DBMNG数据库管理与应用

抓住自己最有兴趣的东西,由浅入深,循序渐进地学……
当前位置:首页 > 服务器配置 > IIS&ASP

C# asp.net IHttpModule实现登录权限控制,实现过滤器filter效果

为了在正式项目上应用切面形式的权限控制,今天在IHttpModule上做了一个权限控制的测试项目。
在开发过程中,最郁闷的是碰到“会话状态在此上下文中不可用”的错误了,解决办法见下面的代码注释。
步骤如下:
1、新建网站,添加App_Code文件夹,新建MyHttpModule类,如下:
[csharp] view plain copy
using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Web;  
using System.Configuration;  
using System.Web.SessionState;  
/// <summary>  
///MyHttpModule 的摘要说明  
///作者:kogu 2010-03-26 转载请保留  
/// </summary>  
public class MyHttpModule : IHttpModule  
{  
    public MyHttpModule()  
    {  
        //  
        //TODO: 在此处添加构造函数逻辑  
        //  
    }  
    #region IHttpModule 成员  
    public void Dispose()  
    {  
    }  
    public void Init(HttpApplication context)  
    {  
        context.AcquireRequestState += new EventHandler(OnAcquireRequestState);  
    }  
    #endregion  
    public void OnAcquireRequestState(Object sender, EventArgs e)  
    {  
        HttpApplication context = sender as HttpApplication;  
        //请求路径  
        string path = context.Request.Path.ToLower();  
        // path.EndsWith(".aspx") 防止出现会话状态在此上下文中不可用错误   
        //非.aspx请求 是没有Session的,将会引发会话状态在此上下文中不可用错误   
        //这里取到的路径path 不会包含Get提交“?”后面的字符串,不用再加以判断了  
        if (path.EndsWith(".aspx"))  
        {  
            //如果是登录页面,给予放行  
            if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["login"]) && path.IndexOf(ConfigurationManager.AppSettings["login"].ToLower()) >= 0)  
            {  
                context.Response.Write("通过登录页面检证");  
            }  
            else if (context.Session != null && context.Session["Rights"] != null)  
            {  
                //执行权限鉴定  
                List<string> rights = context.Context.Session["Rights"] as List<string>;  
                if (!Rights.Path_Right.Keys.Contains<string>(path.Substring(Rights.PrePath.Length)))  
                {  
                    foreach (string key in Rights.Path_Right.Keys)  
                    {  
                        if (path.IndexOf(key) >= 0)  
                        {  
                            Rights.PrePath = path.Substring(0, path.IndexOf(key));  
                        }  
                    }  
                }  
                if (Rights.Path_Right.Keys.Contains<string>(path.Substring(Rights.PrePath.Length)) && rights.Contains<string>(Rights.Path_Right[path.Substring(Rights.PrePath.Length)]))  
                {  
                    context.Response.Write("通过检证");  
                }  
                else  
                {  
                    //无权操作,进入无权提标页面,可返回或者重新登录  
                    context.Response.Write("无权操作");  
                }  
            }  
            else  
            {  
                //转到错误页面  
                context.Response.Write("错误请求");            }  
        }  
    }  
}  
/// <summary>  
/// 所有功能权限存放类  
/// </summary>  
public class Rights  
{  
    private static string prePath = string.Empty;  
    /// <summary>  
    /// 路径前缀  
    /// </summary>  
    public static string PrePath  
    {  
        get { return Rights.prePath; }  
        set { Rights.prePath = value; }  
    }  
    private static Dictionary<string, string> path_Right = null;  
    /// <summary>  
    /// 路径功能ID对应字典  
    /// </summary>  
    public static Dictionary<string, string> Path_Right  
    {  
        get  
        {  
            if (path_Right == null)  
            {  
                path_Right = new Dictionary<string, string>();  
                path_Right.Add("/Default.aspx".ToLower(), "1");  
            }  
            return Rights.path_Right;  
        }  
        set { Rights.path_Right = value; }  
    }  
}  




