HttpModule,对ASP.NET的事件处理进行过滤,干预

HttpModule通过对HttpApplication对象的一系列事件的处理来对HTTP处理管道施加影响。这些事件要在HttpModuleInit方法中进行注册,包括:BeginRequestAuthenticateRequest AuthorizeRequest ResolveRequestCache AcquireRequestState PreRequestHandlerExecute PostRequestHandlerExecute ReleaseRequestState UpdateRequestCache EndRequest

using  System;
using  System.Web;
using  System.Security.Principal;

namespace  xumh
{
    
///   <summary>
    
///  
    
///  实现HttpModule:
    
///  1、编写类实现IHttpModule
    
///  2、编译为类库:csc /t:library testhttpmodule.cs
    
///  3、要让你的WEB页面使用它,必须在web.config中注册。
    
///   <httpModules>  
    
///   <add name="xumhHttpModule" type="xumh.testHttpModule,testHttpModule"/>
    
///   <add name="随便起个名字" type="空间.类名,dll文件不带扩展名 />
    
///   </httpModules>
    
///  4、本HttpModule处理注册,为方便测试需要禁用匿名访问,如下:
    
///          <authorization>
    
///               <deny users="?"/>
    
///          </authorization>
    
///   </summary>
     public   class  testHttpModule : IHttpModule
    {
        
public   void  Dispose()
        {
            
throw   new  NotImplementedException();
        }

        
public   void  Init(HttpApplication context)
        {
// 里面我们可以注册很多的事件
            context.AuthenticateRequest  +=   new  EventHandler(context_AuthenticateRequest);
        }

        
// AuthenticateRequest
         void  context_AuthenticateRequest( object  sender, EventArgs e)
        {
            HttpApplication app 
=  (HttpApplication)sender;
            HttpContext context 
=  (HttpContext)app.Context;
            
if  ( app.Request[ " userid " ==   null   ||  app.Request[ " password " == null )
            {
                context.Response.Write(
" 用户名或者密码为空,验证失败! " );
                app.Response.End();
            }
            
//
             string  userid  =  app.Request[ " userid " ].ToString();
            
string  password  =  app.Request[ " password " ].ToString();
            
string [] roles  =  AuthenticateAndGetRoles(userid, password); // 获取用户权限表
             if  (roles == null   ||  roles.GetLength( 0 == 0 )
            {
                app.Response.Write(
" 用户名或者密码错误,验证失败! " );
                app.CompleteRequest();
// 终止一个http请求
            }
            GenericIdentity identity 
=   new  GenericIdentity(userid,  " CustomAuthentication " );
            context.User 
=   new  GenericPrincipal(identity, roles);

        }

        
// AuthenticateAndGetRoles
         private   string [] AuthenticateAndGetRoles( string  userid,  string  password)
        {
            
string [] roles  =   null ;
            
if  (userid.Equals( " xuminghui " &&  password.Equals( " 1234 " ))
            {
                roles 
=   new   string [ 1 ];
                roles[
0 =   " Administrator " ;
            }
            
else   if  (userid.Equals( " haohao " &&  password.Equals( " 1017 " ))
            {
                roles 
=   new   string [ 1 ];
                roles[
0 =   " User " ;
            }
            
return  roles;
        }

    }

}
详细处理流程见下图
HttpModule,对ASP.NET的事件处理进行过滤,干预

你可能感兴趣的:(asp.net)