Asp.Net 中使用HttpModule 做Session验证

session的检查可以考虑用一个http module挂在http pipeline上

过程如下：

1. 在Web.Config 配置：

 <httpModules>      <!--Edas Authentication-->      <add name="eDASAuthenticationModule" type="CRMWeb.eDAS.HttpModules.eDASAuthenticationModule"/>          </httpModules>

2.添加httpmodule

代码：
把验证挂在了 PreRequestHandlerExecute 上 ，因为在这一步，session才被创建。

using System.Linq;using System.Reflection;using System.Web;using CRMWeb.eDAS.Util;using CRMWeb.eDAS.Entities;namespace CRMWeb.eDAS.HttpModules{    public class eDASAuthenticationModule : IHttpModule    {        #region IHttpModule Members        public void Dispose()        {            //clean-up code here.        }        public void Init(HttpApplication context)        {            context.PreRequestHandlerExecute += (sender, args) =>                {                    var c = sender as HttpApplication;                    CheckLoginState(c);                };        }        private void CheckLoginState(HttpApplication context)        {            if (context.Request.RawUrl.LastIndexOf('/') < 0)                return;            var requestPageName = GetPageNameFromUrl(context.Request.RawUrl);            ////ALWAYS allow Access Branch Login Page            if (eDASConstants.NavigatePage.BranchLoginUrl.Contains(requestPageName))                return;            var fields = typeof(eDASConstants.NavigatePage).GetFields                (BindingFlags.Public | BindingFlags.Static);            var allPages = fields.Select((t, i) => t.GetValue(t).ToString()).ToList();            //1.indicate NOT Request branch login , check ticket            if (EdasContext.TicketInfoSession.Current == null &&                allPages.Any(p => p.Contains(requestPageName)))            {                EdasContext.ClearAll();                context.Response.Redirect(eDASConstants.NavigatePage.BranchLoginUrl);            }            //2.indicate have ticket , if want to go sales person page , let him go            if (eDASConstants.NavigatePage.SalesPersonLoginUrl.Contains(requestPageName))                return;            //if do not want to go sales person login , check sales person session            if (EdasContext.SalesPersonSession.Current == null &&                allPages.Any(p => p.Contains(requestPageName)))            {                EdasContext.ClearCurrentCustomerSession();                context.Response.Redirect(eDASConstants.NavigatePage.SalesPersonLoginUrl);            }            //indicate sales person login session & ticket both have value            //if want to go customer queue , let him go            if (eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName))                return;            //3.sales person & ticket NOT null,if still want to go anywhere NOT queue page,check session if not go back            if (EdasContext.CustomerQueueSession.Current == null &&                !eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName) &&                allPages.Any(p => p.Contains(requestPageName)))            {                EdasContext.ClearCurrentCustomerSession();                context.Response.Redirect(eDASConstants.NavigatePage.CustomerQueueInfoUrl);            }        }        private string GetPageNameFromUrl(string url)        {            var indexOfSlash = url.LastIndexOf('/');            var nameWithQuery = url.Substring(indexOfSlash, url.Length - indexOfSlash);            var indexOfParam = url.IndexOf('?');            return url.Contains("?") ? url.Substring(0, indexOfParam) : nameWithQuery;        }        #endregion    }}