2、配置web.config
[html] view plain copy
<?xml version="1.0"?>  
<!--   
    注意: 除了手动编辑此文件以外,您还可以使用   
    Web 管理工具来配置应用程序的设置。可以使用 Visual Studio 中的  
     “网站”->“Asp.Net 配置”选项。  
    设置和注释的完整列表在   
    machine.config.comments 中,该文件通常位于   
    \Windows\Microsoft.Net\Framework\v2.x\Config 中  
-->  
<configuration>  
 <configSections>  
  <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">  
   <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">  
    <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>  
    <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">  
     <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>  
     <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>  
     <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>  
     <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>  
    </sectionGroup>  
   </sectionGroup>  
  </sectionGroup>  
 </configSections>  
  <appSettings>  
    <add key="login" value="default.aspx" />      
  </appSettings>  
 <connectionStrings/>  
 <system.web>  
  <!--   
            设置 compilation debug="true" 可将调试符号插入  
            已编译的页面中。但由于这会   
            影响性能,因此只在开发过程中将此值   
            设置为 true。  
        -->  
  <compilation debug="true">  
   <assemblies>  
    <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>  
    <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
    <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>  
    <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>  
   </assemblies>  
  </compilation>  
  <!--  
            通过 <authentication> 节可以配置 ASP.NET 用来   
            识别进入用户的  
            安全身份验证模式。   
        -->  
  <authentication mode="Windows"/>  
  <!--  
            如果在执行请求的过程中出现未处理的错误,  
            则通过 <customErrors> 节可以配置相应的处理步骤。具体说来,  
            开发人员通过该节可以配置  
            要显示的 html 错误页  
            以代替错误堆栈跟踪。  
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">  
            <error statusCode="403" redirect="NoAccess.htm" />  
            <error statusCode="404" redirect="FileNotFound.htm" />  
        </customErrors>  
        -->  
  <pages>  
   <controls>  
    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
    <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
   </controls>  
  </pages>  
  <httpHandlers>  
   <remove verb="*" path="*.asmx"/>  
   <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
   <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
   <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>  
  </httpHandlers>  
  <httpModules>  
   <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
      <add name="MyHttpModule" type="MyHttpModule"/>  
  </httpModules>  
 </system.web>  
 <system.codedom>  
  <compilers>  
   <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">  
    <providerOption name="CompilerVersion" value="v3.5"/>  
    <providerOption name="WarnAsError" value="false"/>  
   </compiler>  
   <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">  
    <providerOption name="CompilerVersion" value="v3.5"/>  
    <providerOption name="OptionInfer" value="true"/>  
    <providerOption name="WarnAsError" value="false"/>  
   </compiler>  
  </compilers>  
 </system.codedom>  
 <!--   
        在 Internet 信息服务 7.0 下运行 ASP.NET AJAX 需要 system.webServer  
        节。对早期版本的 IIS 来说则不需要此节。  
    -->  
 <system.webServer>  
  <validation validateIntegratedModeConfiguration="false"/>  
  <modules>  
   <remove name="ScriptModule"/>  
   <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
      <add name="MyHttpModule" type="MyHttpModule"/>  
  </modules>  
  <handlers>  
   <remove name="WebServiceHandlerFactory-Integrated"/>  
   <remove name="ScriptHandlerFactory"/>  
   <remove name="ScriptHandlerFactoryAppServices"/>  
   <remove name="ScriptResource"/>  
   <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
   <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
   <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>  
  </handlers>  
 </system.webServer>  
 <runtime>  
  <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">  
   <dependentAssembly>  
    <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>  
    <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>  
   </dependentAssembly>  
   <dependentAssembly>  
    <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>  
    <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>  
   </dependentAssembly>  
  </assemblyBinding>  
 </runtime>  
</configuration>  




3、在页面添加两个按纽测试。
default.aspx
[html] view plain copy
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head runat="server">  
    <title></title>  
</head>  
<body>  
    <form id="form1" runat="server">  
    <div>  
        <asp:Button ID="Button1" runat="server" Text="Button" onclick="Button1_Click" />  
        <asp:Button ID="Button2" runat="server" Text="Button" onclick="Button2_Click" />  
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>  
    </div>  
    </form>  
</body>  
</html>  




default.aspx.cs
 
[csharp] view plain copy
using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Web;  
using System.Web.UI;  
using System.Web.UI.WebControls;  
public partial class _Default : System.Web.UI.Page  
{  
    protected void Page_Load(object sender, EventArgs e)  
    {  
    }  
    protected void Button1_Click(object sender, EventArgs e)  
    {  
        Session["Rights"] = new List<string>() { "1", "2", "3" };  
    }  
    protected void Button2_Click(object sender, EventArgs e)  
    {  
        Label1.Text = Server.MapPath("~");  
          
    }  
}  

本站文章内容,部分来自于互联网,若侵犯了您的权益,请致邮件chuanghui423#sohu.com(请将#换为@)联系,我们会尽快核实后删除。
Copyright © 2006-2023 DBMNG.COM All Rights Reserved. Powered by DEVSOARTECH            豫ICP备11002312号-2

豫公网安备 41010502002439号