

I've read the overview on session variables here: http://msdn.microsoft.com/en-us/library/ms178581.aspx

I'm wondering if I need to implement a custom session identifier. I can get the current SessionId inside the GetEmailHTML method and pass it as a query string param into HTMLEmail.aspx. If I have the SessionId inside HTMLEmail.aspx I could maybe use the custom session identifier to get access to the session variables.

That fix sounds messy. It also removes the encryption layer ASP automatically applies to the SessionId.

Anyone have a better idea?

As far as I can see, your best bet is to pass on all the values you need inside HTMLEmail.aspx to it via the query parameters, just like you do with ItemId.

Apart from that, you can probably get away with just sending in the UserId of the user to that page and make it hit the DB (or wherever you are storing your users) to the User object, instead of trying to read it off the Session variables.

Edit:

Why don't you use:

public string GetEmailHTML(int itemId)
{
    string pageUrl = "HTMLEmail.aspx";

    StringWriter stringWriter = new StringWriter();
    Server.Execute(pageUrl, stringWriter);
    stringWriter.Flush();
    stringWriter.Close();

    return stringWriter.ToString();
}

instead? As far as I can see Server.Execute inherits the same http request.