使用httpModule作權限系統

時間 2019-11-13

標籤使用 httpmodule 權限系統简体版

原文原文鏈接

頁面請求過程：

根據這個流程，網上通常的權限驗證在：
Http.Module.AuthorizeRequest
Http.Module.PreRequestHandlerExecute

例如使用前者：web

using System;
using System.Web;
using System.Security.Principal;
namespace MyModules
{
     public class CustomModule : IHttpModule
    {
         public CustomModule() { }
         public void Dispose() { }
         public void Init(HttpApplication app)
        {
             // 創建安全模塊
            app.AuthenticateRequest += new EventHandler( this .AuthenticateRequest);
        }

         private void AuthenticateRequest( object o, EventArgs e)
        {
            HttpApplication app = (HttpApplication)o;
            HttpContext content = (HttpContext)app.Context;

             if ((app.Request[ " userid " ] == null ) || (app.Request[ " password " ] == null ))
            {
                content.Response.Write( " 未提供必需的參數!! " );
                content.Response.End();
            }

             string userid = app.Request[ " userid " ].ToString();
             string password = app.Request[ " password " ].ToString();
             string [] strRoles = AuthenticateAndGetRoles(userid, password);
             if ((strRoles == null ) || (strRoles.GetLength( 0 ) == 0 ))
            {
                content.Response.Write( " 未找到相配的角色!! " );
                app.CompleteRequest();
            }
            GenericIdentity objIdentity = new GenericIdentity(userid, " CustomAuthentication " );
            content.User = new GenericPrincipal(objIdentity, strRoles);
        }

         private string [] AuthenticateAndGetRoles( string r_strUserID, string r_strPassword)
        {
             string [] strRoles = null ;
             if ((r_strUserID.Equals( " Steve " )) && (r_strPassword.Equals( " 15seconds " )))
            {
                strRoles = new String[ 1 ];
                strRoles[ 0 ] = " Administrator " ;
            }
             else if ((r_strUserID.Equals( " Mansoor " )) && (r_strPassword.Equals( " mas " )))
            {
                strRoles = new string [ 1 ];
                strRoles[ 0 ] = " User " ;
            }
             return strRoles;
        }
    }
}

  編輯Web.config文件:
   < system .web >
   < httpModules >
           < add    name ="Custom"    type ="MyModules.CustomModule,Custom" />
   </ httpModules >
   </ system.web >

  Custom.aspx頁面內容:

   < script    language ="c#"    runat ="server" >
  public    void    page_load(Object   obj,EventArgs   e)
  {
    lblMessage.Text    =     " <H1>Hi,    "     +    User.Identity.Name    +     " </H1> " ;
     if (User.IsInRole( " Administrator " ))
          lblRole.Text = " <H1>You   are   an   Administrator</H1> " ;
     else     if (User.IsInRole( " User " ))
          lblRole.Text    =     " <H1>You   are   a   normal   user</H1> " ;
  }
   </ script >
   < form    runat ="server" >
   < asp:Label    id ="lblMessage"    forecolor ="red"    font-size ="10pt"    runat ="server" />
   < asp:Label    id ="lblRole"    forecolor ="red"    font-size ="10pt"    runat ="server" />
   </ form >

或者使用後者：c#

using System;
using System.Web;
namespace MyModule
{
     public class MyModule : IHttpModule
    {
         public void Init(HttpApplication application)
        {
            application.AcquireRequestState += ( new
            EventHandler( this .Application_AcquireRequestState));
        }
         private void Application_AcquireRequestState(Object source, EventArgs e)
        {
            HttpApplication Application = (HttpApplication)source;
            User user = Application.Context.Sesseion[ " User " ];   // 獲取User
             string url = Application.Context.Request.Path;
             // 獲取客戶訪問的頁面
            Module module = xx; // 根據url獲得所在的模塊
             if ( ! RightChecker.HasRight(user, module))
                Application.Context.Server.Transfer( " ErrorPage.aspx " );
             // 若是沒有權限，引導到錯誤處理的頁面
        }
         public void Dispose()        {        }    }}

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。