介紹一下如何在asp.net中使用http moudle創(chuàng)建自定義的安全認(rèn)證

首先了解asp.net對(duì)web request的處理過程
http modules是一個(gè)實(shí)現(xiàn)了IHTTPModule接口基礎(chǔ)類. 用來處理Web Request.
asp.net內(nèi)置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我們可以修改這些現(xiàn)有的modules來增加新的功能,也可以新增modules來自定義功能.比如,我們可以自定義安全模塊利用活動(dòng)目錄.

modules在http application event觸發(fā)時(shí)被執(zhí)行
IHTTP Module有以下兩個(gè)方法
?? Init( HttpApplication objApplication)
????????? 為HttpApplication Events注冊(cè)event handler.
?? Dispose()
????????? Release the resources.

實(shí)現(xiàn)自定義custom http module的步驟
1.創(chuàng)建一個(gè)實(shí)現(xiàn)了IHTTPModule接口的類
using?System;
using?System.Web;
namespace?CustomModule
{
public?class?CustomAuthnModule?:?IHttpModule
{
public?CustomAuthnModule()
{
}
public?void?Init(HttpApplication?objHttpApp)
{
}
public?void?Dispose()
{
}
}
}?
2.在Init方法中注冊(cè)Events
public?void?Init(HttpApplication?objHttpApp)
{
objHttpApp.AuthenticateRequest+=new?EventHanlder(this.CustomAuthentication);
}?
3.編寫注冊(cè)event的處理函數(shù)
private?void?CustomAuthentication?(object?sender,EventArgs?evtArgs)
{
HttpApplication?objHttpApp=(HttpApplication)?sender;
objHttpApp.Context.Response.Write("Custom?Authentication?Module?is?Invoked");
}?
4.在GAC中加入DLL
1)創(chuàng)建一個(gè)強(qiáng)名稱文件
sn –k key.snk
2)將key文件加入到AssemblyInfo.cs的屬性AssemblyKeyFile中
3)gacutil /i CustomModule.dll

5.在web.config注冊(cè)HttpModule
<httpmodules?/><httpModules>
<add?name?="ModuleName"?type="Namespace.ClassName","AssemlbyName">
</add?>
</httpModules>?</httpModules>

實(shí)例：一個(gè)基于數(shù)據(jù)庫(kù)身份認(rèn)證的自定義Module
using?System;
using?System.Web;
using?System.Data;
using?System.Data.SqlClient;
namespace?CustomAuthorizationModule
{
public?class?CustomAuthorizationModule?:?IHttpModule
{
public?CustomAuthorizationModule()
{

}
public?void?Init(HttpApplication?objApp)
{
objApp.AuthorizeRequest?+=?new
EventHandler(this.CustomDBAuthorization);
}
public?void?Dispose()
{
}
private?void?CustomDBAuthorization(object?sender,EventArgs
evtArgs)
{
HttpApplication?objApplication?=(HttpApplication)sender;
string?sAppPath,sUsrName;
bool?bAuthorized?=?false;
sAppPath=objApplication.Request.FilePath.ToString();
sUsrName=objApplication.Request.Params[0].ToString();
bAuthorized?=?DBAuthorize(sUsrName,sAppPath);
if(bAuthorized)
{
objApplication.Context.Response.Write("Authorized?User");
}
else
{
objApplication.Context.Response.Write("UnAuthorized?User");
objApplication.Response.End();
}
}
private?string?DBAuthorize(string?sUsrName,string?sAppPath)
{
SqlConnection?sqlConn=new?SqlConnection()
sqlConn.ConnectionString="user?id=sa;Pwd=password;Data?Source=localhost;Initial

Catalog=Northwind");
SqlCommand?sqlCmd=new?SqlCommand();
SqlParameter?sqlParam=new?SqlParameter();
sqlCmd.Connection=sqlConn;
sqlConn.Open();
sqlCmd.CommandType=CommandType.StoredProcedure;
sqlCmd.CommandText="sAuthorizeURL";
sqlParam?=?sqlCmd.Parameters.Add?("@UserName",SqlDbType.VarChar,30);
sqlParam?=?sqlCmd.Parameters.Add("@URLPath",SqlDbType.VarChar,40);
sqlCmd.Parameters["@UserName"].Value=sUsrName;
sqlCmd.Parameters["@URLPath"].Value=sAppPath;
string?res=sqlCmd.ExecuteScalar().ToString();
if(res?==?"Authorized")
{
return?true;
}
else
{
return?false;
}

}
}
}?

轉(zhuǎn)自：http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感謝原作者：jecray? ！！

轉(zhuǎn)載于:https://www.cnblogs.com/tuyile006/archive/2007/09/10/888147.html

總結(jié)

以上是生活随笔為你收集整理的http modules在.net安全认证中的作用的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。