首先了解asp.net对web request的处理过程
http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request.
asp.net内置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我们可以修改这些现有的modules来增加新的功能,也可以新增modules来自定义功能.比如,我们可以自定义安全模块利用活动目录.
modules在http application event触发时被执行
IHTTP Module有以下两个方法
Init( HttpApplication objApplication)
为HttpApplication Events注册event handler.
Dispose()
Release the resources.
实现自定义custom http module的步骤
1.创建一个实现了IHTTPModule接口的类
using System;
using System.Web;
namespace CustomModule
{
public class CustomAuthnModule : IHttpModule
{
public CustomAuthnModule()
{
}
public void Init(HttpApplication objHttpApp)
{
}
public void Dispose()
{
}
}
}
using System.Web;
namespace CustomModule
{
public class CustomAuthnModule : IHttpModule
{
public CustomAuthnModule()
{
}
public void Init(HttpApplication objHttpApp)
{
}
public void Dispose()
{
}
}
}
2.在Init方法中注册Events
public void Init(HttpApplication objHttpApp)
{
objHttpApp.AuthenticateRequest+=new EventHanlder(this.CustomAuthentication);
}
{
objHttpApp.AuthenticateRequest+=new EventHanlder(this.CustomAuthentication);
}
3.编写注册event的处理函数
private void CustomAuthentication (object sender,EventArgs evtArgs)
{
HttpApplication objHttpApp=(HttpApplication) sender;
objHttpApp.Context.Response.Write("Custom Authentication Module is Invoked");
}
{
HttpApplication objHttpApp=(HttpApplication) sender;
objHttpApp.Context.Response.Write("Custom Authentication Module is Invoked");
}
4.在GAC中加入DLL
1)创建一个强名称文件
sn –k key.snk
2)将key文件加入到AssemblyInfo.cs的属性AssemblyKeyFile中
3)gacutil /i CustomModule.dll
5.在web.config注册HttpModule
<httpmodules /><httpModules>
<add name ="ModuleName" type="Namespace.ClassName","AssemlbyName">
</add >
</httpModules> </httpModules>
<add name ="ModuleName" type="Namespace.ClassName","AssemlbyName">
</add >
</httpModules> </httpModules>
实例:一个基于数据库身份认证的自定义Module
using System;
using System.Web;
using System.Data;
using System.Data.SqlClient;
namespace CustomAuthorizationModule
{
public class CustomAuthorizationModule : IHttpModule
{
public CustomAuthorizationModule()
{
}
public void Init(HttpApplication objApp)
{
objApp.AuthorizeRequest += new
EventHandler(this.CustomDBAuthorization);
}
public void Dispose()
{
}
private void CustomDBAuthorization(object sender,EventArgs
evtArgs)
{
HttpApplication objApplication =(HttpApplication)sender;
string sAppPath,sUsrName;
bool bAuthorized = false;
sAppPath=objApplication.Request.FilePath.ToString();
sUsrName=objApplication.Request.Params[0].ToString();
bAuthorized = DBAuthorize(sUsrName,sAppPath);
if(bAuthorized)
{
objApplication.Context.Response.Write("Authorized User");
}
else
{
objApplication.Context.Response.Write("UnAuthorized User");
objApplication.Response.End();
}
}
private string DBAuthorize(string sUsrName,string sAppPath)
{
SqlConnection sqlConn=new SqlConnection()
sqlConn.ConnectionString="user id=sa;Pwd=password;Data Source=localhost;Initial
Catalog=Northwind");
SqlCommand sqlCmd=new SqlCommand();
SqlParameter sqlParam=new SqlParameter();
sqlCmd.Connection=sqlConn;
sqlConn.Open();
sqlCmd.CommandType=CommandType.StoredProcedure;
sqlCmd.CommandText="sAuthorizeURL";
sqlParam = sqlCmd.Parameters.Add ("@UserName",SqlDbType.VarChar,30);
sqlParam = sqlCmd.Parameters.Add("@URLPath",SqlDbType.VarChar,40);
sqlCmd.Parameters["@UserName"].Value=sUsrName;
sqlCmd.Parameters["@URLPath"].Value=sAppPath;
string res=sqlCmd.ExecuteScalar().ToString();
if(res == "Authorized")
{
return true;
}
else
{
return false;
}
}
}
}
using System.Web;
using System.Data;
using System.Data.SqlClient;
namespace CustomAuthorizationModule
{
public class CustomAuthorizationModule : IHttpModule
{
public CustomAuthorizationModule()
{
}
public void Init(HttpApplication objApp)
{
objApp.AuthorizeRequest += new
EventHandler(this.CustomDBAuthorization);
}
public void Dispose()
{
}
private void CustomDBAuthorization(object sender,EventArgs
evtArgs)
{
HttpApplication objApplication =(HttpApplication)sender;
string sAppPath,sUsrName;
bool bAuthorized = false;
sAppPath=objApplication.Request.FilePath.ToString();
sUsrName=objApplication.Request.Params[0].ToString();
bAuthorized = DBAuthorize(sUsrName,sAppPath);
if(bAuthorized)
{
objApplication.Context.Response.Write("Authorized User");
}
else
{
objApplication.Context.Response.Write("UnAuthorized User");
objApplication.Response.End();
}
}
private string DBAuthorize(string sUsrName,string sAppPath)
{
SqlConnection sqlConn=new SqlConnection()
sqlConn.ConnectionString="user id=sa;Pwd=password;Data Source=localhost;Initial
Catalog=Northwind");
SqlCommand sqlCmd=new SqlCommand();
SqlParameter sqlParam=new SqlParameter();
sqlCmd.Connection=sqlConn;
sqlConn.Open();
sqlCmd.CommandType=CommandType.StoredProcedure;
sqlCmd.CommandText="sAuthorizeURL";
sqlParam = sqlCmd.Parameters.Add ("@UserName",SqlDbType.VarChar,30);
sqlParam = sqlCmd.Parameters.Add("@URLPath",SqlDbType.VarChar,40);
sqlCmd.Parameters["@UserName"].Value=sUsrName;
sqlCmd.Parameters["@URLPath"].Value=sAppPath;
string res=sqlCmd.ExecuteScalar().ToString();
if(res == "Authorized")
{
return true;
}
else
{
return false;
}
}
}
}
转自:http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感谢原作者:jecray !!