介紹一下如何在asp.net中使用http moudle創建自定義的安全認證

首先了解asp.net對web request的處理過程
http modules是一個實現了IHTTPModule接口基礎類. 用來處理Web Request.
asp.net內置的Modules有
Output Cache Module
Windows Authentication Module
Forms Authentication Module
Passport Authentication Module
URL Authorization Module
File Authorization Module
我們可以修改這些現有的modules來增加新的功能,也可以新增modules來自定義功能.比如,我們可以自定義安全模塊利用活動目錄.

modules在http application event觸發時被執行
IHTTP Module有以下兩個方法
?? Init( HttpApplication objApplication)
????????? 為HttpApplication Events注冊event handler.
?? Dispose()
????????? Release the resources.

實現自定義custom http module的步驟
1.創建一個實現了IHTTPModule接口的類
using?System;
using?System.Web;
namespace?CustomModule
{
public?class?CustomAuthnModule?:?IHttpModule
{
public?CustomAuthnModule()
{
}
public?void?Init(HttpApplication?objHttpApp)
{
}
public?void?Dispose()
{
}
}
}?
2.在Init方法中注冊Events
public?void?Init(HttpApplication?objHttpApp)
{
objHttpApp.AuthenticateRequest+=new?EventHanlder(this.CustomAuthentication);
}?
3.編寫注冊event的處理函數
private?void?CustomAuthentication?(object?sender,EventArgs?evtArgs)
{
HttpApplication?objHttpApp=(HttpApplication)?sender;
objHttpApp.Context.Response.Write("Custom?Authentication?Module?is?Invoked");
}?
4.在GAC中加入DLL
1)創建一個強名稱文件
sn –k key.snk
2)將key文件加入到AssemblyInfo.cs的屬性AssemblyKeyFile中
3)gacutil /i CustomModule.dll

5.在web.config注冊HttpModule
<httpmodules?/><httpModules>
<add?name?="ModuleName"?type="Namespace.ClassName","AssemlbyName">
</add?>
</httpModules>?</httpModules>

實例：一個基于數據庫身份認證的自定義Module
using?System;
using?System.Web;
using?System.Data;
using?System.Data.SqlClient;
namespace?CustomAuthorizationModule
{
public?class?CustomAuthorizationModule?:?IHttpModule
{
public?CustomAuthorizationModule()
{

}
public?void?Init(HttpApplication?objApp)
{
objApp.AuthorizeRequest?+=?new
EventHandler(this.CustomDBAuthorization);
}
public?void?Dispose()
{
}
private?void?CustomDBAuthorization(object?sender,EventArgs
evtArgs)
{
HttpApplication?objApplication?=(HttpApplication)sender;
string?sAppPath,sUsrName;
bool?bAuthorized?=?false;
sAppPath=objApplication.Request.FilePath.ToString();
sUsrName=objApplication.Request.Params[0].ToString();
bAuthorized?=?DBAuthorize(sUsrName,sAppPath);
if(bAuthorized)
{
objApplication.Context.Response.Write("Authorized?User");
}
else
{
objApplication.Context.Response.Write("UnAuthorized?User");
objApplication.Response.End();
}
}
private?string?DBAuthorize(string?sUsrName,string?sAppPath)
{
SqlConnection?sqlConn=new?SqlConnection()
sqlConn.ConnectionString="user?id=sa;Pwd=password;Data?Source=localhost;Initial

Catalog=Northwind");
SqlCommand?sqlCmd=new?SqlCommand();
SqlParameter?sqlParam=new?SqlParameter();
sqlCmd.Connection=sqlConn;
sqlConn.Open();
sqlCmd.CommandType=CommandType.StoredProcedure;
sqlCmd.CommandText="sAuthorizeURL";
sqlParam?=?sqlCmd.Parameters.Add?("@UserName",SqlDbType.VarChar,30);
sqlParam?=?sqlCmd.Parameters.Add("@URLPath",SqlDbType.VarChar,40);
sqlCmd.Parameters["@UserName"].Value=sUsrName;
sqlCmd.Parameters["@URLPath"].Value=sAppPath;
string?res=sqlCmd.ExecuteScalar().ToString();
if(res?==?"Authorized")
{
return?true;
}
else
{
return?false;
}

}
}
}?

轉自：http://www.cnblogs.com/jecray/archive/2007/05/27/761444.html
感謝原作者：jecray? ！！

轉載于:https://www.cnblogs.com/tuyile006/archive/2007/09/10/888147.html

總結

以上是生活随笔為你收集整理的http modules在.net安全认证中的作用的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。