This webpage has a redirect loop in Global.asax

Question

The Goal is to redirect all users to my custom Security Page on each httpRequest as long as the Session variable is null or empty.

In Global.asax

The method causes an error as follows:

This webpage has a redirect loop The webpage has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

protected void Application_PostAuthorizeRequest()
{
  if ((Session["SecurityCodeApproved"] == null || !(bool)Session["SecurityCodeApproved"]))
  {
    Response.RedirectToRoute("Security");
  }
}

Answer 1

Do not do this in your Global.asax because as you have noticed, you will not always have a session every time that event fires. Also your code will fire on ALL requests, including those for resources like css, images, and JavaScript. What you want to do is use a Global Filter Attribute to perform your logic or if you are using WebForms, you want to do this at the Page Level.

When Filters are executed you are garaunteed a FilterContext that will have the request and the session objects you need.

You can then redirect to your security page, but make sure your filter attribute is ignored on your security point.

Answer 2

It looks like you are redirecting to the same page, checking if the session cookie is set, and if not, redirecting it again. Its going to continuously redirect itself, until a session cookie is set, and you aren't setting one. You need to either redirect elsewhere or set the cookie to break the loop.