介绍一下如何在asp.net中使用http moudle创建自定义的安全认证
首先了解asp.net对web request的处理过程
http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request.
asp.net内置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我们可以修改这些现有的modules来增加新的功能,也可以新增modules来自定义功能.比如,我们可以自定义安全模块利用活动目录.
modules在http application event触发时被执行
IHTTP Module有以下两个方法
Init( HttpApplication objApplication)
为HttpApplication Events注册event handler.
Dispose()
Release the resources.
实现自定义custom http module的步骤
1.创建一个实现了IHTTPModule接口的类
using
System;
using
System.Web;
namespace
CustomModule {
public
class
CustomAuthnModule : IHttpModule {
public
CustomAuthnModule() { }
public
void
Init(HttpApplication objHttpApp) { }
public
void
Dispose() { } } }
2.在Init方法中注册Events
public
void
Init(HttpApplication objHttpApp) { objHttpApp.AuthenticateRequest
+=
new
EventHanlder(
this
.CustomAuthentication); }
3.编写注册event的处理函数
private
void
CustomAuthentication (
object
sender,EventArgs evtArgs) { HttpApplication objHttpApp
=
(HttpApplication) sender; objHttpApp.Context.Response.Write(
"
Custom Authentication Module is Invoked
"
); }
4.在GAC中加入DLL
1)创建一个强名称文件
sn –k key.snk
2)将key文件加入到AssemblyInfo.cs的属性AssemblyKeyFile中
3)gacutil /i CustomModule.dll
5.在web.config注册HttpModule
<
httpmodules
/><
httpModules
>
<
add
name
="ModuleName"
type
="Namespace.ClassName"
,"AssemlbyName"
>
</
add
>
</
httpModules
>
</
httpModules
>
实例:一个基于数据库身份认证的自定义Module
using
System;
using
System.Web;
using
System.Data;
using
System.Data.SqlClient;
namespace
CustomAuthorizationModule {
public
class
CustomAuthorizationModule : IHttpModule {
public
CustomAuthorizationModule() { }
public
void
Init(HttpApplication objApp) { objApp.AuthorizeRequest
+=
new
EventHandler(
this
.CustomDBAuthorization); }
public
void
Dispose() { }
private
void
CustomDBAuthorization(
object
sender,EventArgs evtArgs) { HttpApplication objApplication
=
(HttpApplication)sender;
string
sAppPath,sUsrName;
bool
bAuthorized
=
false
; sAppPath
=
objApplication.Request.FilePath.ToString(); sUsrName
=
objApplication.Request.Params[
0
].ToString(); bAuthorized
=
DBAuthorize(sUsrName,sAppPath);
if
(bAuthorized) { objApplication.Context.Response.Write(
"
Authorized User
"
); }
else
{ objApplication.Context.Response.Write(
"
UnAuthorized User
"
); objApplication.Response.End(); } }
private
string
DBAuthorize(
string
sUsrName,
string
sAppPath) { SqlConnection sqlConn
=
new
SqlConnection() sqlConn.ConnectionString
=
"
user id=sa;Pwd=password;Data Source=localhost;Initial
Catalog
=
Northwind
"
);
SqlCommand sqlCmd
=
new
SqlCommand(); SqlParameter sqlParam
=
new
SqlParameter(); sqlCmd.Connection
=
sqlConn; sqlConn.Open(); sqlCmd.CommandType
=
CommandType.StoredProcedure; sqlCmd.CommandText
=
"
sAuthorizeURL
"
; sqlParam
=
sqlCmd.Parameters.Add (
"
@UserName
"
,SqlDbType.VarChar,
30
); sqlParam
=
sqlCmd.Parameters.Add(
"
@URLPath
"
,SqlDbType.VarChar,
40
); sqlCmd.Parameters[
"
@UserName
"
].Value
=
sUsrName; sqlCmd.Parameters[
"
@URLPath
"
].Value
=
sAppPath;
string
res
=
sqlCmd.ExecuteScalar().ToString();
if
(res
==
"
Authorized
"
) {
return
true
; }
else
{
return
false
; } } } }
转自:http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感谢原作者:jecray !!
转载于:https://www.cnblogs.com/tuyile006/archive/2007/09/10/888147.html
相关资源:数据结构—成绩单生成器
