HttpModule通过对HttpApplication对象的一系列事件的处理来对HTTP处理管道施加影响。这些事件要在HttpModule的Init方法中进行注册,包括:BeginRequest,AuthenticateRequest, AuthorizeRequest, ResolveRequestCache, AcquireRequestState, PreRequestHandlerExecute, PostRequestHandlerExecute, ReleaseRequestState, UpdateRequestCache, EndRequest。
using System;
using System.Web;
using System.Security.Principal;
namespace xumh
{
/// <summary>
///
/// 实现HttpModule:
/// 1、编写类实现IHttpModule
/// 2、编译为类库:csc /t:library testhttpmodule.cs
/// 3、要让你的WEB页面使用它,必须在web.config中注册。
/// <httpModules>
/// <add name="xumhHttpModule" type="xumh.testHttpModule,testHttpModule"/>
/// <add name="随便起个名字" type="空间.类名,dll文件不带扩展名 />
/// </httpModules>
/// 4、本HttpModule处理注册,为方便测试需要禁用匿名访问,如下:
/// <authorization>
/// <deny users="?"/>
/// </authorization>
/// </summary>
public class testHttpModule : IHttpModule
{
public void Dispose()
{
throw new NotImplementedException();
}
public void Init(HttpApplication context)
{//里面我们可以注册很多的事件
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
}
//AuthenticateRequest
void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = (HttpContext)app.Context;
if ( app.Request["userid"] == null || app.Request["password"] ==null)
{
context.Response.Write("用户名或者密码为空,验证失败!");
app.Response.End();
}
//
string userid = app.Request["userid"].ToString();
string password = app.Request["password"].ToString();
string[] roles = AuthenticateAndGetRoles(userid, password);//获取用户权限表
if (roles==null || roles.GetLength(0) ==0)
{
app.Response.Write("用户名或者密码错误,验证失败!");
app.CompleteRequest();//终止一个http请求
}
GenericIdentity identity = new GenericIdentity(userid, "CustomAuthentication");
context.User = new GenericPrincipal(identity, roles);
}
//AuthenticateAndGetRoles
private string[] AuthenticateAndGetRoles(string userid, string password)
{
string[] roles = null;
if (userid.Equals("xuminghui") && password.Equals("1234"))
{
roles = new string[1];
roles[0] = "Administrator";
}
else if (userid.Equals("haohao") && password.Equals("1017"))
{
roles = new string[1];
roles[0] = "User";
}
return roles;
}
}
}
详细处理流程见下图using System.Web;
using System.Security.Principal;
namespace xumh
{
/// <summary>
///
/// 实现HttpModule:
/// 1、编写类实现IHttpModule
/// 2、编译为类库:csc /t:library testhttpmodule.cs
/// 3、要让你的WEB页面使用它,必须在web.config中注册。
/// <httpModules>
/// <add name="xumhHttpModule" type="xumh.testHttpModule,testHttpModule"/>
/// <add name="随便起个名字" type="空间.类名,dll文件不带扩展名 />
/// </httpModules>
/// 4、本HttpModule处理注册,为方便测试需要禁用匿名访问,如下:
/// <authorization>
/// <deny users="?"/>
/// </authorization>
/// </summary>
public class testHttpModule : IHttpModule
{
public void Dispose()
{
throw new NotImplementedException();
}
public void Init(HttpApplication context)
{//里面我们可以注册很多的事件
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
}
//AuthenticateRequest
void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = (HttpContext)app.Context;
if ( app.Request["userid"] == null || app.Request["password"] ==null)
{
context.Response.Write("用户名或者密码为空,验证失败!");
app.Response.End();
}
//
string userid = app.Request["userid"].ToString();
string password = app.Request["password"].ToString();
string[] roles = AuthenticateAndGetRoles(userid, password);//获取用户权限表
if (roles==null || roles.GetLength(0) ==0)
{
app.Response.Write("用户名或者密码错误,验证失败!");
app.CompleteRequest();//终止一个http请求
}
GenericIdentity identity = new GenericIdentity(userid, "CustomAuthentication");
context.User = new GenericPrincipal(identity, roles);
}
//AuthenticateAndGetRoles
private string[] AuthenticateAndGetRoles(string userid, string password)
{
string[] roles = null;
if (userid.Equals("xuminghui") && password.Equals("1234"))
{
roles = new string[1];
roles[0] = "Administrator";
}
else if (userid.Equals("haohao") && password.Equals("1017"))
{
roles = new string[1];
roles[0] = "User";
}
return roles;
}
}
}
