Asp.Net 中使用HttpModule 做Session验证
来源:互联网 发布:sql server 分组查询 编辑:程序博客网 时间:2024/06/02 06:29
session的检查可以考虑用一个http module挂在http pipeline上
过程如下:
1. 在Web.Config 配置:
<httpModules> <!--Edas Authentication--> <add name="eDASAuthenticationModule" type="CRMWeb.eDAS.HttpModules.eDASAuthenticationModule"/> </httpModules>
2.添加httpmodule
代码:
把验证挂在了 PreRequestHandlerExecute 上 ,因为在这一步,session才被创建。
using System.Linq;using System.Reflection;using System.Web;using CRMWeb.eDAS.Util;using CRMWeb.eDAS.Entities;namespace CRMWeb.eDAS.HttpModules{ public class eDASAuthenticationModule : IHttpModule { #region IHttpModule Members public void Dispose() { //clean-up code here. } public void Init(HttpApplication context) { context.PreRequestHandlerExecute += (sender, args) => { var c = sender as HttpApplication; CheckLoginState(c); }; } private void CheckLoginState(HttpApplication context) { if (context.Request.RawUrl.LastIndexOf('/') < 0) return; var requestPageName = GetPageNameFromUrl(context.Request.RawUrl); ////ALWAYS allow Access Branch Login Page if (eDASConstants.NavigatePage.BranchLoginUrl.Contains(requestPageName)) return; var fields = typeof(eDASConstants.NavigatePage).GetFields (BindingFlags.Public | BindingFlags.Static); var allPages = fields.Select((t, i) => t.GetValue(t).ToString()).ToList(); //1.indicate NOT Request branch login , check ticket if (EdasContext.TicketInfoSession.Current == null && allPages.Any(p => p.Contains(requestPageName))) { EdasContext.ClearAll(); context.Response.Redirect(eDASConstants.NavigatePage.BranchLoginUrl); } //2.indicate have ticket , if want to go sales person page , let him go if (eDASConstants.NavigatePage.SalesPersonLoginUrl.Contains(requestPageName)) return; //if do not want to go sales person login , check sales person session if (EdasContext.SalesPersonSession.Current == null && allPages.Any(p => p.Contains(requestPageName))) { EdasContext.ClearCurrentCustomerSession(); context.Response.Redirect(eDASConstants.NavigatePage.SalesPersonLoginUrl); } //indicate sales person login session & ticket both have value //if want to go customer queue , let him go if (eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName)) return; //3.sales person & ticket NOT null,if still want to go anywhere NOT queue page,check session if not go back if (EdasContext.CustomerQueueSession.Current == null && !eDASConstants.NavigatePage.CustomerQueueInfoUrl.Contains(requestPageName) && allPages.Any(p => p.Contains(requestPageName))) { EdasContext.ClearCurrentCustomerSession(); context.Response.Redirect(eDASConstants.NavigatePage.CustomerQueueInfoUrl); } } private string GetPageNameFromUrl(string url) { var indexOfSlash = url.LastIndexOf('/'); var nameWithQuery = url.Substring(indexOfSlash, url.Length - indexOfSlash); var indexOfParam = url.IndexOf('?'); return url.Contains("?") ? url.Substring(0, indexOfParam) : nameWithQuery; } #endregion }}
0 0
- Asp.Net 中使用HttpModule 做Session验证
- Asp.Net中HttpModule过滤器的简单使用
- 有关Asp.net中Session验证问题
- asp.net使用汉字做验证码
- Asp.net 中HttpHandler,HttpModule,IHttpHandlerFactor [一]
- ASP.NET (HttpModule,HttpHandler)
- asp.net httpModule
- asp.net HttpModule类
- ASP.NET中的HttpModule
- ASP.NET (HttpModule,HttpHandler)
- ASP.NET基础 HttpModule
- asp.net httpmodule handler
- ASP.NET中使用Session常见问题集锦
- ASP.net web servie中使用session
- ASP.NET中如何正确使用Session
- ASP.NET中如何正确使用Session
- ASP.NET中如何正确使用Session
- asp.net在ashx中使用session
- CentOS安装mysql
- oracle误删数据恢复 恢复到某一时间点
- AndroidManifest.xml文件详解(meta-data)
- Android事件传递机制
- 六种异常处理的陋习(http://www.blogjava.net/freeman1984/archive/2007/09/27/148850.html)
- Asp.Net 中使用HttpModule 做Session验证
- cocos2dx socket的一个方案
- Android中针对<meta-data>怎么来使用
- ios应用在app store上升级之后,会创建新的应用文件夹
- AndroidManifest.xml
- 20140311记录
- file_operations数据结构分析
- Dedecms 文件目录结构分析
- 【CBO】配置查询优化器(参数与统计信息的调整)