http modules在.net安全认证中的作用
介绍一下如何在asp.net中使用http moudle创建自定义的安全认证
首先了解asp.net对web request的处理过程
http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request.
asp.net内置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我们可以修改这些现有的modules来增加新的功能,也可以新增modules来自定义功能.比如,我们可以自定义安全模块利用活动目录.
modules在http application event触发时被执行
IHTTP Module有以下两个方法
Init( HttpApplication objApplication)
为HttpApplication Events注册event handler.
Dispose()
Release the resources.
实现自定义custom http module的步骤
1.创建一个实现了IHTTPModule接口的类
2.在Init方法中注册Events
3.编写注册event的处理函数
4.在GAC中加入DLL
1)创建一个强名称文件
sn –k key.snk
2)将key文件加入到AssemblyInfo.cs的属性AssemblyKeyFile中
3)gacutil /i CustomModule.dll
5.在web.config注册HttpModule
实例:一个基于数据库身份认证的自定义Module
转自:http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感谢原作者:jecray !!
首先了解asp.net对web request的处理过程
http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request.
asp.net内置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我们可以修改这些现有的modules来增加新的功能,也可以新增modules来自定义功能.比如,我们可以自定义安全模块利用活动目录.
modules在http application event触发时被执行
IHTTP Module有以下两个方法
Init( HttpApplication objApplication)
为HttpApplication Events注册event handler.
Dispose()
Release the resources.
实现自定义custom http module的步骤
1.创建一个实现了IHTTPModule接口的类
using
System;
using System.Web;
namespace CustomModule
{
public class CustomAuthnModule : IHttpModule
{
public CustomAuthnModule()
{
}
public void Init(HttpApplication objHttpApp)
{
}
public void Dispose()
{
}
}
}
using System.Web;
namespace CustomModule
{
public class CustomAuthnModule : IHttpModule
{
public CustomAuthnModule()
{
}
public void Init(HttpApplication objHttpApp)
{
}
public void Dispose()
{
}
}
}
2.在Init方法中注册Events
public
void
Init(HttpApplication objHttpApp)
{
objHttpApp.AuthenticateRequest += new EventHanlder( this .CustomAuthentication);
}
{
objHttpApp.AuthenticateRequest += new EventHanlder( this .CustomAuthentication);
}
3.编写注册event的处理函数
private
void
CustomAuthentication (
object
sender,EventArgs evtArgs)
{
HttpApplication objHttpApp = (HttpApplication) sender;
objHttpApp.Context.Response.Write( " Custom Authentication Module is Invoked " );
}
{
HttpApplication objHttpApp = (HttpApplication) sender;
objHttpApp.Context.Response.Write( " Custom Authentication Module is Invoked " );
}
4.在GAC中加入DLL
1)创建一个强名称文件
sn –k key.snk
2)将key文件加入到AssemblyInfo.cs的属性AssemblyKeyFile中
3)gacutil /i CustomModule.dll
5.在web.config注册HttpModule
<
httpmodules
/><
httpModules
>
< add name ="ModuleName" type ="Namespace.ClassName" ,"AssemlbyName" >
</ add >
</ httpModules > </ httpModules >
< add name ="ModuleName" type ="Namespace.ClassName" ,"AssemlbyName" >
</ add >
</ httpModules > </ httpModules >
实例:一个基于数据库身份认证的自定义Module
using
System;
using System.Web;
using System.Data;
using System.Data.SqlClient;
namespace CustomAuthorizationModule
{
public class CustomAuthorizationModule : IHttpModule
{
public CustomAuthorizationModule()
{
}
public void Init(HttpApplication objApp)
{
objApp.AuthorizeRequest += new
EventHandler( this .CustomDBAuthorization);
}
public void Dispose()
{
}
private void CustomDBAuthorization( object sender,EventArgs
evtArgs)
{
HttpApplication objApplication = (HttpApplication)sender;
string sAppPath,sUsrName;
bool bAuthorized = false ;
sAppPath = objApplication.Request.FilePath.ToString();
sUsrName = objApplication.Request.Params[ 0 ].ToString();
bAuthorized = DBAuthorize(sUsrName,sAppPath);
if (bAuthorized)
{
objApplication.Context.Response.Write( " Authorized User " );
}
else
{
objApplication.Context.Response.Write( " UnAuthorized User " );
objApplication.Response.End();
}
}
private string DBAuthorize( string sUsrName, string sAppPath)
{
SqlConnection sqlConn = new SqlConnection()
sqlConn.ConnectionString = " user id=sa;Pwd=password;Data Source=localhost;Initial
Catalog = Northwind " );
SqlCommand sqlCmd = new SqlCommand();
SqlParameter sqlParam = new SqlParameter();
sqlCmd.Connection = sqlConn;
sqlConn.Open();
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.CommandText = " sAuthorizeURL " ;
sqlParam = sqlCmd.Parameters.Add ( " @UserName " ,SqlDbType.VarChar, 30 );
sqlParam = sqlCmd.Parameters.Add( " @URLPath " ,SqlDbType.VarChar, 40 );
sqlCmd.Parameters[ " @UserName " ].Value = sUsrName;
sqlCmd.Parameters[ " @URLPath " ].Value = sAppPath;
string res = sqlCmd.ExecuteScalar().ToString();
if (res == " Authorized " )
{
return true ;
}
else
{
return false ;
}
}
}
}
using System.Web;
using System.Data;
using System.Data.SqlClient;
namespace CustomAuthorizationModule
{
public class CustomAuthorizationModule : IHttpModule
{
public CustomAuthorizationModule()
{
}
public void Init(HttpApplication objApp)
{
objApp.AuthorizeRequest += new
EventHandler( this .CustomDBAuthorization);
}
public void Dispose()
{
}
private void CustomDBAuthorization( object sender,EventArgs
evtArgs)
{
HttpApplication objApplication = (HttpApplication)sender;
string sAppPath,sUsrName;
bool bAuthorized = false ;
sAppPath = objApplication.Request.FilePath.ToString();
sUsrName = objApplication.Request.Params[ 0 ].ToString();
bAuthorized = DBAuthorize(sUsrName,sAppPath);
if (bAuthorized)
{
objApplication.Context.Response.Write( " Authorized User " );
}
else
{
objApplication.Context.Response.Write( " UnAuthorized User " );
objApplication.Response.End();
}
}
private string DBAuthorize( string sUsrName, string sAppPath)
{
SqlConnection sqlConn = new SqlConnection()
sqlConn.ConnectionString = " user id=sa;Pwd=password;Data Source=localhost;Initial
Catalog = Northwind " );
SqlCommand sqlCmd = new SqlCommand();
SqlParameter sqlParam = new SqlParameter();
sqlCmd.Connection = sqlConn;
sqlConn.Open();
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.CommandText = " sAuthorizeURL " ;
sqlParam = sqlCmd.Parameters.Add ( " @UserName " ,SqlDbType.VarChar, 30 );
sqlParam = sqlCmd.Parameters.Add( " @URLPath " ,SqlDbType.VarChar, 40 );
sqlCmd.Parameters[ " @UserName " ].Value = sUsrName;
sqlCmd.Parameters[ " @URLPath " ].Value = sAppPath;
string res = sqlCmd.ExecuteScalar().ToString();
if (res == " Authorized " )
{
return true ;
}
else
{
return false ;
}
}
}
}
转自:http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感谢原作者:jecray !!