网站规划内容包括,网站建设整改情况汇报,wordpress 文章目录导航,会员视频网站建设介绍一下如何在asp.net中使用http moudle创建自定义的安全认证首先了解asp.net对web request的处理过程http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request.asp.net内置的Modules有Output Cache ModuleWindows Authentication ModuleForms Authentication Mo…介绍一下如何在asp.net中使用http moudle创建自定义的安全认证 首先了解asp.net对web request的处理过程 http modules是一个实现了IHTTPModule接口基础类. 用来处理Web Request. asp.net内置的Modules有 Output Cache Module Windows Authentication Module Forms Authentication Module Passport Authentication Module URL Authorization Module File Authorization Module 我们可以修改这些现有的modules来增加新的功能,也可以新增modules来自定义功能.比如,我们可以自定义安全模块利用活动目录. modules在http application event触发时被执行 IHTTP Module有以下两个方法 Init( HttpApplication objApplication) 为HttpApplication Events注册event handler. Dispose() Release the resources. 实现自定义custom http module的步骤 1.创建一个实现了IHTTPModule接口的类using System;using System.Web;namespace CustomModule {public class CustomAuthnModule : IHttpModule {public CustomAuthnModule() { }public void Init(HttpApplication objHttpApp) { }public void Dispose() { } } } 2.在Init方法中注册Eventspublic void Init(HttpApplication objHttpApp) { objHttpApp.AuthenticateRequestnew EventHanlder(this.CustomAuthentication); } 3.编写注册event的处理函数private void CustomAuthentication (object sender,EventArgs evtArgs) { HttpApplication objHttpApp(HttpApplication) sender; objHttpApp.Context.Response.Write(Custom Authentication Module is Invoked); } 4.在GAC中加入DLL 1)创建一个强名称文件 sn –k key.snk 2)将key文件加入到AssemblyInfo.cs的属性AssemblyKeyFile中 3)gacutil /i CustomModule.dll 5.在web.config注册HttpModulehttpmodules /httpModulesadd name ModuleName typeNamespace.ClassName,AssemlbyName/add /httpModules /httpModules 实例一个基于数据库身份认证的自定义Moduleusing System;using System.Web;using System.Data;using System.Data.SqlClient;namespace CustomAuthorizationModule {public class CustomAuthorizationModule : IHttpModule {public CustomAuthorizationModule() { }public void Init(HttpApplication objApp) { objApp.AuthorizeRequest new EventHandler(this.CustomDBAuthorization); }public void Dispose() { }private void CustomDBAuthorization(object sender,EventArgs evtArgs) { HttpApplication objApplication (HttpApplication)sender;string sAppPath,sUsrName;bool bAuthorized false; sAppPathobjApplication.Request.FilePath.ToString(); sUsrNameobjApplication.Request.Params[0].ToString(); bAuthorized DBAuthorize(sUsrName,sAppPath);if(bAuthorized) { objApplication.Context.Response.Write(Authorized User); }else { objApplication.Context.Response.Write(UnAuthorized User); objApplication.Response.End(); } }private string DBAuthorize(string sUsrName,string sAppPath) { SqlConnection sqlConnnew SqlConnection() sqlConn.ConnectionStringuser idsa;Pwdpassword;Data Sourcelocalhost;Initial CatalogNorthwind);SqlCommand sqlCmdnew SqlCommand(); SqlParameter sqlParamnew SqlParameter(); sqlCmd.ConnectionsqlConn; sqlConn.Open(); sqlCmd.CommandTypeCommandType.StoredProcedure; sqlCmd.CommandTextsAuthorizeURL; sqlParam sqlCmd.Parameters.Add (UserName,SqlDbType.VarChar,30); sqlParam sqlCmd.Parameters.Add(URLPath,SqlDbType.VarChar,40); sqlCmd.Parameters[UserName].ValuesUsrName; sqlCmd.Parameters[URLPath].ValuesAppPath;string ressqlCmd.ExecuteScalar().ToString();if(res Authorized) {return true; }else {return false; } } } } 转自http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html 感谢原作者jecray 转载于:https://www.cnblogs.com/tuyile006/archive/2007/09/10/888147.html
